Mededeling

Collapse
No announcement yet.

XP Antivirus 2012

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • XP Antivirus 2012

    Mijn PC is momenteel geinfecteerd met "XP Antivirus 2012".
    Ik kon niets doen, telkens als ik naar het internet ging kreeg ik valse virusmeldingen, en kon niet verder. Defogger, mbam-setup-1.60.0.1800.exe.exe, .... wil niet opstarten.
    Ik heb op mijn andere PC gelezen dat atj.exe een van de verdachte files was en heb deze verwijderd via taakbeheer. Met Antivir (parapluutje) heb ik ook enkele files kunnen verwijderen. De valse meldingen blijven momenteel weg,
    maar als ik nu bovenstaande exe files wil uitvoeren, krijg ik steeds de vraag met welk programma ik dit wil doen, ...

    Hoe kan ik dit oplossen?

  • #2
    Kan je hier wat mee: http://www.nucia.eu/forum/showthread.php?t=62198 ??

    Groeten smeenk

    Comment


    • #3
      Hoi Smeenk, het gaat al heel wat beter nu. De exe_lnk_fix.com heeft de exe's hersteld (langzaam, duurde misschien wel 10 minuten eer dit helemaal ok was) en vanaf dan kon ik de andere programmaatjes laten lopen.
      defogger liep ok
      malware bytes vond 7 infecties, zie onderaan.
      DDS logje heb ik ook toegevoegd, evenals GMER logje.
      Ik heb de internet geschiedenis gewist en een update gedaan van Java. Tijdens de gmer scan heeft Antivir nog enkele probleemfiles verwijderd.


      Defogger heeft de emulatie nog steeds uitstaan.

      Probleem opgelost nu??

      Johan








      Malwarebytes Anti-Malware 1.60.0.1800www.malwarebytes.org

      Databaseversie: v2012.01.18.04

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      XP-Gebruiker :: PC001 [administrator]

      18/01/2012 20:45:10
      mbam-log-2012-01-18 (20-45-10).txt

      Scantype: Snelle scan
      Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scanopties: P2P
      Objecten gescand: 185628
      Verstreken tijd: 15 minuut/minuten, 59 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 1
      HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerwaarden gedetecteerd: 1
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Documents and Settings\XP-Gebruiker\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe" -> Succesvol in quarantaine geplaatst en verwijderd.

      Registerdata gedetecteerd: 4
      HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Slecht: ("C:\Documents and Settings\XP-Gebruiker\Local Settings\Application Data\atj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Goed: (iexplore.exe) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 1
      C:\Documents and Settings\XP-Gebruiker\Local Settings\Temp\msimg32.dll (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd.

      (einde)


      .
      DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702
      Run by XP-Gebruiker at 21:35:42 on 2012-01-18
      Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1791.1156 [GMT 1:00]
      .
      AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
      .
      ============== Running Processes ===============
      .
      C:\WINDOWS\system32\svchost -k DcomLaunch
      svchost.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      svchost.exe
      svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      svchost.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Microsoft SQL Server\MSSQL10_50.ATX\MSSQL\Binn\sqlservr.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
      C:\Program Files\Fighters\sfus.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\Program Files\Fighters\FighterSuiteService.exe
      C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\Program Files\Fighters\sfagent.exe
      C:\Program Files\Belgium Identity Card\beid35gui.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\BrowserCompanion\BCHelper.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
      C:\DOCUME~1\XP-GEB~1\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.be/
      uWindow Title = Windows Internet Explorer wordt aangeboden door ilse media
      uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
      BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
      BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
      BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
      BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
      BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
      BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
      BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\toolbar\searchqudtx.dll
      BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi9130~1\datamngr\IEBHO.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
      BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
      TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\toolbar\searchqudtx.dll
      TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
      TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
      TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
      uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
      uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
      mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
      mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
      mRun: [nwiz] nwiz.exe /install
      mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
      mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
      mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
      mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
      mRun: [LManager] c:\progra~1\launch~1\LManager.exe
      mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
      mRun: [sfagent] c:\program files\fighters\sfagent.exe
      mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
      mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
      mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
      mRun: [RTHDCPL] RTHDCPL.EXE
      mRun: [Alcmtr] ALCMTR.EXE
      mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
      StartupFolder: c:\docume~1\xp-geb~1\menust~1\progra~1\opstar~1\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
      IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
      IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
      DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
      DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202644588500
      DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235503527314&h=25756c92ef02defbba784deca0a5cd4e/&filename=jinstall-6u12-windows-i586-jc.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
      TCP: DhcpNameServer = 192.168.1.254
      TCP: Interfaces\{F7F09886-4211-4118-8407-5B4603AF67BC} : DhcpNameServer = 192.168.1.254
      Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
      Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
      Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
      AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\iebho.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-19 11608]
      R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-19 136360]
      R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-19 269480]
      R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 66616]
      R2 MSSQL$ATX;SQL Server (ATX);c:\program files\microsoft sql server\mssql10_50.atx\mssql\binn\sqlservr.exe [2011-4-24 42872672]
      R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\sfus.exe [2010-11-12 214664]
      R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-11-12 1145992]
      S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
      S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
      S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
      S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
      S4 SQLAgent$ATX;SQL Server Agent (ATX);c:\program files\microsoft sql server\mssql10_50.atx\mssql\binn\SQLAGENT.EXE [2011-4-24 367456]
      .
      =============== Created Last 30 ================
      .
      2012-01-18 19:40:53 -------- d-----w- c:\documents and settings\xp-gebruiker\application data\Malwarebytes
      2012-01-18 19:40:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
      2012-01-18 19:40:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-01-18 19:40:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2012-01-18 19:23:15 -------- d-----w- c:\program files\Nucia
      2012-01-15 20:59:56 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
      2012-01-12 17:39:07 -------- d-----w- c:\documents and settings\xp-gebruiker\local settings\application data\SanctionedMedia
      .
      ==================== Find3M ====================
      .
      2011-11-25 21:57:58 293888 ----a-w- c:\windows\system32\winsrv.dll
      2011-11-23 14:40:48 1859712 ----a-w- c:\windows\system32\win32k.sys
      2011-11-20 06:12:53 60928 ----a-w- c:\windows\system32\packager.exe
      2011-11-04 19:13:23 916992 ----a-w- c:\windows\system32\wininet.dll
      2011-11-04 19:13:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2011-11-04 19:13:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2011-11-04 11:25:39 385024 ----a-w- c:\windows\system32\html.iec
      2011-11-03 15:29:18 386560 ----a-w- c:\windows\system32\qdvd.dll
      2011-11-03 15:29:18 1296384 ----a-w- c:\windows\system32\quartz.dll
      2011-11-01 16:07:16 1288192 ----a-w- c:\windows\system32\ole32.dll
      2011-10-28 05:32:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
      2011-10-26 10:50:01 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
      2011-10-26 10:50:01 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
      .
      ============= FINISH: 21:37:02,26 ===============






      GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-01-19 21:57:15
      Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-22UST0 rev.01.01A01
      Running: gmer.exe; Driver: C:\DOCUME~1\XP-GEB~1\LOCALS~1\Temp\pxtdapog.sys


      ---- System - GMER 1.0.15 ----

      SSDT BA7EC4D4 ZwClose
      SSDT BA7EC48E ZwCreateKey
      SSDT BA7EC4DE ZwCreateSection
      SSDT BA7EC484 ZwCreateThread
      SSDT BA7EC493 ZwDeleteKey
      SSDT BA7EC49D ZwDeleteValueKey
      SSDT BA7EC4CF ZwDuplicateObject
      SSDT BA7EC4A2 ZwLoadKey
      SSDT BA7EC470 ZwOpenProcess
      SSDT BA7EC475 ZwOpenThread
      SSDT BA7EC4AC ZwReplaceKey
      SSDT BA7EC4A7 ZwRestoreKey
      SSDT BA7EC4E3 ZwSetContextThread
      SSDT BA7EC498 ZwSetValueKey
      SSDT BA7EC47F ZwTerminateProcess

      ---- Kernel code sections - GMER 1.0.15 ----

      .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DDA360, 0x305A87, 0xE8000020]

      ---- Devices - GMER 1.0.15 ----

      AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
      AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
      AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

      ---- EOF - GMER 1.0.15 ----

      Comment


      • #4
        Hoi Johan, fijn te horen dat het al een stuk beter gaat
        MalwareBytes heeft ook al flink wat weg kunnen nemen, zie ik.

        We gaan nog even checken op rootkitachtige infecties:

        Download TDSSKStarter naar het bureaublad.

        "TDSSKStarter.exe" gebruiken:
        • Sluit nu eerst alle nog openstaande programmavensters!
          • Windows 2000 en Windows XP: start het tool middels dubbelklik op "TDSSKStarter.exe".
          • Windows Vista en Windows 7: start het tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
        • Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
        • Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.

        Groeten smeenk

        Comment


        • #5
          Hierbij het gevraagde rapportje.

