Onderwerp: Help, virus in: C:\WINDOWS\system32\drivers\atapi.sys

Ik liet weer eens m'n computer scannen met AVG en er kwam 1 erg vervelend virus bovenwater. AVG kan dit virus niet verwijderen.
Dit zegt AVG er over:

"Objectnaam";"C:\WINDOWS\system32\drivers\atapi.sys"
"Detectienaam";"Virus herkend Win32/Patched.DX"
"Objecttype";"bestand"
"SDK-type";"Kern"
"Resultaat";"Object staat op de witte lijst (systeemkritisch bestand/systeembestand dat niet verwijderd moet worden)"
"actiehistorie";""

Ik heb Combofix laten draaien, maar ook deze heeft het niet kunnen verwijderen. Dit is het log wat ik terugkreeg:

ComboFix 10-09-01.04 - Stijn 02-09-2010 23:08:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2793 [GMT 2:00]
Gestart vanuit: d:\internet downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Stijn\Local Settings\Application Data\dmshdg\dmshdg.dll
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((( Bestanden Gemaakt van 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))))
.

2010-08-06 10:37 . 2010-08-06 10:37 -------- d-----w- c:\program files\Vstep

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 21:00 . 2010-06-10 21:59 677896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-02 20:59 . 2008-04-03 19:23 -------- d-----w- c:\documents and settings\Stijn\Application Data\BitTorrent
2010-09-02 20:12 . 2008-04-03 19:23 -------- d-----w- c:\program files\BitTorrent
2010-09-02 09:02 . 2008-06-10 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-01 20:19 . 2008-04-07 18:09 -------- d-----w- c:\documents and settings\Stijn\Application Data\Skype
2010-09-01 20:12 . 2010-01-01 23:44 0 ----a-w- c:\documents and settings\Stijn\Local Settings\Application Data\prvlcl.dat
2010-09-01 18:31 . 2007-03-16 19:23 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-01 18:31 . 2007-03-16 13:00 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-01 15:55 . 2008-04-07 18:10 -------- d-----w- c:\documents and settings\Stijn\Application Data\skypePM
2010-08-27 08:35 . 2008-10-05 19:06 -------- d-----w- c:\documents and settings\Stijn\Application Data\U3
2010-08-25 10:39 . 2009-11-29 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-21 11:58 . 1979-12-31 23:00 92092 ----a-w- c:\windows\system32\perfc013.dat
2010-08-21 11:58 . 1979-12-31 23:00 512326 ----a-w- c:\windows\system32\perfh013.dat
2010-08-10 11:40 . 2005-08-30 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 07:20 . 2006-01-20 22:25 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2010-07-26 14:52 . 2009-04-25 11:57 -------- d-----r- c:\program files\Skype
2010-07-26 14:52 . 2010-07-26 14:52 -------- d-----w- c:\program files\Common Files\Skype
2010-07-26 14:52 . 2008-04-07 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-17 07:33 . 2009-07-18 18:56 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:33 . 2010-07-17 07:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:32 . 2009-07-18 18:56 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 15:37 . 2005-11-13 16:10 -------- d-----w- c:\program files\Ricochet Xtreme
2010-06-30 12:33 . 1979-12-31 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 1979-12-31 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2004-12-31 15:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 1979-12-31 23:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-20 10:42 . 2005-12-26 14:25 87888 ----a-w- c:\documents and settings\Stijn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 14:03 . 1979-12-31 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-30 16:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 1979-12-31 23:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 18:40 . 479CBD6DBC23ECFBB4DE72C8EA075653 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-14 133104]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-11-09 306088]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2009-08-02 1187840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-8-14 81997]
Statusvenster.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-14 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 07:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Fun TV remote control.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Fun TV remote control.lnk
backup=c:\windows\pss\Fun TV remote control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
2004-03-03 15:49 586856 ----a-w- c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-07-14 14:09 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 17:05 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-18 11:53 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 08:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-10 12:25 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-18 11:40 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-18 21:30 127118 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 17:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-04 16:19 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Documents and Settings\\Stijn\\Bureaublad\\Games\\Commandos 2.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skipp_\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Eidos\\Commandos 2 - Men Of Courage\\comm2.exe"=
"e:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"=
"e:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\World of Warcraft\\Repair.exe"=
"e:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"e:\\Program Files\\Vstep\\ShipSim2008\\QuestViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Stijn\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\1701 ad\\1701-AddOn.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\1701 ad\\1701.exe"=
"e:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"e:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Stijn\\Local Settings\\Apps\\2.0\\HRCG1E84.YD2\\907GADD9.RZ7\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [30-9-2006 13:19 78336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 20:56 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 20:56 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17-7-2010 9:33 308136]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [15-9-2003 19:18 86016]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [18-7-2009 21:21 109168]
S1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys --> c:\windows\system32\drivers\SSHDRV76.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:37 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Stijn\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Stijn\LOCALS~1\Temp\ALSysIO.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18-8-2005 1:00 7168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1-9-2009 18:11 13224]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [8-5-2009 12:18 264576]
S3 Tunx00;FunTV Video Capture;c:\windows\system32\drivers\Tunx00.sys [30-8-2005 21:02 311040]
S3 TxTuner;FunTV TV Tuner;c:\windows\system32\drivers\TxTuner.sys [30-8-2005 21:03 25728]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1-11-2007 17:19 716272]
.
Inhoud van de 'Gedeelde Taken' map

