Ga naar inhoud

Hardnekkig virus?

Prosper
 Delen

Aanbevolen berichten

Prosper Leerling

Prosper

Geplaatst:
  • Auteur
Geplaatst:

Sorry niet hijackthis maar malwarebytes:

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4809

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

14-10-2010 15:29:51

mbam-log-2010-10-14 (15-29-51).txt

Scantype: Snelle scan

Objecten gescand: 141813

Verstreken tijd: 2 minuut/minuten, 56 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Windows\system32\Drivers\kacbn.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Hij blijft de hele tijd die ene rootkit.agent vinden....

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download GMER Rootkit detector

Bewaar het op een veilige plaats en pak het uit naar je bureaublad

  • Verbreek je internetverbinding en sluit ALLE programma's
  • Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
  • Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
  • Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
  • Klik rootkit tab en klik scan
  • als het scannen klaar is klik je copy
  • Open notepad en copy/paste de tekst
  • Herstel je internetverbinding en post de tekst in je volgende antwoord.

Plaats de uitslag van Gmer in een volgende bericht.

Link naar reactie
Delen op andere sites
Prosper Leerling

Prosper

Geplaatst:
  • Auteur
Geplaatst:

Heb nu 2 keer een BSOD gekregen na het runnen van GMER, maar wel log op kunnen slaan:

GMER 1.0.15.15315 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-10-14 17:01:10

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\Prosper\AppData\Local\Temp\fwryipog.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\kacbn.sys Een apparaat dat op het systeem is aangesloten, werkt niet. !

---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\svchost.exe[3840] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll

? C:\Windows\System32\svchost.exe[4056] image checksum mismatch; time/date stamp mismatch;

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 01A6B6E9

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 5409E800

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] 68500000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] 0F6DEAD8

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 00113EE8

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] F8BD8D00

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] E81394A3

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] 00000C58

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 59756668

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 04C76661

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 838FFE24

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 66F9FFC6

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] 0CE1BA0F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 85C330F5

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 12CEE9FE

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 60F90000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] F902ED83

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 000634E9

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 24648D00

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8F8E0F28

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 9C00005E

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] 2474FF60

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 042444C6

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 8D9C9C92

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 000053DA

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 005BE7E9

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 514EE900

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] 35E90000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 9C0001AD

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 892434FF

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 6604247C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 0C89CF0F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] A0B98D24

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] F7B8C753

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24BC8DD7

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] BA86FAAB

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] BA0F669C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 879C0AFF

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 0F66F8B6

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 01F7BA0F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 5F73E52C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] CFD3E1F2

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] FF896652

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 35FF6056

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] [004011C5] C:\Windows\System32\svchost.exe (Hostproces voor Windows-services/Microsoft Corporation)

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] 1C24448F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] 005638E9

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] F6F5F800

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] C4F766D2

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] ED831B48

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] FCEC8302

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 54A0800F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] D0200000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] 04C69C60

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] 81E85024

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 9C00000D

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 2824448F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00458F2C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 2489669C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 648D5124

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 37E93824

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] E8000053

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0000510A

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] C450E9D5

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 74FF0001

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 5318E934

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 8B660000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 56B1E900

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 7E270000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] C421E9B1

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3300001

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 16F4E900

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 33E90000

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 9C000056

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] E9986054

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00000FD4

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 24048954

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 24648D60

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 578F0F20

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 60000010

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 1C247C89

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 59E96056

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 000002A7

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 66CE0F9C

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 66CCA30F

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] D6F7C5D3

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00090AE8

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 242C8700

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] EAB60F66

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 4AE8F960

IAT C:\Windows\System32\svchost.exe[3840] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] D0000014

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 51EC8B55

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 1845DB51

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] F855DD56

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] E8084DDC

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 000004D2

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] FF184589

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 40515C15

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] F845DD00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B104DDC

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1865DAF0

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 0004B9E8

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 8BC88B00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] F74199C6

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] C28B5EF9

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] C9184503

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 5C15FFC3

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 8B004051

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 2B08244C

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 9904244C

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8BF9F741

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 244403C2

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] FF56C304

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 244C8B00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 748D9908

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 2BC28B5E

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 244403C1

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 15FFC308

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] [0040515C] C:\Windows\System32\svchost.exe (Hostproces voor Windows-services/Microsoft Corporation)

