Browser Hijacker?

[Asus]

Bij SAS (SUPERantispyware) vind je de info (zie vraag van kape in vorige post) bij Manage Quarantine en View Scan Logs.

Normaliter heb je een idem dito mogelijkheid bij Spybot.

[Rooieborrels]

2011/09/09 16:15:33.0015 5948 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34

2011/09/09 16:15:33.0140 5948 ================================================================================

2011/09/09 16:15:33.0140 5948 SystemInfo:

2011/09/09 16:15:33.0140 5948

2011/09/09 16:15:33.0140 5948 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/09 16:15:33.0140 5948 Product type: Workstation

2011/09/09 16:15:33.0140 5948 ComputerName: QYHPOKYF1OJJ068

2011/09/09 16:15:33.0140 5948 UserName: gebruiker

2011/09/09 16:15:33.0140 5948 Windows directory: C:\WINDOWS

2011/09/09 16:15:33.0140 5948 System windows directory: C:\WINDOWS

2011/09/09 16:15:33.0140 5948 Processor architecture: Intel x86

2011/09/09 16:15:33.0140 5948 Number of processors: 2

2011/09/09 16:15:33.0140 5948 Page size: 0x1000

2011/09/09 16:15:33.0140 5948 Boot type: Normal boot

2011/09/09 16:15:33.0140 5948 ================================================================================

2011/09/09 16:15:34.0781 5948 Initialize success

2011/09/09 16:16:32.0843 4332 ================================================================================

2011/09/09 16:16:32.0843 4332 Scan started

2011/09/09 16:16:32.0843 4332 Mode: Manual;

2011/09/09 16:16:32.0843 4332 ================================================================================

2011/09/09 16:16:33.0703 4332 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/09 16:16:33.0734 4332 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/09/09 16:16:33.0796 4332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/09 16:16:33.0875 4332 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/09 16:16:34.0140 4332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/09 16:16:34.0281 4332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/09 16:16:34.0328 4332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/09 16:16:34.0406 4332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/09 16:16:34.0531 4332 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

2011/09/09 16:16:34.0562 4332 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

2011/09/09 16:16:34.0703 4332 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/09/09 16:16:34.0750 4332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/09 16:16:35.0000 4332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/09 16:16:35.0328 4332 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/09 16:16:35.0562 4332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/09 16:16:35.0593 4332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/09 16:16:35.0625 4332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/09 16:16:35.0671 4332 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys

2011/09/09 16:16:35.0828 4332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/09/09 16:16:35.0890 4332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/09/09 16:16:36.0000 4332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/09 16:16:36.0062 4332 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/09 16:16:36.0218 4332 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/09 16:16:36.0265 4332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/09 16:16:36.0296 4332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/09 16:16:36.0375 4332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/09 16:16:36.0421 4332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/09 16:16:36.0453 4332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/09/09 16:16:36.0484 4332 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/09 16:16:36.0625 4332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/09 16:16:36.0671 4332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/09 16:16:36.0703 4332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/09 16:16:36.0718 4332 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/09 16:16:36.0750 4332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/09 16:16:36.0796 4332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/09 16:16:36.0843 4332 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/09 16:16:36.0937 4332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/09 16:16:37.0109 4332 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/09/09 16:16:37.0187 4332 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

2011/09/09 16:16:37.0250 4332 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/09/09 16:16:37.0312 4332 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/09 16:16:37.0375 4332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/09 16:16:37.0734 4332 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/09 16:16:38.0125 4332 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/09 16:16:38.0156 4332 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/09 16:16:38.0234 4332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/09 16:16:38.0281 4332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/09 16:16:38.0328 4332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/09 16:16:38.0484 4332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/09 16:16:38.0531 4332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/09 16:16:38.0593 4332 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/09 16:16:38.0625 4332 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/09 16:16:38.0656 4332 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/09/09 16:16:38.0687 4332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/09 16:16:38.0843 4332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/09 16:16:38.0921 4332 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/09/09 16:16:38.0968 4332 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