          16:06:55.0953 0568 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
          16:06:55.0953 0568 ============================================================
          16:06:55.0953 0568 Current date / time: 2012/01/20 16:06:55.0953
          16:06:55.0953 0568 SystemInfo:
          16:06:55.0953 0568
          16:06:55.0953 0568 OS Version: 5.1.2600 ServicePack: 3.0
          16:06:55.0953 0568 Product type: Workstation
          16:06:55.0953 0568 ComputerName: PC001
          16:06:55.0953 0568 UserName: XP-Gebruiker
          16:06:55.0953 0568 Windows directory: C:\WINDOWS
          16:06:55.0953 0568 System windows directory: C:\WINDOWS
          16:06:55.0953 0568 Processor architecture: Intel x86
          16:06:55.0953 0568 Number of processors: 2
          16:06:55.0953 0568 Page size: 0x1000
          16:06:55.0953 0568 Boot type: Normal boot
          16:06:55.0953 0568 ============================================================
          16:06:57.0718 0568 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
          16:06:57.0843 0568 Initialize success
          16:06:57.0859 3116 ============================================================
          16:06:57.0859 3116 Scan started
          16:06:57.0859 3116 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
          16:06:57.0859 3116 ============================================================
          16:06:58.0656 3116 Abiosdsk - ok
          16:06:58.0671 3116 abp480n5 - ok
          16:06:58.0703 3116 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
          16:07:00.0125 3116 ACPI - ok
          16:07:00.0187 3116 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
          16:07:00.0359 3116 ACPIEC - ok
          16:07:00.0359 3116 adpu160m - ok
          16:07:00.0406 3116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
          16:07:00.0562 3116 aec - ok
          16:07:00.0609 3116 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
          16:07:00.0687 3116 AFD - ok
          16:07:00.0687 3116 Aha154x - ok
          16:07:00.0703 3116 aic78u2 - ok
          16:07:00.0703 3116 aic78xx - ok
          16:07:00.0718 3116 AliIde - ok
          16:07:00.0750 3116 AmdK8 (36a86e1291d6f289cb05d514a0f231b8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
          16:07:00.0812 3116 AmdK8 - ok
          16:07:00.0812 3116 amsint - ok
          16:07:00.0875 3116 AR5211 (9108f38c07f4953ea4ee89243e787cad) C:\WINDOWS\system32\DRIVERS\ar5211.sys
          16:07:00.0953 3116 AR5211 - ok
          16:07:01.0046 3116 AR5416 (ae49d9e42ef34aef32151bd0983f5862) C:\WINDOWS\system32\DRIVERS\ar5416.sys
          16:07:01.0234 3116 AR5416 ( UnsignedFile.Multi.Generic ) - warning
          16:07:01.0234 3116 AR5416 - detected UnsignedFile.Multi.Generic (1)
          16:07:01.0281 3116 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
          16:07:01.0437 3116 Arp1394 - ok
          16:07:01.0437 3116 asc - ok
          16:07:01.0453 3116 asc3350p - ok
          16:07:01.0453 3116 asc3550 - ok
          16:07:01.0500 3116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
          16:07:01.0640 3116 AsyncMac - ok
          16:07:01.0656 3116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
          16:07:01.0796 3116 atapi - ok
          16:07:01.0812 3116 Atdisk - ok
          16:07:01.0859 3116 athr (b0c272def210b149c0bfa0d85600ce4b) C:\WINDOWS\system32\DRIVERS\athr.sys
          16:07:01.0953 3116 athr - ok
          16:07:01.0984 3116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
          16:07:02.0140 3116 Atmarpc - ok
          16:07:02.0187 3116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
          16:07:02.0328 3116 audstub - ok
          16:07:02.0390 3116 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
          16:07:02.0406 3116 avgio - ok
          16:07:02.0437 3116 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
          16:07:05.0218 3116 avgntflt - ok
          16:07:05.0234 3116 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
          16:07:05.0265 3116 avipbb - ok
          16:07:05.0328 3116 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
          16:07:05.0406 3116 BCM43XX - ok
          16:07:05.0437 3116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
          16:07:05.0593 3116 Beep - ok
          16:07:05.0640 3116 btaudio (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys
          16:07:05.0671 3116 btaudio ( UnsignedFile.Multi.Generic ) - warning
          16:07:05.0671 3116 btaudio - detected UnsignedFile.Multi.Generic (1)
          16:07:05.0703 3116 BTDriver (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
          16:07:05.0734 3116 BTDriver ( UnsignedFile.Multi.Generic ) - warning
          16:07:05.0734 3116 BTDriver - detected UnsignedFile.Multi.Generic (1)
          16:07:05.0765 3116 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
          16:07:05.0812 3116 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
          16:07:05.0812 3116 BTKRNL - detected UnsignedFile.Multi.Generic (1)
          16:07:05.0859 3116 BTSERIAL (6d9f1d03d4eba886e1626d856762b4f0) C:\WINDOWS\system32\drivers\btserial.sys
          16:07:05.0859 3116 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
          16:07:05.0859 3116 BTSERIAL - detected UnsignedFile.Multi.Generic (1)
          16:07:05.0906 3116 BTWDNDIS (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
          16:07:05.0937 3116 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
          16:07:05.0937 3116 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
          16:07:05.0984 3116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
          16:07:06.0125 3116 cbidf2k - ok
          16:07:06.0171 3116 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
          16:07:06.0296 3116 CCDECODE - ok
          16:07:06.0328 3116 cd20xrnt - ok
          16:07:06.0343 3116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
          16:07:06.0484 3116 Cdaudio - ok
          16:07:06.0515 3116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
          16:07:06.0640 3116 Cdfs - ok
          16:07:06.0671 3116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
          16:07:06.0796 3116 Cdrom - ok
          16:07:06.0796 3116 Changer - ok
          16:07:06.0828 3116 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
          16:07:06.0953 3116 CmBatt - ok
          16:07:06.0968 3116 CmdIde - ok
          16:07:06.0984 3116 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
          16:07:07.0109 3116 Compbatt - ok
          16:07:07.0125 3116 Cpqarray - ok
          16:07:07.0125 3116 dac2w2k - ok
          16:07:07.0140 3116 dac960nt - ok
          16:07:07.0156 3116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