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 04244C8B

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F9F74199

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] FFC3C28B

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 40515C15

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 646A9900

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 33F9F759

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24543BC0

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] C09C0F04

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] EC8B55C3

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 0204EC81

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000100

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8B590040

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 8D500000

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] FFFEFC8D

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] C93351FF

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 558D5151

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 8D5052FC

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] FFFDFC85

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] FF5150FF

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 40504415

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 56216A00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] FFFC75FF

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 40515815

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 0CC48300

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] C01BD8F7

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] C95EC623

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] EC8B55C3

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 458B5151

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 33565308

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 33FC7589

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01518DFF

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 8441198A

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 2BF975DB

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 802974CA

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7420063C

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [75FF850A] C:\Windows\system32\kernel32.dll (DLL-bestand voor Windows NT BASE API-client/Microsoft Corporation)

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 45FF470C

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8A01518D

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] DB844119

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] CA2BF975

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] D772F13B

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 5FFC458B

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3C95B5E

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 56530CEC

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 68F63357

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 00000400

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFF87589

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40515415

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 085D8B00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C38BF88B

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] FC758959

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8D0007C6

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 108A0148

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] [75D28440] C:\Windows\system32\USER32.dll (DLL-bestand voor Windows USER API-client (meerdere gebruikers)/Microsoft Corporation)

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 1E048D66

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 74203880

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FC7D8328

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FF0A7500

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 45C7F845

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 000001FC

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0C4D8B00

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] F84D3941

IAT C:\Windows\System32\svchost.exe[4056] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 016A3275

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 87592630

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [bOOT] kacbn <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd508808

Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\kacbn@Group Boot Bus Extender

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ...

Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Type 1

Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Start 0

Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet002\Services\kacbn@Group Boot Bus Extender

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ...

Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Type 1

Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Start 0

Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\kacbn@Group Boot Bus Extender

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ...

Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Type 1

Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Start 0

Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet004\Services\kacbn@Group Boot Bus Extender

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ...

Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd508808 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Type 1

Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Start 0

Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet005\Services\kacbn@Group Boot Bus Extender

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0x1F 0x81 0x75 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x69 0x2C 0x7D ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x75 0x93 0x61 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0xDA 0x90 0x29 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC1 0xF5 0x2A 0x4A ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x83 0x42 0x91 0x40 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0xD0 0x72 0x59 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x07 0x3E 0x0A 0xD9 ...

---- EOF - GMER 1.0.15 ----

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download The Avenger en plaats het op je bureaublad.

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:

C:\Windows\system32\Drivers\kacbn.sys

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile.

Laat meteen erna ook opnieuw Malwarebytes scannen ter controle.

Link naar reactie
Delen op andere sites
Prosper Leerling

Prosper

Geplaatst:
  • Auteur
Geplaatst:

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open file "C:\Windows\system32\Drivers\kacbn.sys"

Deletion of file "C:\Windows\system32\Drivers\kacbn.sys" failed!

Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Completed script processing.

*******************

Finished! Terminate.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit is een hardnekkig kereltje :dong:

Start het programma Avenger door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Drivers to disable:

kacbn

Drivers to delete:

kacbn

Files to delete:

C:\Windows\system32\Drivers\kacbn.sys

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile.

Link naar reactie
Delen op andere sites
Prosper Leerling

Prosper

Geplaatst:
  • Auteur
Geplaatst:

Hmm volgens mij is het gelukt :) ik doe nu ook even een malware scan, post ik hierna...

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "kacbn" disabled successfully.

Driver "kacbn" deleted successfully.

File "C:\Windows\system32\Drivers\kacbn.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

---------- Post toegevoegd om 05:50 ---------- Vorige post was om 05:43 ----------

ik had wel een bsod trouwens.... maar geen rootkit :)

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4809

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

15-10-2010 7:47:36

mbam-log-2010-10-15 (07-47-36).txt

Scantype: Snelle scan

Objecten gescand: 142068

Verstreken tijd: 2 minuut/minuten, 47 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

wat houdt een rootkit eingelijk in?

Heel erg bedankt voor al je hulp en snelle reacties!!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Mooi zo ... dan hebben we hem toch klein gekregen :top:

Kijk hier voor algemene bevattelijke info over de "rootkit".

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

GMER, The Avenger en HijackThis mag je nu ook verwijderen.

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

That's it !

Link naar reactie
Delen op andere sites
  • 2 weken later...
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.