2011/09/09 16:16:39.0265 4332 lv321av (9919e66d8e7b0c77b07a0852e1b38834) C:\WINDOWS\system32\DRIVERS\lv321av.sys

2011/09/09 16:16:39.0546 4332 lvmvdrv (fa974ad25cd6c1fc94380d7dc5271b0d) C:\WINDOWS\system32\drivers\lvmvdrv.sys

2011/09/09 16:16:39.0781 4332 LVPrcMon (b750d805a1e024e42096970ad01434cf) C:\WINDOWS\system32\drivers\LVPrcMon.sys

2011/09/09 16:16:39.0843 4332 LVUSBSta (dcc4677c583fb9563e31b565fc28eaa2) C:\WINDOWS\system32\drivers\lvusbsta.sys

2011/09/09 16:16:39.0906 4332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/09 16:16:39.0968 4332 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/09 16:16:40.0109 4332 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/09 16:16:40.0156 4332 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/09 16:16:40.0187 4332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/09 16:16:40.0234 4332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/09 16:16:40.0296 4332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/09 16:16:40.0453 4332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/09 16:16:40.0484 4332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/09 16:16:40.0515 4332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/09 16:16:40.0546 4332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/09 16:16:40.0609 4332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/09 16:16:40.0843 4332 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/09 16:16:40.0937 4332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/09 16:16:40.0968 4332 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/09 16:16:41.0015 4332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/09 16:16:41.0125 4332 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/09 16:16:41.0203 4332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/09 16:16:41.0265 4332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/09 16:16:41.0296 4332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/09 16:16:41.0375 4332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/09 16:16:41.0484 4332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/09 16:16:41.0546 4332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/09 16:16:41.0625 4332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/09 16:16:41.0687 4332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/09 16:16:41.0828 4332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/09 16:16:42.0046 4332 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/09 16:16:42.0390 4332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/09 16:16:42.0437 4332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/09 16:16:42.0500 4332 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

2011/09/09 16:16:42.0546 4332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/09 16:16:42.0609 4332 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/09 16:16:42.0734 4332 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/09 16:16:42.0796 4332 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/09 16:16:42.0828 4332 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/09/09 16:16:43.0031 4332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/09 16:16:43.0062 4332 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/09/09 16:16:43.0203 4332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/09 16:16:43.0250 4332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/09 16:16:43.0390 4332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/09 16:16:43.0531 4332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/09 16:16:43.0578 4332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/09 16:16:43.0625 4332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/09 16:16:43.0671 4332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/09 16:16:43.0703 4332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/09 16:16:43.0765 4332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/09 16:16:43.0921 4332 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/09 16:16:43.0984 4332 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/09/09 16:16:44.0171 4332 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys

2011/09/09 16:16:44.0265 4332 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/09/09 16:16:44.0406 4332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/09 16:16:44.0484 4332 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

2011/09/09 16:16:44.0546 4332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/09 16:16:44.0609 4332 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/09 16:16:44.0671 4332 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/09/09 16:16:44.0843 4332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/09 16:16:44.0937 4332 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys

2011/09/09 16:16:44.0937 4332 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd

2011/09/09 16:16:44.0953 4332 sptd - detected LockedFile.Multi.Generic (1)

2011/09/09 16:16:45.0109 4332 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/09 16:16:45.0218 4332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/09 16:16:45.0265 4332 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/09/09 16:16:45.0328 4332 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/09 16:16:45.0468 4332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/09 16:16:45.0515 4332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/09 16:16:45.0671 4332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/09 16:16:45.0765 4332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/09 16:16:45.0859 4332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/09 16:16:45.0984 4332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/09 16:16:46.0031 4332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/09 16:16:46.0125 4332 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys

2011/09/09 16:16:46.0203 4332 tmcomm (08bac71557df8a9b1381c8c165f64520) C:\WINDOWS\system32\drivers\tmcomm.sys