          16:07:07.0281 3116 Disk - ok
          16:07:07.0312 3116 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
          16:07:07.0375 3116 DKbFltr - ok
          16:07:07.0421 3116 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
          16:07:07.0609 3116 dmboot - ok
          16:07:07.0640 3116 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
          16:07:07.0781 3116 dmio - ok
          16:07:07.0796 3116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
          16:07:07.0937 3116 dmload - ok
          16:07:07.0968 3116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
          16:07:08.0093 3116 DMusic - ok
          16:07:08.0109 3116 dpti2o - ok
          16:07:08.0171 3116 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
          16:07:08.0187 3116 DritekPortIO - ok
          16:07:08.0203 3116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
          16:07:08.0343 3116 drmkaud - ok
          16:07:08.0406 3116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
          16:07:08.0546 3116 Fastfat - ok
          16:07:08.0562 3116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
          16:07:08.0687 3116 Fdc - ok
          16:07:08.0703 3116 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
          16:07:08.0828 3116 Fips - ok
          16:07:08.0843 3116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
          16:07:08.0984 3116 Flpydisk - ok
          16:07:09.0015 3116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
          16:07:09.0140 3116 FltMgr - ok
          16:07:09.0156 3116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
          16:07:09.0312 3116 Fs_Rec - ok
          16:07:09.0328 3116 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
          16:07:09.0484 3116 Ftdisk - ok
          16:07:09.0500 3116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
          16:07:09.0640 3116 Gpc - ok
          16:07:09.0671 3116 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
          16:07:09.0796 3116 HDAudBus - ok
          16:07:09.0812 3116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
          16:07:09.0937 3116 HidUsb - ok
          16:07:09.0953 3116 hpn - ok
          16:07:09.0984 3116 HSFHWAZL (7d33d2b81bd8b4bc51b536b113295d51) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
          16:07:10.0031 3116 HSFHWAZL - ok
          16:07:10.0093 3116 HSF_DPV (fb6ad8a16e22c91d5978b26e0300a331) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
          16:07:10.0218 3116 HSF_DPV - ok
          16:07:10.0265 3116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
          16:07:10.0312 3116 HTTP - ok
          16:07:10.0312 3116 i2omgmt - ok
          16:07:10.0328 3116 i2omp - ok
          16:07:10.0359 3116 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
          16:07:10.0500 3116 i8042prt - ok
          16:07:10.0515 3116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
          16:07:10.0640 3116 Imapi - ok
          16:07:10.0656 3116 ini910u - ok
          16:07:10.0687 3116 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
          16:07:10.0703 3116 int15 - ok
          16:07:10.0875 3116 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
          16:07:11.0156 3116 IntcAzAudAddService - ok
          16:07:11.0171 3116 IntelIde - ok
          16:07:11.0203 3116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
          16:07:11.0328 3116 Ip6Fw - ok
          16:07:11.0359 3116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
          16:07:11.0515 3116 IpFilterDriver - ok
          16:07:11.0546 3116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
          16:07:11.0671 3116 IpInIp - ok
          16:07:11.0703 3116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
          16:07:11.0828 3116 IpNat - ok
          16:07:11.0859 3116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
          16:07:11.0984 3116 IPSec - ok
          16:07:12.0015 3116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
          16:07:12.0125 3116 IRENUM - ok
          16:07:12.0156 3116 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
          16:07:12.0296 3116 isapnp - ok
          16:07:12.0328 3116 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
          16:07:12.0437 3116 Kbdclass - ok
          16:07:12.0468 3116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
          16:07:12.0640 3116 kmixer - ok
          16:07:12.0750 3116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
          16:07:12.0843 3116 KSecDD - ok
          16:07:12.0859 3116 lbrtfdc - ok
          16:07:12.0890 3116 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
          16:07:12.0921 3116 mdmxsdk - ok
          16:07:12.0953 3116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
          16:07:13.0093 3116 mnmdd - ok
          16:07:13.0140 3116 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
          16:07:13.0265 3116 Modem - ok
          16:07:13.0281 3116 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
          16:07:13.0406 3116 Mouclass - ok
          16:07:13.0437 3116 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
          16:07:13.0593 3116 mouhid - ok
          16:07:13.0609 3116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
          16:07:13.0734 3116 MountMgr - ok
          16:07:13.0734 3116 mraid35x - ok
          16:07:13.0765 3116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
          16:07:13.0906 3116 MRxDAV - ok
          16:07:13.0968 3116 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
          16:07:14.0078 3116 MRxSmb - ok
          16:07:14.0093 3116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
          16:07:14.0218 3116 Msfs - ok
          16:07:14.0250 3116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
          16:07:14.0359 3116 MSKSSRV - ok
          16:07:14.0390 3116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
          16:07:14.0515 3116 MSPCLOCK - ok
          16:07:14.0531 3116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
          16:07:14.0640 3116 MSPQM - ok
          16:07:14.0671 3116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
          16:07:14.0796 3116 mssmbios - ok
          16:07:14.0812 3116 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
          16:07:14.0937 3116 MSTEE - ok
          16:07:14.0984 3116 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
          16:07:15.0078 3116 Mup - ok
          16:07:15.0109 3116 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
          16:07:15.0250 3116 NABTSFEC - ok
          16:07:15.0281 3116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
          16:07:15.0421 3116 NDIS - ok
          16:07:15.0453 3116 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