2006-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-10 18:35]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:37]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:37]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164784541-595971623-1539351011-1005Core.job
- c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-14 20:57]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164784541-595971623-1539351011-1005UA.job
- c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-14 20:57]

2010-08-27 c:\windows\Tasks\One Button Checkup van Norton SystemWorks.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-24 10:01]

2010-08-28 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 03:48]

2010-09-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-02-02 13:35]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{2A6B43CC-C0C3-451F-902A-4308E8D73184}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]

2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{5829C0A8-2763-43A1-9213-02BF9CCD62DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Openen in een nieuwe achtergrondtab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?a4dee337db914509a36bb4a0a4dc811f
IE: Openen in een nieuwe voorgrondtab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?a4dee337db914509a36bb4a0a4dc811f
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://89.146.32.96:60000/activex/AMC.cab
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-dmshdg - c:\documents and settings\Stijn\Local Settings\Application Data\dmshdg\dmshdg.dll
HKU-Default-Run-Spyware Doctor - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-igndlm - c:\program files\Download Manager\DLM.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
AddRemove-Need For Speed - Porsche Unleashed - e:\progra~1\ELECTR~1\NEEDFO~1\uninst.log
AddRemove-Swords and Sandals 2 1.1.0 - e:\program files\Fizzy\SwordsSandals2\uninstall.exe
AddRemove-vghd - c:\documents and settings\Stijn\Menu Start\Programma's\VirtuaGirl HD\uninstall.lnk



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-02 23:15
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545AB316-0AC4-DA89-9F4A-DD5760266AA1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajipkflekialdbdma"=hex:6a,61,6e,6e,68,6a,69,6d,6b,68,6f,64,6d,6f,61,6c,67,70,
70,62,00,00
"hahjfdjdefpoafej"=hex:6a,61,6e,6e,69,6a,66,6d,6a,68,6b,68,63,6c,66,65,68,6c,
65,6b,00,1c

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,6b,ba,c2,fb,d9,cd,dc,08,77,73,2e,69,45,dd,95,de,45,16,29,20,f1,14,
82,fb,7e,db,e5,42,d9,cf,7b,15,3e,5c,d0,66,67,be,5e,9d,b3,56,a2,74,5a,21,18,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\SecuROM\License information*]
"datasecu"=hex:c4,15,a7,8d,d3,64,c7,4e,51,3e,97,9d,65,af,79,ff,cc,1a,23,94,47,
34,b9,2e,2f,9c,1f,3d,a3,8a,f6,d4,68,12,d3,32,a7,4a,58,fb,5e,61,07,ea,b1,5d,\
"rkeysecu"=hex:72,66,64,05,bf,6c,c6,c7,04,43,94,a3,e3,8e,39,64

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"31403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(8008)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\brss01a.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Retrospect\Retrospect 7.5\retrorun.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Voltooingstijd: 2010-09-02 23:24:34 - machine werd herstart
ComboFix-quarantined-files.txt 2010-09-02 21:24

Pre-Run: 54.535.491.584 bytes beschikbaar
Post-Run: 82.949.423.104 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F0BC3B965FF228A25C43C21AB8EBC766


Wie kan mij hiermee helpen?
Alvast bedankt.

