SSL-certificaat van Xolphin Powered by Cloud VPS - High Availability Cloud Servers Steun Nucia, doneer!
Pagina 1 van de 2 12 LaatsteLaatste
Resultaten 1 tot 20 van de 22
  1. #1

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59

    Virus dat meldt dat de schijf te vol zit

    Geachte lezer,

    Bij voorbaat alvast bedankt voor je aandacht en hulp.

    Info systeem:
    - Desktop pc met Windows XP Professional met alle updates
    - Norman als virusscanner
    - Windows Firewall als firewall
    Verder weinig bijzonderheden.

    Sinds gisterochtend deed mijn pc al een beetje raar, Windows meldde mij dat er geen Virusscanner was geïnstalleerd, terwijl dit zeker wel het geval is namelijk Norman, onderin zag ik dat het icoontje van Norman bezig was met updaten, 'dan zal het daar wel aan liggen' dacht ik.
    De hele dag verder gegaan met af en toe achter de computer werken tot er gisteravond ineens een programma opende: Het leek een of ander diskcleaning programma dat mijn schijf ging analyseren. Snel daarna kwam er rechtsonder een informatieballon tevoorschijn met de informatie dat mijn harde schijf te vol was en kort daarna volgde nog wat foutmeldingen met soortgelijke strekking (in het Engels).
    Ik was er zeker van dat mijn schijf niet te vol zat en heb gekeken in het taakbeheer.
    Daar zag ik 2 gekke dingen; 1 daarvan was een cijfercode.exe (12123123.exe of iets dergelijks) en de tweede was een harddisk-inspectie programma, de preciese naam weet ik niet meer.
    Beide programma's meteen gesloten in het taakbeheer dat ervoor zorgde dat alle icoontjes op het bureaublad en taakbalk waren verdwenen. Toen meteen de computer opnieuw opgestart in veilige modus en nu probeer ik het euvel te verwijderen.

    Het volgende heb ik inmiddels gedaan:
    - Computer opnieuw opgestart in veilige modus
    - Spybot Search & Destroy gedraaid, deze heeft alle tijdelijke bestanden verwijderd en heeft (zoals altijd) een aantal dingen verwijderd, het waren dit keer 63 entries.
    - MBAM quickscan gedraaid; deze heeft niets gevonden.

    - Computer opnieuw opgestart in veilige modus met netwerkmogelijkheden (voor het updaten van mijn anti-spyware/anti-virussoftware)
    - Norman Virusscanner gedraaid (deze is up-to-date), na vannacht is deze klaar en heeft 13 bestanden in quarantaine gezet, waarvan hij meent dat het Trojaanse paarden zijn:
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/Emailer.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/Familie.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\2086c6a5-773f42de : gogol/PhonBook.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/Emailer.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/Familie.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\37\53c54425-55d28e8d : gogol/PhonBook.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : Is.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : MyName.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\48\6355530-4860d64a : Phone.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : Is.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : MyName.class
    C:\Documents and Settings\Robert-Jan\Application Data\Sun\Java\Deployment\cache\6.0\5\39f386c5-5e9d17ce : Phone.class
    C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\6WM52HSJ\433-direct[1].exe

    - Direct hierna MBAM geüpdate en computer opnieuw opgestart in veilige modus.
    - MBAM volledige scan gedaan maar deze heeft niets gevonden. Ik denk dat ik nog wel problemen heb dus hierbij mijn HijackThis log:


    =======================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:23, on 4-12-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    E:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alternate.nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.113.5.2:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] "D:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HDInspector.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\RarSFX0\HDInspector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SmartIndex] C:\WINDOWS\Temp\_ex-08.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-8OBU6.exe" /REG
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
    O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
    O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.alternate.nl
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O15 - Trusted IP range: http://192.168.1.254
    O15 - ESC Trusted IP range: http://192.168.1.254
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.nl/s/v/56.44/uploader2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://193.172.162.99:8080/program/SonyNetworkCameraViewer.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab
    O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} (CNeroSerialChecker Object) - http://www.nero.com/doc/NeroVersionChecker.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://188.203.191.57/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updateservice (gupdate1c9cc9318bcea24) (gupdate1c9cc9318bcea24) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
    O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - D:\Program Files\Norman\Ngs\Bin\Nnf.exe
    O23 - Service: Norman NJeeves - Norman ASA - D:\Program Files\Norman\Npm\Bin\Njeeves.exe
    O23 - Service: Norman ZANDA - Norman ASA - D:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - D:\Program Files\Norman\Ngs\Bin\Nprosec.exe
    O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - D:\Program Files\Norman\Nse\bin\NSESVC.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - D:\Program Files\Norman\npm\bin\nvoy.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - D:\Program Files\Norman\Npm\Bin\scheduler.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe

    --
    End of file - 15984 bytes


    ===============================

    Met vriendelijke groet,
    Robert-Jan

  2. #2
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download zoek.exe naar je bureaublad.
    Dubbelklik daarna zoek.exe om deze te starten.
    Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
    Een bestand met de naam "input.txt" zal openen.
    Kopieer hier de volgende code in:
    Code:
    C:\WINDOWS\xmsat4Sw.dll;
    C:\WINDOWS\Temp\_ex-08.exe;
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe;
    C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe;
    Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
    Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

  3. #3

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Hierbij de log van Zoek.exe (uitgevoerd in veilige modus)

    ==================
    Zoek.exe by smeenk
    Updated 03-12-2010
    ==================
    Deleting files\folders

    "C:\WINDOWS\Temp\_ex-08.exe" not found
    "C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe" not found
    "C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe" not found
    "C:\WINDOWS\xmsat4Sw.dll" deleted


    ------------

    Mvg, Robert-Jan

  4. #4
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Dubbelklik opnieuw Zoek.exe om deze te starten.
    Typ A gevolgd door Enter om de "Standard search" te starten.
    Wacht geduldig tot het CMD-venster sluit en een kladblokvenster opent.
    Selecteer de volledige inhoud van het log en kopieer dit in je volgende bericht.