          16:07:15.0578 3116 NdisIP - ok
          16:07:15.0609 3116 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
          16:07:15.0718 3116 NdisTapi - ok
          16:07:15.0734 3116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
          16:07:15.0859 3116 Ndisuio - ok
          16:07:15.0890 3116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
          16:07:16.0015 3116 NdisWan - ok
          16:07:16.0046 3116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
          16:07:16.0125 3116 NDProxy - ok
          16:07:16.0140 3116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
          16:07:16.0265 3116 NetBIOS - ok
          16:07:16.0296 3116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
          16:07:16.0437 3116 NetBT - ok
          16:07:16.0468 3116 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
          16:07:16.0609 3116 NIC1394 - ok
          16:07:16.0625 3116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
          16:07:16.0750 3116 Npfs - ok
          16:07:16.0781 3116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
          16:07:16.0968 3116 Ntfs - ok
          16:07:16.0984 3116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
          16:07:17.0125 3116 Null - ok
          16:07:17.0343 3116 nv (1605ee0d2bbd67974dd2ef589359503e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
          16:07:17.0953 3116 nv - ok
          16:07:18.0031 3116 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
          16:07:18.0062 3116 nvata - ok
          16:07:18.0109 3116 NVENETFD (89fa84c4887ec984a002a518258499fe) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
          16:07:18.0156 3116 NVENETFD - ok
          16:07:18.0171 3116 nvnetbus (aa91a32a36e2cb3f06223056f6668e8f) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
          16:07:18.0203 3116 nvnetbus - ok
          16:07:18.0250 3116 nvport (d020735b3af8c54715c30c9a5679bc66) C:\WINDOWS\system32\Drivers\nvport.sys
          16:07:18.0281 3116 nvport ( UnsignedFile.Multi.Generic ) - warning
          16:07:18.0281 3116 nvport - detected UnsignedFile.Multi.Generic (1)
          16:07:18.0312 3116 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
          16:07:18.0312 3116 nvsmu ( UnsignedFile.Multi.Generic ) - warning
          16:07:18.0312 3116 nvsmu - detected UnsignedFile.Multi.Generic (1)
          16:07:18.0343 3116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
          16:07:18.0484 3116 NwlnkFlt - ok
          16:07:18.0515 3116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
          16:07:18.0656 3116 NwlnkFwd - ok
          16:07:18.0703 3116 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
          16:07:18.0828 3116 ohci1394 - ok
          16:07:18.0875 3116 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
          16:07:19.0000 3116 Parport - ok
          16:07:19.0031 3116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
          16:07:19.0156 3116 PartMgr - ok
          16:07:19.0187 3116 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
          16:07:19.0343 3116 ParVdm - ok
          16:07:19.0375 3116 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
          16:07:19.0500 3116 PCI - ok
          16:07:19.0515 3116 PCIDump - ok
          16:07:19.0546 3116 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
          16:07:19.0687 3116 PCIIde - ok
          16:07:19.0703 3116 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
          16:07:19.0859 3116 Pcmcia - ok
          16:07:19.0890 3116 PDCOMP - ok
          16:07:19.0890 3116 PDFRAME - ok
          16:07:19.0906 3116 PDRELI - ok
          16:07:19.0921 3116 PDRFRAME - ok
          16:07:19.0921 3116 perc2 - ok
          16:07:19.0937 3116 perc2hib - ok
          16:07:19.0984 3116 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
          16:07:20.0000 3116 pfc ( UnsignedFile.Multi.Generic ) - warning
          16:07:20.0000 3116 pfc - detected UnsignedFile.Multi.Generic (1)
          16:07:20.0031 3116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
          16:07:20.0171 3116 PptpMiniport - ok
          16:07:20.0187 3116 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
          16:07:20.0296 3116 Processor - ok
          16:07:20.0312 3116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
          16:07:20.0437 3116 PSched - ok
          16:07:20.0468 3116 psdfilter (00b670d8a36c7134cfc66b446a18cc92) C:\WINDOWS\system32\Drivers\psdfilter.sys
          16:07:20.0484 3116 psdfilter ( UnsignedFile.Multi.Generic ) - warning
          16:07:20.0484 3116 psdfilter - detected UnsignedFile.Multi.Generic (1)
          16:07:20.0515 3116 psdvdisk (e9a60343cb7c39090638b1dd574f26eb) C:\WINDOWS\system32\Drivers\psdvdisk.sys
          16:07:20.0531 3116 psdvdisk ( UnsignedFile.Multi.Generic ) - warning
          16:07:20.0531 3116 psdvdisk - detected UnsignedFile.Multi.Generic (1)
          16:07:20.0562 3116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
          16:07:20.0734 3116 Ptilink - ok
          16:07:20.0750 3116 ql1080 - ok
          16:07:20.0750 3116 Ql10wnt - ok
          16:07:20.0765 3116 ql12160 - ok
          16:07:20.0781 3116 ql1240 - ok
          16:07:20.0781 3116 ql1280 - ok
          16:07:20.0812 3116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
          16:07:20.0953 3116 RasAcd - ok
          16:07:20.0984 3116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
          16:07:21.0109 3116 Rasl2tp - ok
          16:07:21.0109 3116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
          16:07:21.0234 3116 RasPppoe - ok
          16:07:21.0250 3116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
          16:07:21.0390 3116 Raspti - ok
          16:07:21.0421 3116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
          16:07:21.0562 3116 Rdbss - ok
          16:07:21.0578 3116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
          16:07:21.0750 3116 RDPCDD - ok
          16:07:21.0765 3116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
          16:07:21.0968 3116 rdpdr - ok
          16:07:22.0015 3116 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
          16:07:22.0062 3116 RDPWD - ok
          16:07:22.0093 3116 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
          16:07:22.0218 3116 redbook - ok
          16:07:22.0265 3116 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
          16:07:22.0312 3116 rimmptsk - ok
          16:07:22.0328 3116 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
          16:07:22.0375 3116 rimsptsk - ok
          16:07:22.0390 3116 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
          16:07:22.0437 3116 rismxdp - ok
          16:07:22.0500 3116 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