Stijn

Hoi,

Gaan we eens verder kijken.

Download GMER van één van de volgende locaties, en sla het op je Bureaublad op:

• Primaire downloadlocatie
  Deze mirror zal een random genaamd bestand geven (Aanbevolen)
• Gezipt bestand
  Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.

• Verbreek de verbinding met het internet, en sluit alle open programma's.
• Schakel tijdelijk je real-time beveiligingssoftware uit.
• Dubbelklik op het random vernoemd GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de gmer.sys driver wordt geladen, als dit gevraagd wordt.
• Let op: Als je de gezipte vesie hebt gedownload, pak het bestand dan uit naar een vaste map, zoals bijvoorbeeld C:\gmer en dubbelklik dan op gmer.exe.
  
  
• GMER zal het Rootkit/Malware tabblad openen, en een automatische snelle scan uitvoeren wanneer GMER voor de eerste keer uitgevoerd wordt. (gebruik de computer niet tijdens de scan)
• Als je een WARNING!!! over rootkit activiteit ontvangt, en je wordt gevraagd om je systeem geheel te scannen...klik dan op NO.
• Klik nu op de Scan knop. Als je een rootkit waarschuwingsvenster krijgt, klik dan op OK.
• Klik op de Save... knop als de scan voltooid is, en sla het logbestand op je bureaublad op. Sla het bestand op als gmer.log.
• Klik op de Copy knop en post de log in je volgende bericht.
• Sluit GMER en zet alle real-time protectie weer aan.

-- Als je enige problemen hebt, probeer GMER dan in veilige modus uit te voeren.

Roelof

Op een of andere rare manier werkte mijn wachtwoord niet meer voor PC helper en het nieuwe wachtwoord wat ik kreeg na wachtwoord vergeten doet het ook niet. Dus dan maar een nieuw account gemaakt. Maargoed, ik heb de scan laten uitvoeren en dit kwam er uit:


GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-03 21:05:33
Windows 5.1.2600 Service Pack 3
Running: zk7pe4sw.exe; Driver: C:\DOCUME~1\Stijn\LOCALS~1\Temp\uxdoyfog.sys


---- System - GMER 1.0.15 ----

SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwCreateKey [0xF7315C74]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwCreateProcess [0xF73173CE]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwCreateProcessEx [0xF731756E]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwDeleteKey [0xF7315E94]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwDeleteValueKey [0xF73164E2]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwRenameKey [0xF731600A]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwSetInformationKey [0xF73161DA]
SSDT SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot)) ZwSetValueKey [0xF7316270]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF72E0794]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF55F5000, 0x235F87, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9F74D300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xA3207300, 0x1B7E, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe[2068] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042C624] C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe (Spy Sweeper SDK/Webroot Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\usbstor \Device\0000009b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000008f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Ip SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot))

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbstor \Device\0000009d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000009e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\0000009f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbstor \Device\000000a0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Tcp SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot))

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\nvata \Device\00000090 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\Udp SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot))

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot))

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\nvata \Device\NvAta0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Tcpip \Device\IPMULTICAST SSI.SYS (SpySweeper SSI Driver/Webroot Software (Antivirus Software, Antispyware & Internet Security | Webroot))
Device \Driver\nvata \Device\NvAta1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\NvAta2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000008c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvata \Device\0000008d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x11 0xE5 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x56 0xD1 0xD6 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC4 0x28 0x24 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x11 0xE5 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x56 0xD1 0xD6 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC4 0x28 0x24 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x53 0x11 0xE5 0x8D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x56 0xD1 0xD6 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFE 0x34 0xEE 0xA4 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545AB316-0AC4-DA89-9F4A-DD5760266AA1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545AB316-0AC4-DA89-9F4A-DD5760266AA1}@iajipkflekialdbdma 0x6A 0x61 0x6E 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545AB316-0AC4-DA89-9F4A-DD5760266AA1}@hahjfdjdefpoafej 0x6A 0x61 0x6E 0x6E ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Grt,

