Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

Problemen met account beveiliging

Pagina: 1
Acties:

woensdag 8 december 2010 14:49

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Beste mede-tweakers,

allereerst mijn excuses voor de wat vage topic titel maar ik weet niet precies hoe ik het anders moest omschrijven. Afgelopen donderdag kwam ik er achter dat ik niet meer kon inloggen op mijn MSN/Windows Live omdat het wachtwoord niet juist was. Na het eindeloos opnieuw geprobeerd te hebben, ben ik tot de conclusie gekomen dat mijn wachtwoord wel veranderd moest zijn door deze of gene. Later bleek dit ook het geval te zijn met mijn Battle.net account en mijn Steam account.

Toen heb ik bij het Windows Live Solution Center het formulier ingevuld voor account-validatie. Na 6 dagen heb ik eindelijk een wachtwoord reset link toegestuurd gekregen op een alternatief adres. Toen heb ik m'n wachtwoord gereset zodat ik weer op m'n email account kon, en van daar uit ook weer nieuwe wachtwoorden voor Battle.net laten mailen. Toen dacht ik dat het probleem was opgelost. Maar nu zijn binnen 12 uur na het resetten van de wachtwoorden mijn wachtwoorden weer veranderd.

Ik weet echt niet hoe dit mogelijk is. Niemand heeft verder toegang tot mijn accounts. Ik heb m'n computer nu al zo'n 10 gescanned met de volgende programma's:

-Hitman Pro
-Malwarebytes' Anti-Malware
-McAfee Stinger
-NOD32
-Combofix

Geen van alle programma's heeft iets gevonden. (al ben ik niet zo'n held in het uitlezen van Combofix logs)

Zou iemand mij alsjeblieft kunnen helpen met het opsporen van het lek in mijn beveiliging. Want ik ben ten einde raad.

woensdag 8 december 2010 15:49

Acties:
  • Erwinvz1
  • Registratie: Oktober 2003
  • Laatst online: 18-11 11:47

Erwinvz1

Geheime vraag+antwoord zijn zeker nog hetzelfde bij msn??

woensdag 8 december 2010 19:31

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Bedankt voor de snelle reactie Erwin. Dat heb ik inderdaad over het hoofd gezien. Alleen het antwoord op de vraag is iets dat niet voor de hand ligt, dus ik vraag me af hoe hij daar achter gekomen zou zijn. Echter denk ik niet dat hij m'n account op die manier gekraakt heeft, want oom m'n Steam & Batte.net accounts zijn gehacked en die hebben een andere vraag en een ander antwoord.

Ook m'n nieuwe adres dat ik aangemaakt had voor correspondentie met MS over m'n adres is gekraakt, en die beschikt niet eens over een geheime vraag.

woensdag 8 december 2010 19:35

Acties:

Verwijderd

Dat die programma's niks gevonden hebben wil niet zeggen dat er niks zit. Ik zou je OS eens opnieuw installeren.

woensdag 8 december 2010 20:20

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Nee dat dacht ik dus ook. Alleen hoopte ik een complete reinstall te vermijden. Maar als het niet anders is dan is het niet.

woensdag 8 december 2010 20:20

Acties:
  • Erwinvz1
  • Registratie: Oktober 2003
  • Laatst online: 18-11 11:47

Erwinvz1

Roderick24 schreef op woensdag 08 december 2010 @ 19:31:
Bedankt voor de snelle reactie Erwin. Dat heb ik inderdaad over het hoofd gezien. Alleen het antwoord op de vraag is iets dat niet voor de hand ligt, dus ik vraag me af hoe hij daar achter gekomen zou zijn. Echter denk ik niet dat hij m'n account op die manier gekraakt heeft, want oom m'n Steam & Batte.net accounts zijn gehacked en die hebben een andere vraag en een ander antwoord.

Ook m'n nieuwe adres dat ik aangemaakt had voor correspondentie met MS over m'n adres is gekraakt, en die beschikt niet eens over een geheime vraag.
Lijkt erop dat je dik virus nog hebt dus.