          16:07:22.0531 3116 RsFx0150 - ok
          16:07:22.0546 3116 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
          16:07:22.0671 3116 sdbus - ok
          16:07:22.0703 3116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
          16:07:22.0828 3116 Secdrv - ok
          16:07:22.0875 3116 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys
          16:07:23.0015 3116 Serial - ok
          16:07:23.0031 3116 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
          16:07:23.0156 3116 sffdisk - ok
          16:07:23.0171 3116 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
          16:07:23.0281 3116 sffp_sd - ok
          16:07:23.0312 3116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
          16:07:23.0437 3116 Sfloppy - ok
          16:07:23.0453 3116 Simbad - ok
          16:07:23.0484 3116 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
          16:07:23.0609 3116 SLIP - ok
          16:07:23.0625 3116 Sparrow - ok
          16:07:23.0640 3116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
          16:07:23.0765 3116 splitter - ok
          16:07:23.0796 3116 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
          16:07:23.0921 3116 sr - ok
          16:07:23.0968 3116 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
          16:07:24.0062 3116 Srv - ok
          16:07:24.0109 3116 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
          16:07:24.0125 3116 ssmdrv - ok
          16:07:24.0156 3116 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
          16:07:24.0265 3116 streamip - ok
          16:07:24.0296 3116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
          16:07:24.0421 3116 swenum - ok
          16:07:24.0468 3116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
          16:07:24.0593 3116 swmidi - ok
          16:07:24.0609 3116 symc810 - ok
          16:07:24.0625 3116 symc8xx - ok
          16:07:24.0625 3116 sym_hi - ok
          16:07:24.0640 3116 sym_u3 - ok
          16:07:24.0671 3116 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
          16:07:24.0734 3116 SynTP - ok
          16:07:24.0796 3116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
          16:07:24.0921 3116 sysaudio - ok
          16:07:24.0968 3116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
          16:07:25.0140 3116 Tcpip - ok
          16:07:25.0171 3116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
          16:07:25.0312 3116 TDPIPE - ok
          16:07:25.0343 3116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
          16:07:25.0484 3116 TDTCP - ok
          16:07:25.0515 3116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
          16:07:25.0656 3116 TermDD - ok
          16:07:25.0656 3116 tifm21 - ok
          16:07:25.0671 3116 TosIde - ok
          16:07:25.0718 3116 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
          16:07:25.0734 3116 tvicport ( UnsignedFile.Multi.Generic ) - warning
          16:07:25.0734 3116 tvicport - detected UnsignedFile.Multi.Generic (1)
          16:07:25.0796 3116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
          16:07:25.0921 3116 Udfs - ok
          16:07:25.0921 3116 ultra - ok
          16:07:25.0968 3116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
          16:07:26.0140 3116 Update - ok
          16:07:26.0171 3116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
          16:07:26.0312 3116 usbccgp - ok
          16:07:26.0328 3116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
          16:07:26.0453 3116 usbehci - ok
          16:07:26.0484 3116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
          16:07:26.0625 3116 usbhub - ok
          16:07:26.0718 3116 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
          16:07:26.0937 3116 usbohci - ok
          16:07:26.0984 3116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
          16:07:27.0109 3116 usbprint - ok
          16:07:27.0156 3116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
          16:07:27.0265 3116 usbscan - ok
          16:07:27.0281 3116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
          16:07:27.0406 3116 USBSTOR - ok
          16:07:27.0453 3116 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
          16:07:27.0593 3116 usbvideo - ok
          16:07:27.0625 3116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
          16:07:27.0750 3116 VgaSave - ok
          16:07:27.0750 3116 ViaIde - ok
          16:07:27.0796 3116 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
          16:07:27.0921 3116 VolSnap - ok
          16:07:27.0953 3116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
          16:07:28.0078 3116 Wanarp - ok
          16:07:28.0093 3116 WDICA - ok
          16:07:28.0109 3116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
          16:07:28.0281 3116 wdmaud - ok
          16:07:28.0328 3116 winachsf (9692ab8ba2dcd649a86b1b9b81154278) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
          16:07:28.0406 3116 winachsf - ok
          16:07:28.0437 3116 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
          16:07:28.0562 3116 WmiAcpi - ok
          16:07:28.0593 3116 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
          16:07:28.0718 3116 WSTCODEC - ok
          16:07:28.0765 3116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
          16:07:28.0843 3116 WudfPf - ok
          16:07:28.0875 3116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
          16:07:28.0906 3116 WudfRd - ok
          16:07:28.0937 3116 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
          16:07:28.0968 3116 zntport ( UnsignedFile.Multi.Generic ) - warning
          16:07:28.0968 3116 zntport - detected UnsignedFile.Multi.Generic (1)
          16:07:28.0968 3116 MBR (0x1B8) (f0d162eecef088d7013bcf250cc52f27) \Device\Harddisk0\DR0
          16:07:29.0468 3116 \Device\Harddisk0\DR0 - ok
          16:07:29.0468 3116 Boot (0x1200) (8f0311be808a20a19ec8791e6a1c6195) \Device\Harddisk0\DR0\Partition0
          16:07:29.0468 3116 \Device\Harddisk0\DR0\Partition0 - ok
          16:07:29.0468 3116 Boot (0x1200) (81037a80320046242759ba244509a849) \Device\Harddisk0\DR0\Partition1
          16:07:29.0468 3116 \Device\Harddisk0\DR0\Partition1 - ok
          16:07:29.0484 3116 Boot (0x1200) (492bb6fb220cc45a9848faad1f6b48d0) \Device\Harddisk0\DR0\Partition2
          16:07:29.0484 3116 \Device\Harddisk0\DR0\Partition2 - ok
          16:07:29.0484 3116 ============================================================
          16:07:29.0484 3116 Scan finished
          16:07:29.0484 3116 ============================================================
          16:07:30.0421 3912 Deinitialize success