Stijn

Hoi,

Gaan we even verder kijken.
Downloadt TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Roelof

Ik heb ook deze scan laten draaien en hij gaf in het begin aan dat hij de infectie zag, de scan ging heel snel. Daarna moest het systeem opnieuw worden opgestart en daarna heb ik de scan nog een keer laten draaien. Hij vond geen infecties meer. Dit is het log:

2010/09/05 14:47:33.0437 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/05 14:47:33.0437 ================================================================================
2010/09/05 14:47:33.0437 SystemInfo:
2010/09/05 14:47:33.0437
2010/09/05 14:47:33.0437 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/05 14:47:33.0437 Product type: Workstation
2010/09/05 14:47:33.0437 ComputerName: OLIDATA_PC
2010/09/05 14:47:33.0437 UserName: Stijn
2010/09/05 14:47:33.0437 Windows directory: C:\WINDOWS
2010/09/05 14:47:33.0437 System windows directory: C:\WINDOWS
2010/09/05 14:47:33.0437 Processor architecture: Intel x86
2010/09/05 14:47:33.0437 Number of processors: 1
2010/09/05 14:47:33.0437 Page size: 0x1000
2010/09/05 14:47:33.0437 Boot type: Normal boot
2010/09/05 14:47:33.0437 ================================================================================
2010/09/05 14:47:33.0625 Initialize success
2010/09/05 14:47:58.0031 ================================================================================
2010/09/05 14:47:58.0031 Scan started
2010/09/05 14:47:58.0031 Mode: Manual;
2010/09/05 14:47:58.0031 ================================================================================
2010/09/05 14:47:58.0281 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/05 14:47:58.0343 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/05 14:47:58.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/05 14:47:58.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/05 14:47:58.0750 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/09/05 14:47:59.0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/05 14:47:59.0250 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
2010/09/05 14:47:59.0281 ASUSVRC (94442e3029ff6c9f08140fe6718af4f C:\WINDOWS\system32\DRIVERS\AsusVRC.sys
2010/09/05 14:47:59.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/05 14:47:59.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/05 14:47:59.0546 ati2mtag (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/05 14:47:59.0609 atksgt (3c4b9850a2631c2263507400d029057 C:\WINDOWS\system32\DRIVERS\atksgt.sys
2010/09/05 14:47:59.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/05 14:47:59.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/05 14:47:59.0734 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/09/05 14:47:59.0796 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/09/05 14:47:59.0828 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/09/05 14:47:59.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/05 14:47:59.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/05 14:47:59.0953 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/05 14:47:59.0984 Cdaudio (c1b486a7658353d33a10cc15211a873 C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/05 14:48:00.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/05 14:48:00.0031 cdrbsvsd (80ac946628de5deab071474e30d7a071) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2010/09/05 14:48:00.0062 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/05 14:48:00.0187 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2010/09/05 14:48:00.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/05 14:48:00.0328 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/05 14:48:00.0406 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/05 14:48:00.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/05 14:48:00.0515 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/05 14:48:00.0562 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/05 14:48:00.0609 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
2010/09/05 14:48:00.0656 EIO_XP (88b5b982d702cd81874731cecf6ba4d C:\WINDOWS\system32\drivers\EIO_XP.sys
2010/09/05 14:48:00.0781 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2010/09/05 14:48:00.0828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/05 14:48:00.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/05 14:48:00.0937 FileDisk (093913a016845fe257ed9b7fc8e28ed8) C:\WINDOWS\system32\drivers\FileDisk.sys
2010/09/05 14:48:00.0968 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/05 14:48:00.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/05 14:48:01.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/05 14:48:01.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/05 14:48:01.0078 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/05 14:48:01.0109 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/05 14:48:01.0156 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/09/05 14:48:01.0187 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/09/05 14:48:01.0218 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/09/05 14:48:01.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/05 14:48:01.0359 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/09/05 14:48:01.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/05 14:48:01.0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/05 14:48:01.0562 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/05 14:48:01.0640 hwpsgt (a439ebd90afdb1f516c875b9b317832f) C:\WINDOWS\system32\DRIVERS\hwpsgt.sys