2011/09/09 16:16:46.0421 4332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/09 16:16:46.0500 4332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/09 16:16:46.0546 4332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/09 16:16:46.0578 4332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/09 16:16:46.0625 4332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/09 16:16:46.0656 4332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/09 16:16:46.0812 4332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/09 16:16:46.0843 4332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/09 16:16:46.0875 4332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/09 16:16:46.0906 4332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/09 16:16:46.0968 4332 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/09 16:16:47.0093 4332 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2011/09/09 16:16:47.0296 4332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/09 16:16:47.0375 4332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/09 16:16:47.0453 4332 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/09/09 16:16:47.0531 4332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/09/09 16:16:47.0593 4332 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/09 16:16:47.0734 4332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/09 16:16:47.0781 4332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/09 16:16:47.0906 4332 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0

2011/09/09 16:16:47.0906 4332 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)

2011/09/09 16:16:47.0937 4332 Boot (0x1200) (445b65a7b7ddb2263294061c960dfded) \Device\Harddisk0\DR0\Partition0

2011/09/09 16:16:47.0968 4332 Boot (0x1200) (e3b31b8747f048b88c4e192220ddfc9a) \Device\Harddisk0\DR0\Partition1

2011/09/09 16:16:47.0968 4332 ================================================================================

2011/09/09 16:16:47.0968 4332 Scan finished

2011/09/09 16:16:47.0968 4332 ================================================================================

2011/09/09 16:16:48.0015 5980 Detected object count: 2

2011/09/09 16:16:48.0015 5980 Actual detected object count: 2

2011/09/09 16:17:52.0625 5980 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/09/09 16:17:52.0625 5980 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot

2011/09/09 16:17:52.0625 5980 \Device\Harddisk0\DR0 - ok

2011/09/09 16:17:52.0625 5980 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure

Ik weet niet of ik de gegevens nog heb van alle vorige scans maar ik zal kijken. Als ik nog iets heb zal ik dat ook posten.

[Rooieborrels]

Dit is alles wat ik nog kan vinden.

Ad-aware

Logfile created: 04-09-2011 15:08:35

Ad-Aware version: 8.2.6

User performing scan: gebruiker

*********************** Definitions database information ***********************

Lavasoft definition file: 149.874

Genotype definition file version: 2011/07/20 16:00:39

******************************** Scan results: *********************************

Scan profile name: Vol. scan (ID: full)

Objects scanned: 365298

Objects detected: 33

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 3

Folders.........: 0

LSPs............: 0

Cookies.........: 30

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0

Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0

Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0

Description: *boldchat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409211 Family ID: 0

Description: www.new* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409109 Family ID: 0

Description: *hit.gemius* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409369 Family ID: 0

Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0

Description: *adverserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408919 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0

Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0

Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0

Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0

Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0

Description: *boldchat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409211 Family ID: 0

Description: www.new* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409109 Family ID: 0

Description: *hit.gemius* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409369 Family ID: 0

Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0

Description: *adverserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408919 Family ID: 0

Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0

Quarantined items:

Description: c:\program files\mobile partner\addpbk.exe Family Name: Win32.Monitor.Agent/U Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 74b9908552738161123786d1beca4175

Description: c:\system volume information\_restore{81b02f8c-781b-476c-97d3-5a3921875c16}\rp870\a0216675.exe Family Name: Win32.Trojan.Arto Engine: 1 Clean status: Success Item ID: 6230003 Family ID: 5981082 MD5: 437650d9656d2e80c1e48b011ac53e4a

Description: c:\system volume information\_restore{81b02f8c-781b-476c-97d3-5a3921875c16}\rp886\a0220647.exe Family Name: Win32.TrojanSpy.SpyEyes Engine: 1 Clean status: Success Item ID: 6288455 Family ID: 2517356 MD5: 63878c5ed9809cb1d62ae738d0dcd5bd

Scan and cleaning complete: Finished correctly after 19669 seconds

*********************************** Settings ***********************************

Scan profile:

ID: full, enabled:1, value: Vol. scan

ID: folderstoscan, enabled:1, value: C:\,D:\

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:

<Empty>

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Thu Mar 18 13:53:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Thu Mar 18 19:53:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Thu Mar 18 01:53:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Thu Mar 18 07:53:00 2010

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Thu Mar 18 13:53:00 2010

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: true

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: true

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: true

ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:

ID: realtime, enabled:1

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: onaccessprotection, enabled:1, value: true

ID: registryprotection, enabled:1, value: true

ID: networkprotection, enabled:1, value: true

****************************** System information ******************************

Computer name: QYHPOKYF1OJJ068

Processor name: Intel® Core2 CPU T5500 @ 1.66GHz

Processor identifier: x86 Family 6 Model 15 Stepping 6

Processor speed: ~1662MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2]

Physical memory available: 907415552 bytes

Physical memory total: 2145497088 bytes

Virtual memory available: 1993129984 bytes

Virtual memory total: 2147352576 bytes

Memory load: 57%

Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Windows startup mode:

Running processes:

PID: 764 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 812 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 844 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 888 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 900 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1072 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1140 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY

PID: 1180 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1268 name: C:\WINDOWS\System32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY

PID: 1424 name: C:\WINDOWS\System32\svchost.exe owner: Lokale service domain: NT AUTHORITY

PID: 152 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 240 name: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 260 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe owner: SYSTEM domain: NT AUTHORITY

PID: 316 name: C:\WINDOWS\System32\svchost.exe owner: Lokale service domain: NT AUTHORITY

PID: 528 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY

PID: 604 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY

PID: 668 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2636 name: C:\WINDOWS\Explorer.EXE owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 3416 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY

PID: 2052 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2076 name: C:\WINDOWS\system32\LVCOMSX.EXE owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2300 name: C:\Program Files\Acer\OrbiCam\CameraAssistant.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 956 name: C:\WINDOWS\system32\ElkCtrl.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2808 name: C:\WINDOWS\RTHDCPL.EXE owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2984 name: C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 3132 name: C:\PROGRA~1\DAP\DAP.EXE owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2812 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 3308 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 1748 name: C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 3432 name: C:\WINDOWS\system32\rundll32.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 480 name: C:\WINDOWS\system32\ctfmon.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 924 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 1348 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2592 name: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 1560 name: C:\WINDOWS\system32\wuauclt.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 180 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 1200 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 4256 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4380 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4424 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY

PID: 692 name: c:\program files\avira\antivir personaledition classic\avcenter.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 2888 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4548 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: gebruiker domain: QYHPOKYF1OJJ068

PID: 4664 name: C:\Program Files\Lavasoft\Ad-Aware\autolaunch.exe owner: gebruiker domain: QYHPOKYF1OJJ068

Startup items:

Name: NvCplDaemon

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

Name: NvMediaCenter

imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Name: LVCOMSX

imagepath: C:\WINDOWS\system32\LVCOMSX.EXE

Name: LogitechCameraAssistant

imagepath: C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

Name: LogitechVideo[inspector]

imagepath: C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect

Name: LogitechCameraService(E)

imagepath: C:\WINDOWS\system32\ElkCtrl.exe /automation

Name: RTHDCPL

imagepath: RTHDCPL.EXE

Name: Alcmtr

imagepath: ALCMTR.EXE

Name: OpwareSE2

imagepath: "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

Name: OPSE reminder

imagepath: "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

Name: DownloadAccelerator

imagepath: C:\PROGRA~1\DAP\DAP.EXE /STARTUP

Name: avgnt

imagepath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

Name: ISUSPM Startup

imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

Name: ISUSScheduler

imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

Name: NeroCheck

imagepath: C:\WINDOWS\system32\NeroCheck.exe

Name: SunJavaUpdateSched

imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"

Name: Adobe Reader Speed Launcher

imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Name: Adobe ARM

imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Name: KernelFaultCheck

imagepath: %systemroot%\system32\dumprep 0 -k

Name: nwiz

imagepath: nwiz.exe /install

Name: crlregistrationf

imagepath: C:\Program Files\Corel\Corel Graphics 12\Languages\NL\Programs\registration.exe /title="crlregistration" /date=111610