Ik denk dat het virus zich goed wapend tegen die tools/scanners.


Heb je ook tools als RootkitRealer gedraait??: (denk dat je XP draait)
http://technet.microsoft....ysinternals/bb897445.aspx

Het kan best dat het een hxdef techniek is, dan kan een virusscanner hem niet snel pakken.

woensdag 8 december 2010 23:40

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Dank je Erwin. Naar dit soort tips was ik op zoek. Ik ga je RootkitRealer zsm draaien in de hoop dat hij wat vindt, en dan zal ik de resultaten hier posten.

donderdag 9 december 2010 11:54

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Ik heb gisteren avond RootkitRealer gedraaid en hij had maar liefst 106 dingen gevonden. Ik kan eventuele screenshots/logs wel posten maar ik weet niet of iemand daar iets aan heeft. De vraag is, hoe verwijder/herstel ik deze entries in het register?

donderdag 9 december 2010 12:09

Acties:
  • Erwinvz1
  • Registratie: Oktober 2003
  • Laatst online: 18-11 11:47

Erwinvz1

Roderick24 schreef op donderdag 09 december 2010 @ 11:54:
Ik heb gisteren avond RootkitRealer gedraaid en hij had maar liefst 106 dingen gevonden. Ik kan eventuele screenshots/logs wel posten maar ik weet niet of iemand daar iets aan heeft. De vraag is, hoe verwijder/herstel ik deze entries in het register?
Post ze gewoon de logs.
Bij herkenning kunnen we mogelijk de oplossing geven.
Het kan per Entrie namelijk verschillend zijn wat de oplossing is.