2010/09/05 14:48:01.0703 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/05 14:48:01.0750 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys
2010/09/05 14:48:01.0781 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\system32\drivers\ikhlayer.sys
2010/09/05 14:48:01.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/05 14:48:01.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/05 14:48:01.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/05 14:48:01.0937 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/05 14:48:01.0968 IpNat (cc748ea12c6effde940ee98098bf96b C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/05 14:48:02.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/05 14:48:02.0046 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/05 14:48:02.0078 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/05 14:48:02.0109 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
2010/09/05 14:48:02.0156 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
2010/09/05 14:48:02.0187 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
2010/09/05 14:48:02.0218 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
2010/09/05 14:48:02.0250 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
2010/09/05 14:48:02.0281 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/05 14:48:02.0312 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/05 14:48:02.0343 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/05 14:48:02.0375 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/05 14:48:02.0437 lemsgt (057da656166893842dd401c25a058c4e) C:\WINDOWS\system32\DRIVERS\lemsgt.sys
2010/09/05 14:48:02.0468 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2010/09/05 14:48:02.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/05 14:48:02.0578 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/05 14:48:02.0625 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/05 14:48:02.0640 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/05 14:48:02.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/05 14:48:02.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/05 14:48:02.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/05 14:48:02.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/05 14:48:02.0890 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/05 14:48:02.0921 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/05 14:48:02.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/05 14:48:02.0984 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/05 14:48:03.0031 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/05 14:48:03.0062 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/05 14:48:03.0125 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4 C:\WINDOWS\system32\drivers\MxlW2k.sys
2010/09/05 14:48:03.0156 NABTSFEC (5b50f1b2a2ed47d560577b221da734d C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/05 14:48:03.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/05 14:48:03.0265 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/05 14:48:03.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/05 14:48:03.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/05 14:48:03.0343 NdisWan (edc1531a49c80614b2cfda43ca8659a C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/05 14:48:03.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/05 14:48:03.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/05 14:48:03.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/05 14:48:03.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/05 14:48:03.0546 NPDriver (f5812bcacbfdcfa9b8e849084d15a9e9) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
2010/09/05 14:48:03.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/05 14:48:03.0609 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/05 14:48:03.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/05 14:48:03.0906 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/05 14:48:04.0125 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/09/05 14:48:04.0156 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
2010/09/05 14:48:04.0187 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/05 14:48:04.0218 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/09/05 14:48:04.0281 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/05 14:48:04.0328 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
2010/09/05 14:48:04.0375 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
2010/09/05 14:48:05.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/05 14:48:05.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/05 14:48:05.0328 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/09/05 14:48:05.0343 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/09/05 14:48:05.0375 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/09/05 14:48:05.0406 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/05 14:48:05.0437 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/05 14:48:05.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/05 14:48:05.0500 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/05 14:48:05.0531 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
2010/09/05 14:48:05.0562 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/05 14:48:05.0609 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/09/05 14:48:05.0625 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/05 14:48:05.0781 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/09/05 14:48:05.0843 Point32 (b4f59a953ef9e507f0d00c3a68580b8 C:\WINDOWS\system32\DRIVERS\point32.sys