Name: Anti-phishing Domain Advisor

imagepath: "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

Name: TrojanScanner

imagepath: C:\Program Files\Trojan Remover\Trjscan.exe /boot

Name: CTFMON.EXE

imagepath: C:\WINDOWS\System32\CTFMON.EXE

Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}

imagepath: Preloader van browseui

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Cache-daemon voor onderdeelcategorieën

Name: PostBootReminder

imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}

Name: CDBurn

imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: SysTray

imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}

Name: WPDShServiceObj

imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

Name:

location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk

imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Name:

imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini

Name:

location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

imagepath: C:\Program Files\Microsoft Office\Office10\OSA.EXE

Name:

imagepath: C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini

Bootexecute items:

Name:

imagepath: autocheck autochk *

Running services:

Name: ALG

displayname: Application Layer Gateway-service

Name: AntiVirScheduler

displayname: Avira AntiVir Personal - Free Antivirus Scheduler

Name: AudioSrv

displayname: Windows Audio

Name: BITS

displayname: Intelligente achtergrondsoverdrachtservice

Name: CryptSvc

displayname: Services voor cryptografie

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP Client

Name: Dnscache

displayname: DNS Client

Name: ERSvc

displayname: Service voor het rapporteren van fouten

Name: Eventlog

displayname: Event Log

Name: EventSystem

displayname: COM+-gebeurtenissysteem

Name: FastUserSwitchingCompatibility

displayname: Compatibiliteit voor Snelle gebruikerswisseling

Name: helpsvc

displayname: Help en ondersteuning

Name: HidServ

displayname: HID Input Service

Name: JavaQuickStarterService

displayname: Java Quick Starter

Name: lanmanserver

displayname: Server

Name: lanmanworkstation

displayname: Workstation

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

Name: LmHosts

displayname: TCP/IP NetBIOS Helper

Name: LVPrcSrv

displayname: Logitech Process Monitor

Name: Netman

displayname: Network Connections

Name: Nla

displayname: Network Location Awareness (NLA)

Name: NVSvc

displayname: NVIDIA Display Driver Service

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: IPSEC-services

Name: ProtectedStorage

displayname: Protected Storage

Name: RasMan

displayname: Verbindingsbeheer voor RAS

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: seclogon

displayname: Secondary Logon

Name: SENS

displayname: System Event Notification

Name: SharedAccess

displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: Spooler

displayname: Print Spooler

Name: srservice

displayname: System Restore-service

Name: SSDPSRV

displayname: SSDP Discovery-service

Name: stisvc

displayname: Windows Image Acquisition (WIA)

Name: TapiSrv

displayname: Telephony

Name: TermService

displayname: Terminal Services

Name: Themes

displayname: Thema's

Name: TrkWks

displayname: Distributed Link Tracking Client

Name: W32Time

displayname: Windows Time

Name: WebClient

displayname: WebClient

Name: winmgmt

displayname: Windows Management Instrumentation

Name: wscsvc

displayname: Security Center

Name: wuauserv

displayname: Automatische updates

Name: WZCSVC

displayname: Wireless Zero Configuration-service

Super Anti Spyware

SUPERAntiSpyware Scan Log

SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/05/2011 at 03:46 PM

Application Version : 4.56.1000

Core Rules Database Version : 7645

Trace Rules Database Version: 5457

Scan type : Quick Scan

Total Scan Time : 00:45:05

Memory items scanned : 343

Memory threats detected : 0

Registry items scanned : 2392

Registry threats detected : 0

File items scanned : 9327

File threats detected : 10

Adware.Tracking Cookie

C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt.combing[2].txt

C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[4].txt

C:\Documents and Settings\gebruiker\Cookies\gebruiker@ad.yieldmanager[4].txt

C:\Documents and Settings\gebruiker\Cookies\8Z0KTU29.txt

C:\Documents and Settings\gebruiker\Cookies\GU6VW36W.txt

C:\Documents and Settings\gebruiker\Cookies\1MFTNPYL.txt

C:\Documents and Settings\gebruiker\Cookies\FDSROIN7.txt

C:\Documents and Settings\gebruiker\Cookies\gebruiker@openx.motomedia[4].txt

C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[3].txt

C:\Documents and Settings\gebruiker\Cookies\gebruiker@mediabrandsww[1].txt

Avira

Avira AntiVir Personal

Report file date: zondag 4 september 2011 15:06

Scanning for 3329868 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - Free Antivirus