donderdag 9 december 2010 12:33

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
HKU\S-1-5-21-796845957-823518204-1801674531-1004\Console 8-12-2010 14:09 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 4-11-2010 12:05 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4-11-2010 12:05 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Swearware\backup\winsock2 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 8-12-2010 13:51 0 bytes Security mismatch.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 27-11-2010 17:53 0 bytes Access is denied.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher \cache 14-11-2010 13:47 0 bytes Hidden from Windows API.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher \logs 14-11-2010 13:47 0 bytes Hidden from Windows API.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher \settings 14-11-2010 13:47 0 bytes Hidden from Windows API.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher \temporary 14-11-2010 13:47 0 bytes Hidden from Windows API.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher\cache 14-11-2010 13:47 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher\logs 14-11-2010 13:47 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher\settings 14-11-2010 13:47 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Roderick\Application Data\Sports Interactive\Installer Launcher\temporary 14-11-2010 13:47 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\02BF61D0d01 8-12-2010 23:46 81.20 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\0361D01Ad01 8-12-2010 23:55 42.58 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\087BAFA9d01 8-12-2010 23:46 50.54 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\0E3AD4D4d01 8-12-2010 23:46 48.68 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\1689A0A7d01 8-12-2010 23:46 20.54 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\20D399D8d01 8-12-2010 23:43 34.60 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\3151E876d01 8-12-2010 23:43 67.58 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\31B764DEd01 8-12-2010 23:43 47.46 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\353075C1d01 8-12-2010 23:53 28.50 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\369CD96Bd01 8-12-2010 23:46 26.02 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\3852B65Cd01 8-12-2010 23:43 56.83 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\391AD9EDd01 8-12-2010 23:43 47.35 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\3A3F41DCd01 8-12-2010 23:43 51.93 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\3CB8103Bd01 8-12-2010 23:43 16.75 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\3F18BFA5d01 8-12-2010 23:43 42.52 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\44937C2Dd01 8-12-2010 23:43 53.65 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\4B7DD48Bd01 8-12-2010 23:43 74.09 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\4E3A108Fd01 8-12-2010 23:43 60.54 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\4E6F8CCFd01 8-12-2010 23:43 68.17 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\4F503F00d01 8-12-2010 23:43 40.06 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\51FE9DCBd01 8-12-2010 23:46 19.38 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\575C2A7Cd01 8-12-2010 23:52 83.71 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\5CFBF508d01 8-12-2010 23:43 25.61 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\634A98C4d01 8-12-2010 23:43 57.76 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\653BAD68d01 8-12-2010 23:43 56.91 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\6AB28DC7d01 8-12-2010 23:46 19.61 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\6C234994d01 8-12-2010 23:43 29.87 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\7011E801d01 8-12-2010 23:43 41.24 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\714A01CFd01 8-12-2010 23:52 31.37 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\718D5CB0d01 8-12-2010 23:46 170.35 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\73324E2Dd01 8-12-2010 23:46 109.98 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\75F8D11Bd01 8-12-2010 23:55 25.11 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\7626A5C1d01 8-12-2010 23:43 111.82 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\7795669Fd01 8-12-2010 23:43 29.59 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\855B808Ed01 8-12-2010 23:43 26.36 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\85E6F709d01 8-12-2010 23:43 58.33 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\899AE3F6d01 8-12-2010 23:43 119.57 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\8A15FD90d01 8-12-2010 23:52 47.15 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\91F98927d01 8-12-2010 23:46 211.02 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\9425FF2Dd01 8-12-2010 23:53 18.85 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\9540A89Cd01 8-12-2010 23:43 63.06 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\99A46AEEd01 8-12-2010 23:46 97.66 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\A1AB503Cd01 8-12-2010 23:43 22.18 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\A3E5CBD5d01 8-12-2010 23:43 61.97 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\B1B38D54d01 8-12-2010 23:44 4.22 MB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\B7C9F0B0d01 8-12-2010 23:43 53.29 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\BDA6B11Ed01 8-12-2010 23:52 18.63 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\C027393Fd01 8-12-2010 23:43 62.33 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\CB16FC5Dd01 8-12-2010 23:46 20.48 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\CD83550Bd01 8-12-2010 23:43 52.26 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\CE6E2E3Ad01 8-12-2010 23:46 24.10 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\D55CF427d01 8-12-2010 23:43 34.68 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\DD7A6CFDd01 8-12-2010 23:43 23.91 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\DE979BD3d01 8-12-2010 23:53 98.76 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\DEBA9874d01 8-12-2010 23:43 66.06 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\DFF61770d01 8-12-2010 23:52 167.54 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\E4016A78d01 8-12-2010 23:46 158.29 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\E7356200d01 8-12-2010 23:43 64.37 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\E9F4CE0Ed01 8-12-2010 23:47 53.89 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\EB41BCBAd01 8-12-2010 23:46 39.48 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\F0231444d01 8-12-2010 23:43 41.55 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\F115FBB5d01 8-12-2010 23:43 26.58 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\F5A7F16Dd01 8-12-2010 23:43 25.46 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\F937DBC2d01 8-12-2010 23:46 19.29 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\FBEA7326d01 8-12-2010 23:43 166.53 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\FF2DDF96d01 8-12-2010 23:43 32.05 KB Hidden from Windows API.
C:\Documents and Settings\Roderick\Local Settings\Application Data\Mozilla\Firefox\Profiles\87uqv3oo.default\Cache\FF3D350Cd01 8-12-2010 23:43 56.70 KB Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 6-11-2010 3:11 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 6-11-2010 3:11 111.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll 6-11-2010 3:11 8.00 KB Visible in Windows API, but not in MFT or directory index.

Dit is een kopie van de logs van de eerste scan. Bij de 2e scan vind hij echter nog maar 39 dingen.

donderdag 9 december 2010 12:44

Acties:
  • Erwinvz1
  • Registratie: Oktober 2003
  • Laatst online: 18-11 11:47

Erwinvz1

Swearware
Alles met deze naam erin zit mij niet lekker.
Denk dat je in deze richting moet zoeken.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 27-11-2010 17:53 0 bytes Access is denied.
Vind deze sleutel ook wel erg verdacht (access is denied betekend dat hij zich beschermd tegen jou maar waarom? daarom zou dit een rootkit key kunnen zijn,)
Zeker het feit dat na deze datum je passworden gekraakt zijn.