2010/09/05 14:48:05.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/05 14:48:05.0906 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/05 14:48:05.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/05 14:48:05.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/05 14:48:06.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/05 14:48:06.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/05 14:48:06.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/05 14:48:06.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/05 14:48:06.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/05 14:48:06.0203 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/05 14:48:06.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/05 14:48:06.0296 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/05 14:48:06.0390 RT2500 (e67493848b31f7f9123b6bbf6b2ad1b2) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2010/09/05 14:48:06.0453 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
2010/09/05 14:48:06.0531 SDdriver (491f052b8f1e05b396d15ec9bf36565a) C:\WINDOWS\system32\Drivers\sddriver.sys
2010/09/05 14:48:06.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/05 14:48:06.0625 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/05 14:48:06.0640 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/05 14:48:06.0687 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2010/09/05 14:48:06.0718 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2010/09/05 14:48:06.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/05 14:48:06.0750 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
2010/09/05 14:48:06.0812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/05 14:48:06.0875 SoC PC-Camera Service (105531f39b6f85bb0a025182d8d8c37 C:\WINDOWS\system32\DRIVERS\pfc027.sys
2010/09/05 14:48:06.0921 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/09/05 14:48:06.0968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/05 14:48:07.0046 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/05 14:48:07.0093 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/05 14:48:07.0156 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/05 14:48:07.0234 SSI (9910b19fed16e3e073d48efc4422f29c) C:\WINDOWS\system32\Drivers\SSI.SYS
2010/09/05 14:48:07.0265 StillCam (bf8aa066bb0398ddcbc9573153d39b8c) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/09/05 14:48:07.0296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/05 14:48:07.0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/05 14:48:07.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/05 14:48:07.0500 SymEvent (84ddd3d1aee15466b38195c4d22a8194) C:\Program Files\Symantec\SYMEVENT.SYS
2010/09/05 14:48:07.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/05 14:48:07.0656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/05 14:48:07.0718 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/05 14:48:07.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/05 14:48:07.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/05 14:48:07.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/05 14:48:07.0875 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/05 14:48:07.0937 Tunx00 (bebaea2d131d82420e0321b1230b44d7) C:\WINDOWS\system32\DRIVERS\Tunx00.sys
2010/09/05 14:48:08.0015 TVICHW32 (e266683fc95abdec17cd378564e1b54 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/09/05 14:48:08.0046 TxTuner (6502b4cc339c7009b1fbbfacb9f0ab4c) C:\WINDOWS\system32\DRIVERS\TxTuner.sys
2010/09/05 14:48:08.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/05 14:48:08.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/05 14:48:08.0187 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/05 14:48:08.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/05 14:48:08.0265 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/05 14:48:08.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/05 14:48:08.0359 usbohci (0daecce65366ea32b162f85f07c6753 C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/05 14:48:08.0406 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/05 14:48:08.0437 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/05 14:48:08.0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/05 14:48:08.0531 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/05 14:48:08.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/05 14:48:08.0656 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/05 14:48:08.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/05 14:48:08.0828 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
2010/09/05 14:48:08.0843 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
2010/09/05 14:48:08.0906 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
2010/09/05 14:48:08.0921 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
2010/09/05 14:48:08.0953 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/05 14:48:09.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/05 14:48:09.0046 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/05 14:48:09.0078 WudfRd (28b524262bce6de1f7ef9f510ba3985 C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/05 14:48:09.0156 ================================================================================
2010/09/05 14:48:09.0156 Scan finished
2010/09/05 14:48:09.0156 ================================================================================