  5. #5

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Hierbij de log:

    ==================
    Zoek.exe by smeenk
    Updated 03-12-2010
    ======C:\WINDOWS====
    ----a-w 0 2010-12-05 09:07:08 C:\WINDOWS\0.log
    --s-a-w 2,048 2010-12-05 09:06:38 C:\WINDOWS\bootstat.dat
    ----a-w 711,168 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.exe
    ----a-w 399 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.lst
    ----a-w 11,793 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.msg
    ----a-w 787,680 2010-12-05 09:14:26 C:\WINDOWS\ntbtlog.txt
    ----a-w 633 2010-11-10 15:36:23 C:\WINDOWS\ODBC.INI
    ----a-w 32,624 2010-12-03 20:48:11 C:\WINDOWS\SchedLgU.Txt
    ----a-w 449,162 2010-12-02 15:51:36 C:\WINDOWS\setupapi.log
    ----a-w 8,405,015 2010-12-03 17:11:13 C:\WINDOWS\TempFile
    ----a-w 63 2010-11-10 15:35:20 C:\WINDOWS\vbaddin.ini
    ----a-w 215 2010-12-03 20:48:12 C:\WINDOWS\wiadebug.log
    ----a-w 49 2010-12-03 17:11:19 C:\WINDOWS\wiaservc.log
    ----a-w 1,392 2010-11-10 15:37:06 C:\WINDOWS\win.ini
    ----a-w 1,991,940 2010-12-04 21:24:12 C:\WINDOWS\WindowsUpdate.log

    ======C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp====
    ----a-w 155 2010-12-04 18:10:40 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\input.txt
    ----a-w 1,327 2010-12-05 09:14:36 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\log.txt
    ----a-w 311,296 2010-12-04 09:07:08 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\~DF2C64.tmp
    ----a-w 65,536 2010-12-04 09:18:51 C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\~DF345C.tmp

    ======C:\WINDOWS\system32=====

    ======C:\WINDOWS\system32\drivers=====
    ======C:\WINDOWS\Tasks======
    ----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
    ----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
    ----a-w 472 2010-12-03 17:40:25 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
    ----a-w 472 2010-12-03 17:40:26 C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
    ----a-w 472 2010-12-03 17:40:26 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    ----a-w 968 2010-12-03 19:50:50 C:\WINDOWS\Tasks\Google Software Updater.job
    ----a-w 1,038 2010-12-03 17:13:55 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    ----a-w 1,042 2010-12-03 20:05:00 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    ---ha-w 330 2010-12-05 09:10:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    ----a-w 236 2010-12-03 17:13:55 C:\WINDOWS\Tasks\OGALogon.job
    ---ha-w 6 2010-12-03 20:48:11 C:\WINDOWS\Tasks\SA.DAT
    ---ha-w 464 2010-12-03 17:15:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A692B50B-E9BF-40BF-B3A8-87796F0036BA}.job

    ======C:\WINDOWS\Temp======
    ----a-w 4,380 2010-12-04 18:24:53 C:\WINDOWS\Temp\MpCmdRun.log
    ----a-w 483 2010-12-05 09:07:05 C:\WINDOWS\Temp\WGAErrLog.txt

    =======C:\Program Files=====
    =======C:=====
    ----a-w 3,024 2010-11-09 19:04:51 C:\bar.emf
    --sha-w 2,145,386,496 2010-12-05 09:06:30 C:\pagefile.sys

    ======C:\Documents and Settings\Robert-Jan\Application Data======
    ----a-w 27,039 2010-11-10 13:53:35 C:\Documents and Settings\Robert-Jan\Application Data\phpdesigner.xml

    ======C:\Documents and Settings\Robert-Jan======
    ---ha-w 17,301,504 2010-12-04 21:24:12 C:\Documents and Settings\Robert-Jan\NTUSER.DAT
    ---ha-w 106,496 2010-12-05 09:14:29 C:\Documents and Settings\Robert-Jan\ntuser.dat.LOG
    --sh--w 188 2010-12-04 21:24:12 C:\Documents and Settings\Robert-Jan\ntuser.ini

    ======C:\WINDOWS\Downloaded Program Files====
    =============
    ======C:====
    ----a-w 73,000 2010-11-17 16:28:53 C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.1.0.54\SetupAdmin.exe
    ----a-w 6,153,352 2010-12-04 09:07:04 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    ----a-w 22,016 2010-12-03 20:17:31 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe
    ----a-w 77,312 2010-12-03 20:17:43 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe
    ----a-w 0 2010-12-03 20:18:19 C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe
    ----a-w 6,153,352 2010-12-04 09:07:04 C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\70R4VNAX\mbam-setup[1].exe
    ----a-w 5,227,019 2010-11-17 19:33:54 C:\Documents and Settings\Robert-Jan\Mijn documenten\Downloads\namebench-1.3.1-Windows.exe
    ----a-w 716,624 2010-12-04 09:07:07 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
    ----a-w 4,302,000 2010-11-17 16:39:09 C:\Program Files\Spotify\spotify.exe
    ----a-w 711,168 2010-12-04 09:07:14 C:\WINDOWS\is-8OBU6.exe
    ----a-w 530,832 2010-12-03 05:33:01 C:\WINDOWS\SoftwareDistribution\Download\Install\mpas-d_bd1.exe

    =============
    ----a-w 10,752 2010-12-03 17:17:32 C:\Documents and Settings\Robert-Jan\Local Settings\Temporary Internet Files\Content.IE5\I0R4V594\AdRendererFactory[1].dll