Zal vanavond na werktijd je log nog keer bekijken.

[ Voor 53% gewijzigd door Erwinvz1 op 09-12-2010 12:48 ]

donderdag 9 december 2010 12:51

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Hier de screenshots van de scan die ik 2 minuten geleden heb uitgevoerd. Dit is wat overzichtelijker.

Afbeeldingslocatie: http://img710.imageshack.us/img710/9888/screenshot1gx.jpg

Afbeeldingslocatie: http://img220.imageshack.us/img220/9904/screenshot2ta.jpg

[ Voor 8% gewijzigd door Roderick24 op 09-12-2010 12:52 ]

donderdag 9 december 2010 13:17

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Erwinvz1 schreef op donderdag 09 december 2010 @ 12:44:
Swearware
Alles met deze naam erin zit mij niet lekker.
Denk dat je in deze richting moet zoeken.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 27-11-2010 17:53 0 bytes Access is denied.
Vind deze sleutel ook wel erg verdacht (access is denied betekend dat hij zich beschermd tegen jou maar waarom? daarom zou dit een rootkit key kunnen zijn,)
Zeker het feit dat na deze datum je passworden gekraakt zijn.


Zal vanavond na werktijd je log nog keer bekijken.
Sorry had over je post heen gelezen. Ik ga even zoeken op die namen. Alvast heel erg bedankt voor je hulp!

donderdag 9 december 2010 13:51

Acties:
  • hellknight
  • Registratie: Januari 2003
  • Laatst online: 23:49

hellknight

Medieval Nerd

Hoewel de naam "swearware" verdacht klinkt, zijn die entries niet schadelijk - deze horen bij combofix.

Your lack of planning is not my emergency

donderdag 9 december 2010 14:01

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
hellknight schreef op donderdag 09 december 2010 @ 13:51:
Hoewel de naam "swearware" verdacht klinkt, zijn die entries niet schadelijk - deze horen bij combofix.
Hmm ja dat had ik net ook ergens op een forum gevonden. Ik heb ook spydoctor gedraaid, en deze heeft wel van alles gevonden.

Afbeeldingslocatie: http://img403.imageshack.us/img403/3439/screenshot3f0.jpg

Ik ga dit nu proberen te herstellen.

donderdag 9 december 2010 14:09

Acties:
  • hellknight
  • Registratie: Januari 2003
  • Laatst online: 23:49

hellknight

Medieval Nerd

post anders eens een HijackThis log, daar valt meestal aardig mee te vinden wat er zoal aan rotzooi aanwezig is.

Your lack of planning is not my emergency

donderdag 9 december 2010 14:47

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Zal ik zo eens doen Hellknight. Ik ben nog even bezig met spyware doctor om daar alles mee te verwijderen/herstellen.

donderdag 9 december 2010 15:03

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:57:37, on 9-12-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21293)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools Security\Update.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7453 bytes

donderdag 9 december 2010 16:24

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Na een volledige scan met Spyware Doctor is er niks meer gevonden. Ik zal vanavond nog een keer HijackThis en RootkitRevealer draaien en de logs vergelijken.

donderdag 9 december 2010 20:30

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Hmm rootkit vind nog wel een hoop discrepancies. 40 om precies te zijn, en eigenlijk dezelfde als de vorige keer.

vrijdag 10 december 2010 11:53

Acties:
  • hellknight
  • Registratie: Januari 2003
  • Laatst online: 23:49

hellknight

Medieval Nerd

je Hijackthis log bevat zo te zien geen bijzonderheden.
Probeer anders eens een andere rootkit-scan - GMER - eens kijken wat deze vind

Your lack of planning is not my emergency

vrijdag 10 december 2010 15:05

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
Oke dank je hellknight. Ik ga deze direct draaien.