          ==============================================
          Last Created System Restore Point
          ==============================================
          RP487: 20/01/2012 16:05:16 - TDSSKiller Starter Restore Point
          ==============================================
          EOF

          Comment


          • #6
            Dat logje ziet er prima uit

            Kan je de volgende programma's deïnstalleren?
            Babylon Toolbar
            Conduit Engine
            Searchqu Toolbar


            Deze hebben namelijk geen goede reputatie.

            Herstart de computer en maak daarna een nieuw logje met DDS en post deze in je volgende bericht.

            Groeten smeenk

            Comment


            • #7
              Toolbars zijn verwijderd, hierbij het nieuwe dds logje:

              .
              DDS (Ver_2011-08-26.01) - NTFSx86
              Internet Explorer: 8.0.6001.18702
              Run by XP-Gebruiker at 18:48:51 on 2012-01-20
              Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1791.1145 [GMT 1:00]
              .
              AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
              .
              ============== Running Processes ===============
              .
              C:\WINDOWS\system32\svchost -k DcomLaunch
              svchost.exe
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              svchost.exe
              svchost.exe
              C:\WINDOWS\System32\wltrysvc.exe
              C:\WINDOWS\System32\bcmwltry.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Avira\AntiVir Desktop\sched.exe
              svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\WINDOWS\system32\WLTRAY.exe
              C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
              C:\Program Files\Common Files\Java\Java Update\jusched.exe
              C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
              C:\PROGRA~1\LAUNCH~1\LManager.exe
              C:\Program Files\Fighters\sfagent.exe
              C:\Program Files\Belgium Identity Card\beid35gui.exe
              C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\Program Files\BrowserCompanion\BCHelper.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
              C:\Program Files\Avira\AntiVir Desktop\avguard.exe
              C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
              C:\Program Files\Microsoft SQL Server\MSSQL10_50.ATX\MSSQL\Binn\sqlservr.exe
              C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Fighters\sfus.exe
              C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
              C:\WINDOWS\system32\svchost.exe -k imgsvc
              C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
              C:\Program Files\Fighters\FighterSuiteService.exe
              C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
              C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
              C:\WINDOWS\system32\wbem\wmiapsrv.exe
              C:\WINDOWS\system32\msiexec.exe
              C:\DOCUME~1\XP-GEB~1\LOCALS~1\Temp\RtkBtMnt.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://www.google.be/
              uWindow Title = Windows Internet Explorer wordt aangeboden door ilse media
              uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
              BHO: Browser Companion Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
              BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
              BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
              BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
              BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
              BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\toolbar\searchqudtx.dll
              BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
              BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
              BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
              TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\toolbar\searchqudtx.dll
              TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
              TB: !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
              TB: !{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No File
              TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
              TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
              TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
              uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
              uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
              mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
              mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
              mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
              mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
              mRun: [nwiz] nwiz.exe /install
              mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
              mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
              mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
              mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
              mRun: [LManager] c:\progra~1\launch~1\LManager.exe
              mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
              mRun: [sfagent] c:\program files\fighters\sfagent.exe
              mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
              mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
              mRun: [RTHDCPL] RTHDCPL.EXE
              mRun: [Alcmtr] ALCMTR.EXE
              mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
              StartupFolder: c:\docume~1\xp-geb~1\menust~1\progra~1\opstar~1\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
              IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
              IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
              IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
              IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
              IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
              DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
              DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
              DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202644588500
              DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
              DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
              DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
              TCP: DhcpNameServer = 192.168.1.254
              TCP: Interfaces\{F7F09886-4211-4118-8407-5B4603AF67BC} : DhcpNameServer = 192.168.1.254
              Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
              Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
              Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
              .
              ============= SERVICES / DRIVERS ===============
              .
              R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-19 11608]
              R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-19 136360]
              R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-19 269480]
              R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-19 66616]
              R2 MSSQL$ATX;SQL Server (ATX);c:\program files\microsoft sql server\mssql10_50.atx\mssql\binn\sqlservr.exe [2011-4-24 42872672]
              R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\sfus.exe [2010-11-12 214664]
              R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-11-12 1145992]
              S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
              S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
              S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
              S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
              S4 SQLAgent$ATX;SQL Server Agent (ATX);c:\program files\microsoft sql server\mssql10_50.atx\mssql\binn\SQLAGENT.EXE [2011-4-24 367456]
              .
              =============== Created Last 30 ================
              .
              2012-01-20 15:05:18 -------- d-----w- C:\TDSSStarter
              2012-01-19 16:47:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
              2012-01-18 19:40:53 -------- d-----w- c:\documents and settings\xp-gebruiker\application data\Malwarebytes
              2012-01-18 19:40:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
              2012-01-18 19:40:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
              2012-01-18 19:40:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
              2012-01-18 19:23:15 -------- d-----w- c:\program files\Nucia
              2012-01-12 17:39:07 -------- d-----w- c:\documents and settings\xp-gebruiker\local settings\application data\SanctionedMedia
              .
              ==================== Find3M ====================
              .
              2011-11-25 21:57:58 293888 ----a-w- c:\windows\system32\winsrv.dll
              2011-11-23 14:40:48 1859712 ----a-w- c:\windows\system32\win32k.sys
              2011-11-20 06:12:53 60928 ----a-w- c:\windows\system32\packager.exe
              2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
              2011-11-04 19:13:23 916992 ----a-w- c:\windows\system32\wininet.dll
              2011-11-04 19:13:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
              2011-11-04 19:13:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
              2011-11-04 11:25:39 385024 ----a-w- c:\windows\system32\html.iec
              2011-11-03 15:29:18 386560 ----a-w- c:\windows\system32\qdvd.dll
              2011-11-03 15:29:18 1296384 ----a-w- c:\windows\system32\quartz.dll
              2011-11-01 16:07:16 1288192 ----a-w- c:\windows\system32\ole32.dll
              2011-10-28 05:32:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
              2011-10-26 10:50:01 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
              2011-10-26 10:50:01 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
              .
              ============= FINISH: 18:50:07,90 ===============

              Comment


              • #8
                Searchqu staat er nog, deze wordt zelf geclassificeerd als malware.

                Download zoek.exe en zet deze op je bureaublad.
                Dubbelklik zoek.exe om hem te starten.
                Typ X gevolgd door Enter om "Combined fix" te starten.
                Een bestand met de naam "input.txt" zal openen.
                Kopieer hier de volgende code in:

                Code:
                {99079a25-328f-4bd4-be04-00955acaa0a7};c
                {D4027C7F-154A-4066-A1AD-4243D8127440};c
                {2318C2B1-4965-11d4-9B18-009027A5CD4F};c
                {30F9B915-B755-4826-820B-08FBA6BD249D};c
                {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3};c
                !{2318C2B1-4965-11d4-9B18-009027A5CD4F};c
                !{30F9B915-B755-4826-820B-08FBA6BD249D};c
                !{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3};c
                Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
                Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.



                Start daarna zoek.exe nog een keer.
                Typ B om "Custom Search" te selecteren en druk op Enter
                Een kladblokbestand met de naam input.txt opent.
                Geef hier het volgende in:

                Searchqu;

                Sluit input.txt, er zal een scan gaan lopen, wacht rustig af tot een kladblokbestand met een logje opent.
                Post het resultaat in je volgende bericht.

                Groeten smeenk

                Comment


                • #9
                  Hoi Smeenk,
                  hierbij de 2 logjes:

                  ==================
                  Zoek.exe by smeenk
                  Updated 22-03-2011
                  ==================
                  Deleting Registry Keys
                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
                  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
                  HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
                  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully
                  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully
                  HKEY_CLASSES_ROOT\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully

                  Deleting Registry Values
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully
                  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
                  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully




                  ==================
                  Zoek.exe by smeenk
                  Updated 22-03-2011
                  ==================
                  *************Folders************

                  2011-04-29 21:07:39 2011-04-29 21:07:39 -------- d-----w- C:\Documents and Settings\XP-Gebruiker\Application Data\searchquband
                  **************Files*************

                  --- C:\Documents and Settings\XP-Gebruiker\Local Settings\Temp\searchqutoolbar-manifest.xml ---
                  Company: ------
                  File Description: ------
                  File Version: ------
                  Product Name: ------
                  Copyright: ------
                  Original Filename: ------
                  File size: 9422
                  Created time: 2011-03-02 13:32:52
                  Modified time: 2011-03-02 13:32:52
                  MD5: AA709C3696701CC2792A44116E7D83A1
                  SHA1: EF7D1D20479456246CABA3EF5ED22A424588357D