    =============

    =============
    ----a-w 712 2010-12-04 09:07:14 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
    ----a-w 712 2010-12-04 09:07:13 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
    ----a-w 736 2010-12-04 09:07:14 C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware\Verwijder Malwarebytes' Anti-Malware.lnk
    ----a-w 2,527 2010-12-02 14:58:03 C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office Word 2007.lnk
    ----a-w 805 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Bureaublad\Disk Doctor.lnk
    ----a-w 817 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Menu Start\Programma's\Disk Doctor\Disk Doctor.lnk
    ----a-w 889 2010-12-03 20:47:06 C:\Documents and Settings\Robert-Jan\Menu Start\Programma's\Disk Doctor\Uninstall Disk Doctor.lnk
    ----a-w 438 2010-12-02 17:24:50 C:\Documents and Settings\Robert-Jan\Onlangs geopend\authenticatie4.php.lnk
    ----a-w 582 2010-12-02 21:16:53 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Bedrijfskundig verslag _opzet.doc.lnk
    ----a-w 372 2010-12-02 21:16:53 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Cinevideogroup.lnk
    ----a-w 358 2010-12-02 17:15:28 C:\Documents and Settings\Robert-Jan\Onlangs geopend\config.lnk
    ----a-w 415 2010-12-02 17:25:03 C:\Documents and Settings\Robert-Jan\Onlangs geopend\connect.php.lnk
    ----a-w 432 2010-12-02 17:25:07 C:\Documents and Settings\Robert-Jan\Onlangs geopend\connect_eind.php.lnk
    ----a-w 185 2010-12-04 18:11:32 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Cruzer .lnk
    ----a-w 469 2010-12-02 17:26:38 C:\Documents and Settings\Robert-Jan\Onlangs geopend\database informatie.txt.lnk
    ----a-w 415 2010-12-02 17:25:09 C:\Documents and Settings\Robert-Jan\Onlangs geopend\grafiek.php.lnk
    ----a-w 324 2010-12-04 12:40:36 C:\Documents and Settings\Robert-Jan\Onlangs geopend\hijackthis_04122010.log.lnk
    ----a-w 290 2010-12-02 16:58:46 C:\Documents and Settings\Robert-Jan\Onlangs geopend\hilversum_uren.lnk
    ----a-w 407 2010-12-02 17:25:14 C:\Documents and Settings\Robert-Jan\Onlangs geopend\index.php (2).lnk
    ----a-w 314 2010-12-04 18:11:32 C:\Documents and Settings\Robert-Jan\Onlangs geopend\input tekst RJ.txrt.txt.lnk
    ----a-w 412 2010-12-02 17:24:40 C:\Documents and Settings\Robert-Jan\Onlangs geopend\iphone.css.lnk
    ----a-w 534 2010-12-03 20:17:18 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Kim.lnk
    ----a-w 744 2010-12-04 12:53:56 C:\Documents and Settings\Robert-Jan\Onlangs geopend\mbam-log-2010-12-04 (12-47-01).txt.lnk
    ----a-w 628 2010-12-02 15:51:05 C:\Documents and Settings\Robert-Jan\Onlangs geopend\sneeuw achtergrond.jpg.lnk
    ----a-w 441 2010-12-02 17:23:03 C:\Documents and Settings\Robert-Jan\Onlangs geopend\speciale_tekens.php.lnk
    ----a-w 435 2010-12-02 17:23:48 C:\Documents and Settings\Robert-Jan\Onlangs geopend\tijdconversie.txt.lnk
    ----a-w 438 2010-12-02 17:23:22 C:\Documents and Settings\Robert-Jan\Onlangs geopend\tijd_conversie.php.lnk
    ----a-w 438 2010-12-02 17:23:37 C:\Documents and Settings\Robert-Jan\Onlangs geopend\toevoegen_ipod.php.lnk
    ----a-w 420 2010-12-02 17:23:50 C:\Documents and Settings\Robert-Jan\Onlangs geopend\vergroot.php.lnk
    ----a-w 200 2010-12-02 17:33:55 C:\Documents and Settings\Robert-Jan\Onlangs geopend\Web op 'Media (192.168.1.88)' (W) (3).lnk

    =============
    --sha-w 2,145,386,496 2010-12-05 09:06:30 C:\pagefile.sys

    =============

  6. #6
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    http://virscan.org/
    http://www.virustotal.com/index.html

    Zou je onderstaande bestanden bij één van bovenstaande websites willen uploaden om te laten scannen:

    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe
    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe
    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe
    C:\WINDOWS\is-8OBU6.exe

  7. #7

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Hierbij de logjes, het derde bestand wat je noemde kon niet worden gescand omdat het bestand niet kon worden gevonden.
    Vanaf donderdag ben ik pas weer bij de computer en zal ik weer verdere stappen kunnen ondernemen.
    Alvast bedankt voor je inzet!

    VirSCAN.org Scanned Report :
    Scanned time : 2010/12/06 10:34:42 (CET)
    Scanner results: 28% van de scanners (10/36) detecteerde malware!
    File Name : KB11225515.exe
    File Size : 22016 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 4728042bea5fb6b91c1e1fed78e3d76e
    SHA1 : c700b886670899294a0b594c33bd75f2267e9b05
    Online report : http://virscan.org/report/71fbdee69a...0f8a4f7ab.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.20 20101204011638 2010-12-04 5.21 Trojan.Win32.FakeAV!IK
    AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 1.62 -
    AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.28 -
    Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
    Arcavir 2010 201012061427 2010-12-06 0.01 -
    Authentium 5.1.1 201012051833 2010-12-05 1.40 -
    AVAST! 4.7.4 101205-1 2010-12-05 0.01 -
    AVG 8.5.850 271.1.1/3299 2010-12-06 0.26 Pakes.HWT
    BitDefender 7.90123.6368844 7.34928 2010-12-06 6.12 -
    ClamAV 0.96.3 12360 2010-12-06 0.01 -
    Comodo 4.0 6966 2010-12-06 0.95 -
    CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.04 -
    Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.16 -
    F-Prot 4.4.4.56 20101205 2010-12-05 1.31 -
    F-Secure 7.02.73807 2010.12.06.07 2010-12-06 0.13 Trojan.Win32.FakeAV.vyk [AVP]
    Fortinet 4.2.254 12.637 2010-12-05 0.22 W32/FakeAV.EE!tr
    GData 21.1231/21.522 20101206 2010-12-06 8.00 Trojan.Win32.FakeAV.vyk [Engine:A]
    ViRobot 20101204 2010.12.04 2010-12-04 0.60 -
    Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.39 Trojan.Win32.FakeAV
    JiangMin 13.0.900 2010.11.30 2010-11-30 1.39 -
    Kaspersky 5.5.10 2010.12.06 2010-12-06 0.08 Trojan.Win32.FakeAV.vyk
    KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.67 -
    McAfee 5400.1158 6188 2010-12-05 18.33 -
    Microsoft 1.6402 2010.12.06 2010-12-06 5.95 VirTool:Win32/Obfuscator.JL(Suspicious)
    Norman 6.06.11 6.06.00 2010-12-03 2.01 -
    Panda 9.05.01 2010.12.03 2010-12-03 0.67 -
    Trend Micro 9.120-1004 7.682.01 2010-12-05 0.03 -
    Quick Heal 11.00 2010.12.04 2010-12-04 0.94 -
    Rising 20.0 22.76.06.03 2010-12-05 2.32 -
    Sophos 3.14.1 4.60 2010-12-06 2.96 Mal/FakeAV-EE
    Sunbelt 3.9.2459.2 7530 2010-12-05 0.68 Trojan.Win32.Generic!BT
    Symantec 1.3.0.24 20101205.002 2010-12-05 0.07 -
    nProtect 20101206.01 9269328 2010-12-06 11.60 -
    The Hacker 6.7.0.1 v00095 2010-12-05 0.41 -
    VBA32 3.12.14.2 20101203.1003 2010-12-03 7.18 -
    VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 2.61 -