Serial number: 0000149996-ADJIE-0000001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: QYHPOKYF1OJJ068

Version information:

BUILD.DAT : 8.2.0.354 17048 Bytes 23-10-2009 13:15:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 18-11-2008 08:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26-5-2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12-6-2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26-5-2008 07:58:52

ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 6-11-2009 11:14:21

ANTIVIR1.VDF : 7.11.13.66 27840368 Bytes 16-8-2011 08:46:32

ANTIVIR2.VDF : 7.11.14.88 1301408 Bytes 2-9-2011 22:00:32

ANTIVIR3.VDF : 7.11.14.90 2048 Bytes 2-9-2011 22:00:33

Engineversion : 8.2.6.54

AEVDF.DLL : 8.1.2.1 106868 Bytes 11-8-2010 11:02:44

AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27-8-2011 10:12:55

AESCN.DLL : 8.1.7.2 127349 Bytes 23-11-2010 11:14:08

AESBX.DLL : 8.2.1.34 323957 Bytes 9-6-2011 09:34:36

AERDL.DLL : 8.1.9.13 639349 Bytes 15-7-2011 13:14:04

AEPACK.DLL : 8.2.10.10 684407 Bytes 4-9-2011 13:01:45

AEOFFICE.DLL : 8.1.2.13 201083 Bytes 28-7-2011 20:32:28

AEHEUR.DLL : 8.1.2.164 3654007 Bytes 4-9-2011 13:01:44

AEHELP.DLL : 8.1.17.7 254327 Bytes 28-7-2011 20:32:24

AEGEN.DLL : 8.1.5.9 401780 Bytes 27-8-2011 10:12:45

AEEMU.DLL : 8.1.3.0 393589 Bytes 23-11-2010 11:14:03

AECORE.DLL : 8.1.23.0 196983 Bytes 27-8-2011 10:12:42

AEBB.DLL : 8.1.1.0 53618 Bytes 24-4-2010 10:09:52

AVWINLL.DLL : 1.0.0.12 15105 Bytes 9-7-2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16-5-2008 09:28:01

AVREP.DLL : 10.0.0.9 174120 Bytes 1-3-2011 09:48:14

AVREG.DLL : 8.0.0.1 33537 Bytes 9-5-2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12-2-2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12-6-2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22-1-2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12-6-2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25-1-2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12-6-2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27-6-2008 13:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: zondag 4 september 2011 15:06

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'AAWService.exe' - '1' Module(s) have been scanned

Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'agent.exe' - '1' Module(s) have been scanned

Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'visicom_antiphishing.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'DAP.exe' - '1' Module(s) have been scanned

Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned

Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

43 processes with 43 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '64' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\12\61bc2d0c-2791f66d

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was deleted!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\16\167f43d0-507c3af2

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit

[NOTE] The file was deleted!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\21\37e03655-44a86929

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AJ exploit

[NOTE] The file was deleted!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\23\5ab40f57-38cb7602

[DETECTION] Contains recognition pattern of the JAVA/Dldr.Tharra.G Java virus

[NOTE] The file was deleted!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\24\4581ec18-1e692c52

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/2010-0840.AC exploit

--> buildService/TableClasses.class

[DETECTION] Contains recognition pattern of the JAVA/Exdoer.FF Java virus

[NOTE] The file was moved to '4e9b7ae3.qua'!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\25\175893d9-2db16465

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit

[NOTE] The file was moved to '4e987b09.qua'!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\30\12f8bf9e-1901d220

[DETECTION] Is the TR/Buterat-CB.A Trojan

[NOTE] The file was moved to '4ec97b54.qua'!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\32\58d04ba0-6237ba14

[DETECTION] Contains recognition pattern of the WORM/Autorun.abo.5 worm

[NOTE] The file was moved to '4ec77b69.qua'!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\35\4ab99663-1a11788d

[0] Archive type: ZIP

--> buildService/BuildClass.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit

[NOTE] The file was moved to '4ec57c0b.qua'!