Groet,

Stijn

Oke,

Mag ik nu eens een nieuw Combofix logje ?

Roelof

Sorrie voor de late reactie, ik ben een paar dagen afwezig geweest.
Hierbij de nieuwe combofix log:


ComboFix 10-09-12.03 - Stijn 13-09-2010 12:03:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2765 [GMT 2:00]
Gestart vanuit: d:\internet downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-13 to 2010-09-13 ))))))))))))))))))))))))))))))
.

Geen nieuwe bestanden aangemaakt in deze periode

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 09:57 . 2010-06-10 21:59 677896 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-12 19:36 . 2008-04-03 19:23 -------- d-----w- c:\documents and settings\Stijn\Application Data\BitTorrent
2010-09-10 09:13 . 2007-03-16 19:23 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-10 09:13 . 2007-03-16 13:00 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-09 20:03 . 2008-04-07 18:09 -------- d-----w- c:\documents and settings\Stijn\Application Data\Skype
2010-09-09 17:43 . 2008-06-10 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-09 13:48 . 2008-04-07 18:10 -------- d-----w- c:\documents and settings\Stijn\Application Data\skypePM
2010-09-07 18:10 . 2006-01-19 17:49 230454 ----a-w- C:\StiImg.dat
2010-09-05 12:41 . 2009-04-25 11:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 12:41 . 2004-08-03 21:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-09-03 16:28 . 2010-01-01 23:44 0 ----a-w- c:\documents and settings\Stijn\Local Settings\Application Data\prvlcl.dat
2010-09-02 20:12 . 2008-04-03 19:23 -------- d-----w- c:\program files\BitTorrent
2010-08-27 08:35 . 2008-10-05 19:06 -------- d-----w- c:\documents and settings\Stijn\Application Data\U3
2010-08-25 10:39 . 2009-11-29 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-21 11:58 . 1979-12-31 23:00 92092 ----a-w- c:\windows\system32\perfc013.dat
2010-08-21 11:58 . 1979-12-31 23:00 512326 ----a-w- c:\windows\system32\perfh013.dat
2010-08-10 11:40 . 2005-08-30 16:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 10:37 . 2010-08-06 10:37 -------- d-----w- c:\program files\Vstep
2010-08-03 07:20 . 2006-01-20 22:25 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2010-07-26 14:52 . 2009-04-25 11:57 -------- d-----r- c:\program files\Skype
2010-07-26 14:52 . 2010-07-26 14:52 -------- d-----w- c:\program files\Common Files\Skype
2010-07-26 14:52 . 2008-04-07 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-17 07:33 . 2009-07-18 18:56 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:33 . 2010-07-17 07:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:32 . 2009-07-18 18:56 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 15:37 . 2005-11-13 16:10 -------- d-----w- c:\program files\Ricochet Xtreme
2010-06-30 12:33 . 1979-12-31 23:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:19 . 1979-12-31 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:19 . 2004-12-31 15:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:19 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 1979-12-31 23:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 23:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-20 10:42 . 2005-12-26 14:25 87888 ----a-w- c:\documents and settings\Stijn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 14:03 . 1979-12-31 23:00 80384 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-14 133104]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-11-09 306088]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2009-08-02 1187840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-09-09 54424]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-8-14 81997]
Statusvenster.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-14 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 07:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Fun TV remote control.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Fun TV remote control.lnk
backup=c:\windows\pss\Fun TV remote control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
2004-03-03 15:49 586856 ----a-w- c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-07-14 14:09 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 17:05 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-18 11:53 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 08:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-10 12:25 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-18 11:40 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-18 21:30 127118 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 17:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 09:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2004-04-23 13:28 77824 ----a-w- c:\program files\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-04 16:19 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Documents and Settings\\Stijn\\Bureaublad\\Games\\Commandos 2.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\skipp_\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Eidos\\Commandos 2 - Men Of Courage\\comm2.exe"=
"e:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals\\game.dat"=
"e:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\World of Warcraft\\Repair.exe"=
"e:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"e:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"e:\\Program Files\\Vstep\\ShipSim2008\\QuestViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Stijn\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\1701 ad\\1701-AddOn.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\1701 ad\\1701.exe"=
"e:\\Program Files\\2K Games\\BioShock 2\\SP\\Builds\\Binaries\\Bioshock2.exe"=
"e:\\Program Files\\2K Games\\BioShock 2\\MP\\Builds\\Binaries\\Bioshock2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Stijn\\Local Settings\\Apps\\2.0\\HRCG1E84.YD2\\907GADD9.RZ7\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [30-9-2006 13:19 78336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 20:56 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 20:56 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17-7-2010 9:33 308136]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [15-9-2003 19:18 86016]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [18-7-2009 21:21 109168]
S1 SSHDRV76;SSHDRV76;\??\c:\windows\system32\drivers\SSHDRV76.sys --> c:\windows\system32\drivers\SSHDRV76.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:37 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Stijn\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Stijn\LOCALS~1\Temp\ALSysIO.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18-8-2005 1:00 7168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [1-9-2009 18:11 13224]
S3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [8-5-2009 12:18 264576]
S3 Tunx00;FunTV Video Capture;c:\windows\system32\drivers\Tunx00.sys [30-8-2005 21:02 311040]
S3 TxTuner;FunTV TV Tuner;c:\windows\system32\drivers\TxTuner.sys [30-8-2005 21:03 25728]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1-11-2007 17:19 716272]
.
Inhoud van de 'Gedeelde Taken' map