                  --- C:\Documents and Settings\XP-Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\ERZ9Z5NH\searchqu_com[1].htm ---
                  Company: ------
                  File Description: ------
                  File Version: ------
                  Product Name: ------
                  Copyright: ------
                  Original Filename: ------
                  File size: 19370
                  Created time: 2012-01-02 16:07:21
                  Modified time: 2012-01-02 16:07:21
                  MD5: 9BC2337AF41F16EBFDAB73D3F99337C9
                  SHA1: 3ED1B88E96E73F77436EEEC7F3B78AD767BA173A


                  --- C:\Documents and Settings\XP-Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\O7XFO5YS\searchqu_com[1].htm ---
                  Company: ------
                  File Description: ------
                  File Version: ------
                  Product Name: ------
                  Copyright: ------
                  Original Filename: ------
                  File size: 19370
                  Created time: 2012-01-02 16:07:22
                  Modified time: 2012-01-02 16:07:22
                  MD5: 9BC2337AF41F16EBFDAB73D3F99337C9
                  SHA1: 3ED1B88E96E73F77436EEEC7F3B78AD767BA173A


                  --- C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-17025890.pf ---
                  Company: ------
                  File Description: ------
                  File Version: ------
                  Product Name: ------
                  Copyright: ------
                  Original Filename: ------
                  File size: 38888
                  Created time: 2012-01-20 17:41:32
                  Modified time: 2012-01-20 17:41:32
                  MD5: 837F0533A4E88FFBF5C4286248F10449
                  SHA1: ABACB771499CAFB94CEE47572F9B2FCC26355E71

                  ********************************

                  Comment


                  • #10
                    Dubbelklik zoek.exe om hem te starten.
                    Typ X gevolgd door Enter om "Combined fix" te starten.
                    Een bestand met de naam "input.txt" zal openen.
                    Kopieer hier de volgende code in:

                    Code:
                    C:\Documents and Settings\XP-Gebruiker\Application Data\searchquband;f
                    C:\Documents and Settings\XP-Gebruiker\Local Settings\Temp\searchqutoolbar-manifest.xml;f
                    C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-17025890.pf;f
                    Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
                    Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.



                    Start daarna zoek.exe nog een keer.
                    Typ G om "Registry Search" te selecteren en druk op Enter
                    Een invulvenster opent.
                    Geef hier het volgende in:

                    Searchqu

                    Druk daarna op OK. Er zal een scan gaan lopen op de achtergrond, wacht rustig af tot een kladblokbestand met een logje opent.
                    Post het resultaat in je volgende bericht.

                    Groeten smeenk

                    Comment


                    • #11
                      Hierbij de nieuwe logjes:

                      ==================
                      Zoek.exe by smeenk
                      Updated 22-03-2011
                      ==================

                      Deleting files\folders

                      "C:\Documents and Settings\XP-Gebruiker\Local Settings\Temp\searchqutoolbar-manifest.xml" deleted
                      "C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-17025890.pf" deleted
                      "C:\Documents and Settings\XP-Gebruiker\Application Data\searchquband" deleted



                      ==================
                      Zoek.exe by smeenk
                      Updated 22-03-2011
                      ==================
                      Registry search results for string "Searchqu" 21/01/2012 10:14:14

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]
                      "URL"="http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}"

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]
                      "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=101&qu={searchTerms}&ft=json"

                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProf ile\AuthorizedApplications\List]
                      "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"="C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe:*:EnabledTX broker"

                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProf ile\AuthorizedApplications\List]
                      "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"="C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe:*:EnabledTX broker"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
                      "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"="C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe:*:EnabledTX broker"

                      [HKEY_USERS\S-1-5-21-1078081533-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]
                      "URL"="http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}"

                      [HKEY_USERS\S-1-5-21-1078081533-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]
                      "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=101&qu={searchTerms}&ft=json"

                      Comment


                      • #12
                        Dubbelklik zoek.exe om hem te starten.
                        Typ X gevolgd door Enter om "Combined fix" te starten.
                        Een bestand met de naam "input.txt" zal openen.
                        Kopieer hier de volgende code in:

                        Code:
                        [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}];r
                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List];r
                        "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-;r
                         ;r
                        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List];r
                        "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-;r
                         ;r
                        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List];r
                        "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-;r
                         ;r
                        [-HKEY_USERS\S-1-5-21-1078081533-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}];r
                        Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.
                        Hierna begint de verwijderscan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.



                        Start daarna zoek.exe nog een keer.
                        Typ G om "Registry Search" te selecteren en druk op Enter
                        Een invulvenster opent.
                        Geef hier het volgende in:

                        Searchqu

                        Druk daarna op OK. Er zal een scan gaan lopen op de achtergrond, wacht rustig af tot een kladblokbestand met een logje opent.
                        Post het resultaat in je volgende bericht.

                        Groeten smeenk

                        Comment


                        • #13
                          Hierbij de nieuwe logjes:

                          Registry fix

                          REGEDIT4

                          [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]
                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProf ile\AuthorizedApplications\List]
                          "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-

                          [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProf ile\AuthorizedApplications\List]
                          "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-

                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
                          "C:\\Program Files\\Windows Searchqu Toolbar\\ToolBar\\dtUser.exe"=-

                          [-HKEY_USERS\S-1-5-21-1078081533-1993962763-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}]



                          ==================
                          Zoek.exe by smeenk
                          Updated 22-03-2011
                          ==================
                          Registry search results for string "Searchqu" 21/01/2012 11:50:11

                          Comment


                          • #14
                            Niets meer gevonden dus

                            Ondervindt je nog problemen?

                            Bij dergelijke infecties verdwijnen er wel eens iconen van het bureaublad of uit het menu start.
                            Daarnaast zie je vaak dat mappen op de C-schijf niet meer zichtbaar zijn.

                            Niets van dat?

                            Comment


                            • #15
                              Tot nu toe lijkt alles terug vlot te werken, zonder problemen.
                              Ziet er goed uit.
                              Met Defogger mag ik de emulatie-software nu terug opzetten?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X