C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\55\44f23ab7-1a7aab24

[DETECTION] Is the TR/Kazy.34853.2 Trojan

[NOTE] The file was moved to '4ec97c30.qua'!

C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP869\A0213590.exe

[DETECTION] Contains recognition pattern of the ADWARE/WinPump.adc virus

[NOTE] The file was moved to '4e95ea3d.qua'!

C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP871\A0217550.exe

[DETECTION] Contains recognition pattern of the ADWARE/WinPump.adc virus

[NOTE] The file was moved to '4e95eab5.qua'!

C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP881\A0219684.exe

[DETECTION] Contains recognition pattern of the WORM/Autorun.abo.5 worm

[NOTE] The file was moved to '4e95ecab.qua'!

C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP886\A0220648.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4e95f132.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <ACERDATA>

End of the scan: maandag 5 september 2011 00:49

Used time: 9:43:19 Hour(s)

The scan has been done completely.

10557 Scanning directories

544767 Files were scanned

15 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

4 files were deleted

0 files were repaired

10 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

544750 Files not concerned

1679 Archives were scanned

2 Warnings

14 Notes

MBAM

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 7649

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04-09-2011 18:48:09

mbam-log-2011-09-04 (18-48-09).txt

Scantype: Snelle scan

Objecten gescand: 271134

Verstreken tijd: 3 uur/uren, 17 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\Recycle.Bin\32b3e7f50954887 (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 7538

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

23-08-2011 0:33:50

mbam-log-2011-08-23 (00-33-50).txt

Scantype: Snelle scan

Objecten gescand: 102704

Verstreken tijd: 1 uur/uren, 36 minuut/minuten, 59 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 2

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9019A174 (Spyware.Passwords.XGen) -> Value: 9019A174 -> Delete on reboot.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\documents and settings\gebruiker\application data\9019A174\9019A174.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\documents and settings\gebruiker\local settings\temp\jar_cache7931372123814204295.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.1.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 7339

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

31-07-2011 17:44:38

mbam-log-2011-07-31 (17-44-38).txt

Scantype: Snelle scan

Objecten gescand: 257840

Verstreken tijd: 43 minuut/minuten, 29 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 3

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{91F8556B-7E74-B213-F82B-435581C2E15A} (Trojan.ZbotR.Gen) -> Value: {91F8556B-7E74-B213-F82B-435581C2E15A} -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\documents and settings\gebruiker\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Misschien heb je er nog iets aan?

[kape]

Dit geeft al een duidelijk overzicht. Heb je na het gebruik van TDSS-killer de PC al opnieuw opgestart ? En zo ja, is er verandering merkbaar ?

[Rooieborrels]

Alle problemen zijn verholpen en de browsers werken weer prima.

Heel erg bedankt voor jullie hulp! Zonder jullie was het mij zeker niet gelukt.

Hebben jullie nog tips m.b.t het voorkomen van dit soort problemen? Ik gebruik nu bijv. Avira maar is AVG misschien beter?

[kweezie wabbit]

Mooi zo. Dan kunnen we nu de gebruikte tools opruimen.

Verwijder TDSSkiller.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner. (Als je het nog niet hebt)

Let op bij de installatie.

Haal beide vinkjes weg bij de vraag over de Chrome browser.

Installeer het en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Bevestigen met JA of OK

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, lees dan deze handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar kunnen besmette herstelpunten tussen zitten die je zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen".

Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

Als je tevreden bent van Avira zou ik daarbij blijven.

Tips om dit soort problemen te voorkomen?

1. Gebruik je gezond verstand.
   
2. Hou je virusscanner up-to-date en scan ook regelmatig op malware.
   
3. Lees aandachtig de meldingen alvorens op "ja" of "OK" te klikken.
   
4. Bij installaties moet altijd de meegeleverde toolbars uitvinken. Je hebt die echt niet nodig en meestal zorgen die achteraf voor problemen omdat er veiligheidslekken in zitten.