2006-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

2010-09-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-10 18:35]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:37]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:37]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164784541-595971623-1539351011-1005Core.job
- c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-14 20:57]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-164784541-595971623-1539351011-1005UA.job
- c:\documents and settings\Stijn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-14 20:57]

2010-08-27 c:\windows\Tasks\One Button Checkup van Norton SystemWorks.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-24 10:01]

2010-09-03 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 03:48]

2010-09-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-02-02 13:35]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{2A6B43CC-C0C3-451F-902A-4308E8D73184}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{5829C0A8-2763-43A1-9213-02BF9CCD62DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0000.1082\nl-nl\msntb.dll/search.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Openen in een nieuwe achtergrondtab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/229?a4dee337db914509a36bb4a0a4dc811f
IE: Openen in een nieuwe voorgrondtab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\nl-nl\msntabres.dll/230?a4dee337db914509a36bb4a0a4dc811f
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://89.146.32.96:60000/activex/AMC.cab
.
- - - - ORPHANS VERWIJDERD - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-13 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545AB316-0AC4-DA89-9F4A-DD5760266AA1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajipkflekialdbdma"=hex:6a,61,6e,6e,68,6a,69,6d,6b,68,6f,64,6d,6f,61,6c,67,70,
70,62,00,00
"hahjfdjdefpoafej"=hex:6a,61,6e,6e,69,6a,66,6d,6a,68,6b,68,63,6c,66,65,68,6c,
65,6b,00,1c

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:79,6b,ba,c2,fb,d9,cd,dc,08,77,73,2e,69,45,dd,95,de,45,16,29,20,f1,14,
82,fb,7e,db,e5,42,d9,cf,7b,15,3e,5c,d0,66,67,be,5e,9d,b3,56,a2,74,5a,21,18,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-164784541-595971623-1539351011-1005\Software\SecuROM\License information*]
"datasecu"=hex:c4,15,a7,8d,d3,64,c7,4e,51,3e,97,9d,65,af,79,ff,cc,1a,23,94,47,
34,b9,2e,2f,9c,1f,3d,a3,8a,f6,d4,68,12,d3,32,a7,4a,58,fb,5e,61,07,ea,b1,5d,\
"rkeysecu"=hex:72,66,64,05,bf,6c,c6,c7,04,43,94,a3,e3,8e,39,64

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"31403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&2411e6fe&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\WRLogonNTF.dll
.
Voltooingstijd: 2010-09-13 12:10:18
ComboFix-quarantined-files.txt 2010-09-13 10:10
ComboFix2.txt 2010-09-02 21:24

Pre-Run: 91.446.276.096 bytes beschikbaar
Post-Run: 92.430.917.632 bytes beschikbaar

- - End Of File - - CAFCB88757F3225FB6D7B3797A8C1A67


Groet,

Stijn

Oke,

Hoe is het nu met de problemen ?

Roelof

Ik heb AVG nog een keer laten scannen maar hij vind geen virus meer. Het lijkt er dus op dat het virus weg is. In dat geval wil ik u heel erg bedanken voor uw tijd en hulp. Als ik ooit nog eens problemen krijg dan weet ik iig waar ik terecht kan. Heel erg bedankt.


Stijn

Oke,

Dan ruimen we op.

Download OTC.exe (by OldTimer)

• Plaats het bestand op je bureaublad.
• Zorg dat er een internetverbinding is.
• Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
• Klik nu op de knop "CleanUp!"
• Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
• OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

Roelof