    VirSCAN.org Scanned Report :
    Scanned time : 2010/12/06 10:37:42 (CET)
    Scanner results: 33% van de scanners (12/36) detecteerde malware!
    File Name : KB11237406.exe
    File Size : 77312 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : da88f752d21d2b97643b9d7aaad7c11c
    SHA1 : fca1839d2b4e8ddd5838c29d958d4b8176b08409
    Online report : http://virscan.org/report/2a20333e7d...d473737ae.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.20 20101204011638 2010-12-04 5.58 Trojan.Win32.Hiloti!IK
    AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 2.60 -
    AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.32 TR/Crypt.XPACK.Gen
    Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
    Arcavir 2010 201012061427 2010-12-06 0.01 -
    Authentium 5.1.1 201012051833 2010-12-05 1.39 -
    AVAST! 4.7.4 101205-1 2010-12-05 0.01 -
    AVG 8.5.850 271.1.1/3299 2010-12-06 0.25 Hiloti.BY
    BitDefender 7.90123.6368844 7.34928 2010-12-06 5.93 Gen:Variant.Kazy.3274
    ClamAV 0.96.3 12360 2010-12-06 0.02 -
    Comodo 4.0 6966 2010-12-06 0.95 TrojWare.Win32.TrojanDownloader.Mufanom.GEN
    CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.06 -
    Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.10 -
    F-Prot 4.4.4.56 20101205 2010-12-05 1.31 -
    F-Secure 7.02.73807 2010.12.06.07 2010-12-06 0.13 -
    Fortinet 4.2.254 12.637 2010-12-05 1.75 -
    GData 21.1231/21.522 20101206 2010-12-06 9.71 -
    ViRobot 20101204 2010.12.04 2010-12-04 0.38 -
    Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.46 Trojan.Win32.Hiloti
    JiangMin 13.0.900 2010.11.30 2010-11-30 1.89 -
    Kaspersky 5.5.10 2010.12.06 2010-12-06 0.09 -
    KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.83 -
    McAfee 5400.1158 6188 2010-12-05 18.55 Hiloti.gen.i
    Microsoft 1.6402 2010.12.06 2010-12-06 3.58 Trojan:Win32/Hiloti.gen!D
    Norman 6.06.11 6.06.00 2010-12-03 2.01 -
    Panda 9.05.01 2010.12.03 2010-12-03 0.59 -
    Trend Micro 9.120-1004 7.682.01 2010-12-05 0.03 TROJ_HILOTI.SMEO
    Quick Heal 11.00 2010.12.04 2010-12-04 0.99 -
    Rising 20.0 22.76.06.03 2010-12-05 2.02 -
    Sophos 3.14.1 4.60 2010-12-06 2.95 Mal/Hiloti-D
    Sunbelt 3.9.2459.2 7530 2010-12-05 0.74 -
    Symantec 1.3.0.24 20101205.002 2010-12-05 0.06 -
    nProtect 20101206.01 9269328 2010-12-06 12.02 Gen:Variant.Kazy.3274
    The Hacker 6.7.0.1 v00095 2010-12-05 0.41 -
    VBA32 3.12.14.2 20101203.1003 2010-12-03 3.14 -
    VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 2.59 Trojan.Hiloti.Gen!Pac



    VirSCAN.org Scanned Report :
    Scanned time : 2010/12/06 10:43:09 (CET)
    Scanner results: Geen enkele scanner vond malware!
    File Name : is-8OBU6.exe
    File Size : 711168 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 296a2fac6a99515a8a57d6af147890e6
    SHA1 : 44e5e5bedf8527fd15a25ff0fab1cd8cd34b82a8
    Online report : http://virscan.org/report/f5a1214a2f...7cec44598.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.0.0.20 20101204011638 2010-12-04 5.15 -
    AhnLab V3 2010.11.23.01 2010.11.23 2010-11-23 1.44 -
    AntiVir 8.2.4.120 7.10.14.191 2010-12-05 0.29 -
    Antiy 2.0.18 20101206.6136793 2010-12-06 0.02 -
    Arcavir 2010 201012061427 2010-12-06 0.00 -
    Authentium 5.1.1 201012051833 2010-12-05 5.58 -
    AVAST! 4.7.4 101205-1 2010-12-05 0.07 -
    AVG 8.5.850 271.1.1/3299 2010-12-06 0.28 -
    BitDefender 7.90123.6368844 7.34928 2010-12-06 5.91 -
    ClamAV 0.96.3 12360 2010-12-06 0.22 -
    Comodo 4.0 6966 2010-12-06 0.95 -
    CP Secure 1.3.0.5 2010.12.06 2010-12-06 0.12 -
    Dr.Web 5.0.2.3300 2010.12.06 2010-12-06 10.29 -
    F-Prot 4.4.4.56 20101205 2010-12-05 5.12 -
    F-Secure 7.02.73807 2010.12.06.07 2010-12-06 11.62 -
    Fortinet 4.2.254 12.637 2010-12-05 0.22 -
    GData 21.1231/21.522 20101206 2010-12-06 8.07 -
    ViRobot 20101204 2010.12.04 2010-12-04 0.36 -
    Ikarus T3.1.32.15.0 2010.12.06.77297 2010-12-06 5.68 -
    JiangMin 13.0.900 2010.11.30 2010-11-30 1.39 -
    Kaspersky 5.5.10 2010.12.06 2010-12-06 0.15 -
    KingSoft 2009.2.5.15 2010.12.6.16 2010-12-06 0.75 -
    McAfee 5400.1158 6188 2010-12-05 18.05 -
    Microsoft 1.6402 2010.12.06 2010-12-06 3.41 -
    Norman 6.06.11 6.06.00 2010-12-03 2.01 -
    Panda 9.05.01 2010.12.03 2010-12-03 0.60 -
    Trend Micro 9.120-1004 7.682.01 2010-12-05 0.05 -
    Quick Heal 11.00 2010.12.04 2010-12-04 1.13 -
    Rising 20.0 22.76.06.03 2010-12-05 2.21 -
    Sophos 3.14.1 4.60 2010-12-06 2.99 -
    Sunbelt 3.9.2459.2 7530 2010-12-05 0.93 -
    Symantec 1.3.0.24 20101205.002 2010-12-05 0.06 -
    nProtect 20101206.01 9269328 2010-12-06 10.33 -
    The Hacker 6.7.0.1 v00095 2010-12-05 0.44 -
    VBA32 3.12.14.2 20101203.1003 2010-12-03 3.60 -
    VirusBuster 4.5.11.10 10.130.40/2019691 2010-12-06 7.01 -

  8. #8
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Dubbelklik zoek.exe opnieuw om deze te starten.
    Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
    Een bestand met de naam "input.txt" zal openen.
    Kopieer hier de volgende code in:
    Code:
    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe;
    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe;
    C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe;
    Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
    Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.


    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
    DDS - Techsupport download: http://www.techsupportforum.com/sectools/sUBs/dds
    DDS - Bleeping download: http://download.bleepingcomputer.com/sUBs/dds.scr
    DDS - Forospyware Download: http://www.forospyware.com/sUBs/dds
    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.
    Post beide logjes in je volgende bericht.
    Laatst gewijzigd door smeenk; 06-12-10 om 11:23.

  9. #9

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Excuses voor het late reageren maar dank voor je reactie!

    Hierbij de log van de zoek.exe:

    ==================
    Zoek.exe by smeenk
    Updated 03-12-2010
    ==================
    Deleting files\folders

    "C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11225515.exe" deleted
    "C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11237406.exe" deleted
    "C:\Documents and Settings\Robert-Jan\Application Data\Adobe\plugs\KB11274343.exe" deleted


    [In het venster van de zoek.exe zei hij wel 'file not found' of iets dergelijks...]

    En in de bijlage zitten de DDS.txt en Attach.txt
    Nog een laatste opmerking, in het mapje Robert-Jan/opstarten kun je een 'share.bat' voorbij zien komen, deze heb ik zelf aangemaakt en is dus niks kwaads.

    Alvast bedankt!
    Bijgevoegde Bestanden Bijgevoegde Bestanden

  10. #10
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Download TDSSKiller en plaats het op je bureaublad.
    Pak de bestanden in tdsskiller.zip uit.
    Open de map tdsskiller en Rechtsklik op TDSSKiller.exe Uitvoeren als Administrator (alleen voor Vista en Win7 gebruikers) om de tool te starten.
    Klik op de knop "Start Scan" en volg de instructies.
    Wanneer de scan klaar is klik je op de knop "Report".
    Er opent een kladblokbestand. Post de inhoud van dit bestand.

    Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

  11. #11

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Klein vraagje; mag dit onder Veilige modus (met netwerkmogelijkheden)? Of moet dit onder normale opstartmodus?

    Ik vind persoonlijk de veilige modus wel zo veilig

  12. #12
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Probeer maar in veilige modus, geeft het programma aan dat het niet kan werken in veilige modus, dan zal je het alsnog in normale modus moeten doen.

  13. #13

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Programma gedraaid in veilige modus, geen meldingen oid.
    Aan het eind van het scannen heeft hij volgens mij 1 ding gevonden, toen vroeg hij of ik de computer opnieuw op wilde starten en dat heb ik gedaan (wederom in veilige modus).
    Maar het programma startte zelf niet automatisch meer op, dus moest mijn log zoeken, gelukkig stond deze opgeslagen op de C:/ schijf, hierbij de log:



    2010/12/10 10:41:28.0015 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/10 10:41:28.0015 ================================================================================
    2010/12/10 10:41:28.0015 SystemInfo:
    2010/12/10 10:41:28.0015
    2010/12/10 10:41:28.0015 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/10 10:41:28.0015 Product type: Workstation
    2010/12/10 10:41:28.0015 ComputerName: MONTAGE_DS
    2010/12/10 10:41:28.0015 UserName: Robert-Jan
    2010/12/10 10:41:28.0015 Windows directory: C:\WINDOWS
    2010/12/10 10:41:28.0015 System windows directory: C:\WINDOWS
    2010/12/10 10:41:28.0015 Processor architecture: Intel x86
    2010/12/10 10:41:28.0015 Number of processors: 4
    2010/12/10 10:41:28.0015 Page size: 0x1000
    2010/12/10 10:41:28.0015 Boot type: Safe boot with network
    2010/12/10 10:41:28.0015 ================================================================================
    2010/12/10 10:41:28.0390 Initialize success
    2010/12/10 10:41:40.0562 ================================================================================
    2010/12/10 10:41:40.0562 Scan started
    2010/12/10 10:41:40.0562 Mode: Manual;
    2010/12/10 10:41:40.0562 ================================================================================
    2010/12/10 10:41:45.0406 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2010/12/10 10:41:45.0500 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/10 10:41:45.0546 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/10 10:41:45.0609 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
    2010/12/10 10:41:45.0734 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/10 10:41:45.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/10 10:41:45.0937 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2010/12/10 10:41:46.0078 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/10 10:41:46.0203 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    2010/12/10 10:41:46.0265 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/10 10:41:46.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/10 10:41:46.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/10 10:41:46.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/10 10:41:46.0515 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2010/12/10 10:41:46.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/10 10:41:46.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/10 10:41:46.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/10 10:41:46.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/10 10:41:46.0859 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/10 10:41:46.0921 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    2010/12/10 10:41:46.0937 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/10 10:41:47.0109 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
    2010/12/10 10:41:47.0234 DigiNet (ca0e55b8570e3f4baf8855c3d78e9cc5) C:\WINDOWS\system32\DRIVERS\diginet.sys
    2010/12/10 10:41:47.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/10 10:41:47.0312 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/10 10:41:47.0359 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/10 10:41:47.0390 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/10 10:41:47.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/10 10:41:47.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/10 10:41:47.0593 Dtu2xx (3b0f1d1f0ea575fd63821724b034a208) C:\WINDOWS\system32\DRIVERS\Dtu2xx.sys
    2010/12/10 10:41:47.0734 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    2010/12/10 10:41:47.0812 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
    2010/12/10 10:41:47.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/10 10:41:47.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/10 10:41:47.0906 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/10 10:41:47.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/10 10:41:47.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/12/10 10:41:48.0015 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/10 10:41:48.0062 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
    2010/12/10 10:41:48.0078 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/10 10:41:48.0109 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
    2010/12/10 10:41:48.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/10 10:41:48.0203 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    2010/12/10 10:41:48.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/10 10:41:48.0375 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    2010/12/10 10:41:48.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/10 10:41:48.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/10 10:41:48.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/10 10:41:48.0625 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/10 10:41:48.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/10 10:41:48.0750 InCDfs (914b9bd741189335c1f8d0cceda8b639) C:\WINDOWS\system32\drivers\InCDFs.sys
    2010/12/10 10:41:48.0781 InCDPass (4750cb7883952f873f778bdcf09e6c93) C:\WINDOWS\system32\drivers\InCDPass.sys
    2010/12/10 10:41:48.0812 InCDRec (4fadcd138c649545bfa9dc3bbc8fee0d) C:\WINDOWS\system32\drivers\InCDRec.sys
    2010/12/10 10:41:48.0843 incdrm (efe97b244c8dc63600777207df6afac1) C:\WINDOWS\system32\drivers\InCDRm.sys
    2010/12/10 10:41:49.0000 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/12/10 10:41:49.0125 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/10 10:41:49.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/12/10 10:41:49.0171 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/10 10:41:49.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/10 10:41:49.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/10 10:41:49.0281 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/10 10:41:49.0312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/10 10:41:49.0359 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/10 10:41:49.0375 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/10 10:41:49.0437 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/10 10:41:49.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/10 10:41:49.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/10 10:41:49.0781 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2010/12/10 10:41:49.0875 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2010/12/10 10:41:49.0968 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2010/12/10 10:41:50.0031 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2010/12/10 10:41:50.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/10 10:41:50.0125 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/10 10:41:50.0171 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2010/12/10 10:41:50.0250 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/10 10:41:50.0265 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/10 10:41:50.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/10 10:41:50.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/10 10:41:50.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/10 10:41:50.0421 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2010/12/10 10:41:50.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/10 10:41:50.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/10 10:41:50.0546 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/10 10:41:50.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/10 10:41:50.0625 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/10 10:41:50.0671 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/10 10:41:50.0718 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/10 10:41:50.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/10 10:41:50.0828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/10 10:41:50.0875 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/10 10:41:50.0984 Ndiskio (725123f7aebfef717e3f26b25b149d7a) D:\Program Files\Norman\Nse\bin\NDISKIO.SYS
    2010/12/10 10:41:51.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/10 10:41:51.0078 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/10 10:41:51.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/10 10:41:51.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/10 10:41:51.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/10 10:41:51.0187 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/10 10:41:51.0328 NGS (490757522cded90e6af55dab943ba828) d:\program files\norman\ngs\bin\ngs.sys
    2010/12/10 10:41:51.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/10 10:41:51.0437 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2010/12/10 10:41:51.0578 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
    2010/12/10 10:41:51.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/10 10:41:51.0718 NPROSEC (ba4c6064927240c29f389263edba0ef6) D:\Program Files\Norman\Ngs\Bin\nprosec.sys
    2010/12/10 10:41:51.0781 nregsec (da2d5dfcacded9614667e851d52048aa) D:\Program Files\Norman\Ngs\Bin\nregsec.sys
    2010/12/10 10:41:51.0875 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/10 10:41:51.0937 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/10 10:41:52.0156 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/12/10 10:41:52.0328 NvcMFlt (ca7d649203aa8472bbdb07ee1f9c7612) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
    2010/12/10 10:41:52.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/10 10:41:52.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/10 10:41:52.0453 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/10 10:41:52.0500 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    2010/12/10 10:41:52.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/10 10:41:52.0578 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/10 10:41:52.0593 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/10 10:41:52.0656 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/10 10:41:52.0687 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/10 10:41:52.0781 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
    2010/12/10 10:41:52.0953 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/10 10:41:53.0015 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2010/12/10 10:41:53.0078 ProDisc (c4a73bc2790377833d072017594cffaa) C:\WINDOWS\system32\DRIVERS\ProDisc.sys
    2010/12/10 10:41:53.0109 ProDscFS (2d5a8de6e7f59c9e77f007199766d4a8) C:\WINDOWS\system32\drivers\ProDscFS.sys
    2010/12/10 10:41:53.0125 ProDscFT (b0720855eb9090422dd7a4dbc922ad4e) C:\WINDOWS\system32\drivers\ProDscFT.sys
    2010/12/10 10:41:53.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/10 10:41:53.0187 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/10 10:41:53.0218 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/10 10:41:53.0281 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
    2010/12/10 10:41:53.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/10 10:41:53.0515 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/10 10:41:53.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/10 10:41:53.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/10 10:41:53.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/10 10:41:53.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/10 10:41:53.0687 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/10 10:41:53.0734 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/10 10:41:53.0765 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/10 10:41:53.0859 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2010/12/10 10:41:53.0875 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/12/10 10:41:53.0906 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/12/10 10:41:53.0984 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    2010/12/10 10:41:54.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/10 10:41:54.0093 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/10 10:41:54.0156 Serial (ddb032b5dc45dca340ff96212248df70) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
    2010/12/10 10:41:54.0187 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/10 10:41:54.0265 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/10 10:41:54.0359 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    2010/12/10 10:41:54.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/10 10:41:54.0562 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/12/10 10:41:54.0609 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/10 10:41:54.0671 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/10 10:41:54.0718 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/10 10:41:54.0781 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/10 10:41:54.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/10 10:41:54.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/10 10:41:55.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/10 10:41:55.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/10 10:41:55.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/10 10:41:55.0109 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/10 10:41:55.0187 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys
    2010/12/10 10:41:55.0250 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/10 10:41:55.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/10 10:41:55.0390 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/12/10 10:41:55.0437 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/12/10 10:41:55.0484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/10 10:41:55.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/10 10:41:55.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/10 10:41:55.0609 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/10 10:41:55.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/10 10:41:55.0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/10 10:41:55.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/10 10:41:55.0718 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/10 10:41:55.0765 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
    2010/12/10 10:41:55.0796 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    2010/12/10 10:41:55.0828 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    2010/12/10 10:41:55.0843 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    2010/12/10 10:41:55.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/10 10:41:55.0937 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/10 10:41:56.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/10 10:41:56.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/10 10:41:56.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/10 10:41:56.0203 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
    2010/12/10 10:41:56.0250 YMIDUSB (6e04f159b0ffcb2d72a2b149553ef6fc) C:\WINDOWS\system32\Drivers\ymidusb.sys
    2010/12/10 10:41:56.0343 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/10 10:41:56.0375 ================================================================================
    2010/12/10 10:41:56.0375 Scan finished
    2010/12/10 10:41:56.0375 ================================================================================
    2010/12/10 10:41:56.0390 Detected object count: 1
    2010/12/10 10:42:00.0031 \HardDisk1 - will be cured after reboot
    2010/12/10 10:42:00.0031 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
    2010/12/10 10:42:08.0562 Deinitialize success



    Met vriendelijke groet,
    Robert-Jan

  14. #14
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Maak even een nieuw logje met DDS en post dat in je volgende bericht.

  15. #15

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Hij heeft niets verkeerds gevonden maar hierbij de nieuwe log:


    2010/12/10 18:31:26.0375 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/10 18:31:26.0375 ================================================================================
    2010/12/10 18:31:26.0375 SystemInfo:
    2010/12/10 18:31:26.0375
    2010/12/10 18:31:26.0375 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/10 18:31:26.0375 Product type: Workstation
    2010/12/10 18:31:26.0375 ComputerName: MONTAGE_DS
    2010/12/10 18:31:26.0375 UserName: Robert-Jan
    2010/12/10 18:31:26.0375 Windows directory: C:\WINDOWS
    2010/12/10 18:31:26.0375 System windows directory: C:\WINDOWS
    2010/12/10 18:31:26.0375 Processor architecture: Intel x86
    2010/12/10 18:31:26.0375 Number of processors: 4
    2010/12/10 18:31:26.0375 Page size: 0x1000
    2010/12/10 18:31:26.0375 Boot type: Safe boot with network
    2010/12/10 18:31:26.0375 ================================================================================
    2010/12/10 18:31:26.0765 Initialize success
    2010/12/10 18:31:28.0781 ================================================================================
    2010/12/10 18:31:28.0781 Scan started
    2010/12/10 18:31:28.0781 Mode: Manual;
    2010/12/10 18:31:28.0781 ================================================================================
    2010/12/10 18:31:31.0265 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2010/12/10 18:31:31.0343 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/10 18:31:31.0375 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/10 18:31:31.0437 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
    2010/12/10 18:31:31.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/10 18:31:31.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/10 18:31:31.0765 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2010/12/10 18:31:31.0906 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/12/10 18:31:32.0031 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
    2010/12/10 18:31:32.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/10 18:31:32.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/10 18:31:32.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/10 18:31:32.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/10 18:31:32.0343 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2010/12/10 18:31:32.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/10 18:31:32.0546 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/10 18:31:32.0578 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/12/10 18:31:32.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/10 18:31:32.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/10 18:31:32.0734 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    2010/12/10 18:31:32.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/10 18:31:32.0937 cvintdrv (310c5ec0b4278211089f0a5e915d025f) C:\WINDOWS\system32\drivers\cvintdrv.sys
    2010/12/10 18:31:33.0078 DigiNet (ca0e55b8570e3f4baf8855c3d78e9cc5) C:\WINDOWS\system32\DRIVERS\diginet.sys
    2010/12/10 18:31:33.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/10 18:31:33.0156 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/10 18:31:33.0187 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/10 18:31:33.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/10 18:31:33.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/10 18:31:33.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/10 18:31:33.0421 Dtu2xx (3b0f1d1f0ea575fd63821724b034a208) C:\WINDOWS\system32\DRIVERS\Dtu2xx.sys
    2010/12/10 18:31:33.0546 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    2010/12/10 18:31:33.0625 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
    2010/12/10 18:31:33.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/10 18:31:33.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/10 18:31:33.0750 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/10 18:31:33.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/10 18:31:33.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/12/10 18:31:33.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/10 18:31:33.0890 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
    2010/12/10 18:31:33.0937 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/10 18:31:33.0968 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
    2010/12/10 18:31:34.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/10 18:31:34.0046 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    2010/12/10 18:31:34.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/10 18:31:34.0218 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    2010/12/10 18:31:34.0265 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/10 18:31:34.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/10 18:31:34.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/10 18:31:34.0468 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/10 18:31:34.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/10 18:31:34.0562 InCDfs (914b9bd741189335c1f8d0cceda8b639) C:\WINDOWS\system32\drivers\InCDFs.sys
    2010/12/10 18:31:34.0593 InCDPass (4750cb7883952f873f778bdcf09e6c93) C:\WINDOWS\system32\drivers\InCDPass.sys
    2010/12/10 18:31:34.0609 InCDRec (4fadcd138c649545bfa9dc3bbc8fee0d) C:\WINDOWS\system32\drivers\InCDRec.sys
    2010/12/10 18:31:34.0640 incdrm (efe97b244c8dc63600777207df6afac1) C:\WINDOWS\system32\drivers\InCDRm.sys
    2010/12/10 18:31:34.0812 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/12/10 18:31:34.0968 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/10 18:31:35.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/12/10 18:31:35.0015 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/10 18:31:35.0031 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/10 18:31:35.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/10 18:31:35.0125 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/10 18:31:35.0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/10 18:31:35.0203 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/10 18:31:35.0218 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/10 18:31:35.0281 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/10 18:31:35.0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/10 18:31:35.0359 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/10 18:31:35.0593 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    2010/12/10 18:31:35.0687 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    2010/12/10 18:31:35.0796 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2010/12/10 18:31:35.0875 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
    2010/12/10 18:31:35.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/10 18:31:35.0968 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/10 18:31:36.0031 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2010/12/10 18:31:36.0093 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/10 18:31:36.0109 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/10 18:31:36.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/10 18:31:36.0187 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/10 18:31:36.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/10 18:31:36.0312 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2010/12/10 18:31:36.0343 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/10 18:31:36.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/10 18:31:36.0437 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/10 18:31:36.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/10 18:31:36.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/10 18:31:36.0578 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/12/10 18:31:36.0609 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/10 18:31:36.0640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/12/10 18:31:36.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/10 18:31:36.0765 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/12/10 18:31:36.0890 Ndiskio (725123f7aebfef717e3f26b25b149d7a) D:\Program Files\Norman\Nse\bin\NDISKIO.SYS
    2010/12/10 18:31:36.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/10 18:31:36.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/10 18:31:37.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/10 18:31:37.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/10 18:31:37.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/10 18:31:37.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/10 18:31:37.0312 NGS (490757522cded90e6af55dab943ba828) d:\program files\norman\ngs\bin\ngs.sys
    2010/12/10 18:31:37.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/12/10 18:31:37.0437 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2010/12/10 18:31:37.0562 NPF (c5f0202a00227aecb69e722c52385ffc) C:\WINDOWS\system32\drivers\npf.sys
    2010/12/10 18:31:37.0609 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/10 18:31:37.0703 NPROSEC (ba4c6064927240c29f389263edba0ef6) D:\Program Files\Norman\Ngs\Bin\nprosec.sys
    2010/12/10 18:31:37.0750 nregsec (da2d5dfcacded9614667e851d52048aa) D:\Program Files\Norman\Ngs\Bin\nregsec.sys
    2010/12/10 18:31:37.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/10 18:31:37.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/10 18:31:38.0156 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/12/10 18:31:38.0359 NvcMFlt (ca7d649203aa8472bbdb07ee1f9c7612) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
    2010/12/10 18:31:38.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/10 18:31:38.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/10 18:31:38.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/12/10 18:31:38.0546 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    2010/12/10 18:31:38.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/10 18:31:38.0593 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/10 18:31:38.0625 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/10 18:31:38.0671 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/10 18:31:38.0703 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/10 18:31:38.0796 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
    2010/12/10 18:31:38.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/10 18:31:39.0031 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    2010/12/10 18:31:39.0093 ProDisc (c4a73bc2790377833d072017594cffaa) C:\WINDOWS\system32\DRIVERS\ProDisc.sys
    2010/12/10 18:31:39.0171 ProDscFS (2d5a8de6e7f59c9e77f007199766d4a8) C:\WINDOWS\system32\drivers\ProDscFS.sys
    2010/12/10 18:31:39.0218 ProDscFT (b0720855eb9090422dd7a4dbc922ad4e) C:\WINDOWS\system32\drivers\ProDscFT.sys
    2010/12/10 18:31:39.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/10 18:31:39.0312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/10 18:31:39.0343 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/12/10 18:31:39.0421 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
    2010/12/10 18:31:39.0656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/10 18:31:39.0671 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/10 18:31:39.0718 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/10 18:31:39.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/10 18:31:39.0781 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/10 18:31:39.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/10 18:31:39.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/10 18:31:39.0906 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/10 18:31:39.0953 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/10 18:31:40.0046 RTL8023xp (69ee1e8dc0c750a5d03739e6e9429959) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    2010/12/10 18:31:40.0062 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2010/12/10 18:31:40.0109 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/12/10 18:31:40.0156 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    2010/12/10 18:31:40.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/10 18:31:40.0265 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/10 18:31:40.0328 Serial (ddb032b5dc45dca340ff96212248df70) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
    2010/12/10 18:31:40.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/10 18:31:40.0437 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/12/10 18:31:40.0515 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    2010/12/10 18:31:40.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/10 18:31:40.0703 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/12/10 18:31:40.0750 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/10 18:31:40.0796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/10 18:31:40.0843 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/12/10 18:31:40.0906 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/10 18:31:40.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/10 18:31:41.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/10 18:31:41.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/10 18:31:41.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/10 18:31:41.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/10 18:31:41.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/10 18:31:41.0328 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys
    2010/12/10 18:31:41.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/10 18:31:41.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/12/10 18:31:41.0578 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/12/10 18:31:41.0640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/12/10 18:31:41.0687 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/10 18:31:41.0750 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/10 18:31:41.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/10 18:31:41.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/10 18:31:41.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/10 18:31:41.0859 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/10 18:31:41.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/10 18:31:42.0000 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/10 18:31:42.0046 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
    2010/12/10 18:31:42.0109 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    2010/12/10 18:31:42.0125 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    2010/12/10 18:31:42.0140 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    2010/12/10 18:31:42.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/10 18:31:42.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/10 18:31:42.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/12/10 18:31:42.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/10 18:31:42.0437 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/10 18:31:42.0515 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
    2010/12/10 18:31:42.0562 YMIDUSB (6e04f159b0ffcb2d72a2b149553ef6fc) C:\WINDOWS\system32\Drivers\ymidusb.sys
    2010/12/10 18:31:42.0687 ================================================================================
    2010/12/10 18:31:42.0687 Scan finished
    2010/12/10 18:31:42.0687 ================================================================================



  16. #16
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Ik ga er van uit dat het nu weer OK is

    Zet systeemherstel uit, herstart daana je computer en zet na de herstart je systeemherstel weer aan.
    Lees hier hoe en waarom je dit moet doen:
    http://users.telenet.be/marcvn/spyware/1852808.htm

    Groeten smeenk

  17. #17

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    Ik ben er helaas nog niet helemaal zeker van dat het opgelost is. In bijgevoegd HijackThis log zie ik de volgende (volgens mij) verdachte dingen staan:

    O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
    O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
    O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe

    Kun jij mij vertellen of ik zo "clean" ben?

    Met vriendelijke groet,
    Robert-Jan
    Bijgevoegde Bestanden Bijgevoegde Bestanden

  18. #18
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Klopt, je hebt gelijk, al zijn het geen actieve infecties maar slechts restantjes in het register.

    Start HijackThis en vink de volgende regels aan:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.113.5.2:80
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [HDInspector.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\RarSFX0\HDInspector.exe
    O4 - HKCU\..\Run: [Frakilexexexiv] rundll32.exe "C:\WINDOWS\xmsat4Sw.dll",Startup
    O4 - HKCU\..\Run: [QgLxTtISjh.exe] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\QgLxTtISjh.exe
    O4 - HKCU\..\Run: [11265296] C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\11265296.exe

    Klik vervolgens op de knop "Fix checked" om de geselecteerde regels te verwijderen.

    Herstart de computer en post een nieuw logje van HijackThis ter controle, vertel ook of je nog problemen ondervindt.

  19. #19

    Technische vaardigheid
    3. Medium
    Besturingssysteem
    Windows XP Home/Pro
    Antivirus
    Norman
    Firewall
    Windows Firewall
    Berichten
    59
    De regels heb ik verwijderd en pc opnieuw opgestart in normale modus.

    Hij begon (na aanmelding) met de volgende foutmelding:

    16-bits MS-DOS-subsysteem

    C:\WINDOWS\Sysvxd.exe
    De NTVDM-CPU heeft een ongeldige instructie aangetroffen
    CS:0000 IP:0320 OP:00 00 00 00 00 Kies Sluiten om de toepassing af te sluiten

    [Sluiten] [Negeren]



    Op sluiten geklikt en verder geen problemen meer ondervonden van die melding.

    Op het bureaublad nog een snelkoppeling gevonden genaamd 'Disk Doctor' en deze verwees naar "C:\Documents and Settings\Robert-Jan\Local Settings\temp\11265296.exe". Deze snelkoppeling heb ik inmiddels verwijderd.

    Toen ik een HijackThis log had gemaakt kwam mijn virusscanner (Norman) met de volgende melding:

    De virusscanner heeft een Trojaans paard gedectecteerd en dit in quarantaine geplaatst.
    Locatie: C:\WINDOWS\system32\config\scvhost.exe

    Als ik klik op sluiten en opnieuw een HijackThis log ga maken komt Norman opnieuw met dezelfde melding. Zal ik Norman de C-schijf eens laten scannen in veilige modus?
    Laat maar weten, in de bijlage de HijackThis log.
    Bijgevoegde Bestanden Bijgevoegde Bestanden

  20. #20
    Schermafbeelding van smeenk
    Technische vaardigheid
    5. Expert
    Antivirus
    Ms Security Essentials
    Firewall
    Windows Firewall
    Berichten
    34.930
    Blog Berichten
    2
    Die had ik in eerdere logjes nog niet gezien

    Dubbelklik zoek.exe opnieuw om deze te starten.
    Typ C gevolgd door Enter om "Delete Files/Folders" te starten.
    Een bestand met de naam "input.txt" zal openen.
    Kopieer hier de volgende code in:
    Code:
    C:\WINDOWS\Sysvxd.exe;
    C:\WINDOWS\system32\config\scvhost.exe;
    Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
    Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

    Herstart daarna je computer.

    Post na de herstart een nieuw logje van HijackThis.

Pagina 1 van de 2 12 LaatsteLaatste

Forum Rechten

  • Je mag geen nieuwe onderwerpen plaatsen
  • Je mag geen reacties plaatsen
  • Je mag geen bijlagen toevoegen
  • Je mag jouw berichten niet wijzigen