vrijdag 10 december 2010 16:00

Acties:
  • Roderick24
  • Registratie: Oktober 2007
  • Laatst online: 16-08 16:58

Roderick24

XPS M1710

Topicstarter
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 15:59:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980825AS rev.8.02
Running: i3fgkjdg.exe; Driver: C:\DOCUME~1\Roderick\LOCALS~1\Temp\afrdifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwAssignProcessToJobObject [0xB49ED610]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB4872534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB486C782]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB263B6AE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB4872CC0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB2619A96]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB2619D5E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB4872DF6]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDebugActiveProcess [0xB49EDC10]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB486D398]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB263C04C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB263C3D6]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwDuplicateObject [0xB49ED730]
SSDT spvk.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spvk.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB488D93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB488DB44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB486CFAA]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB263A8EC]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenProcess [0xB49ED4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwOpenThread [0xB49ED570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwProtectVirtualMemory [0xB49ED6D0]
SSDT spvk.sys ZwQueryKey [0xB7ECE20A]
SSDT spvk.sys ZwQueryValueKey [0xB7ECE08A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB263C91A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB488E208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB48720F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB488F2A4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetContextThread [0xB49ED690]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB486D75C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetInformationThread [0xB49ED650]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB488EE12]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB263BA50]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendProcess [0xB49ED510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSuspendThread [0xB49ED590]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB2619506]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwTerminateThread [0xB49ED5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwWriteVirtualMemory [0xB49ED750]

INT 0x62 ? 89C53BF8
INT 0x74 ? 899E7BF8
INT 0x82 ? 89C53BF8
INT 0x84 ? 899E7BF8
INT 0x94 ? 899E7BF8
INT 0xA4 ? 899E7BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [C0, 2C, 87, B4, 96, 9A, 61, ...] {SHR BYTE [EDI+EAX*4], 0xb4; XCHG ESI, EAX; CALL FAR 0xb261:0x9d5eb261}
? spvk.sys Het systeem kan het opgegeven bestand niet vinden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7266360, 0x33AACD, 0xE8000020]
.text USBPORT.SYS!DllUnload B709E8AC 5 Bytes JMP 899E71D8
.text arv77qv3.SYS B6CBD386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text arv77qv3.SYS B6CBD3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text arv77qv3.SYS B6CBD3C4 3 Bytes [00, 80, 02]
.text arv77qv3.SYS B6CBD3C9 1 Byte [30]
.text arv77qv3.SYS B6CBD3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? system32\DRIVERS\ehdrv.sys Het systeem kan het opgegeven pad niet vinden. !
? system32\DRIVERS\epfwtdir.sys Het systeem kan het opgegeven pad niet vinden. !
? system32\DRIVERS\eamon.sys Het systeem kan het opgegeven pad niet vinden. !
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Het systeem kan het opgegeven bestand niet vinden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00FA0001
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[300] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\ctfmon.exe[476] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\ctfmon.exe[476] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[476] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\ctfmon.exe[476] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[476] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[476] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A20F5A
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 003C0001
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\Roderick\Mijn documenten\Downloads\i3fgkjdg.exe[1388] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 01090001
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2020] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2208] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00E50001
.text C:\WINDOWS\system32\wscntfy.exe[2208] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\wscntfy.exe[2208] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\wscntfy.exe[2208] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2208] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\wscntfy.exe[2208] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\rundll32.exe[2552] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\system32\rundll32.exe[2552] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\rundll32.exe[2552] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\rundll32.exe[2552] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2552] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\rundll32.exe[2552] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2560] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\uTorrent\uTorrent.exe[2820] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00D90001
.text C:\Program Files\uTorrent\uTorrent.exe[2820] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A60F5A
.text C:\Program Files\uTorrent\uTorrent.exe[2820] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AF0F5A
.text C:\Program Files\uTorrent\uTorrent.exe[2820] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\uTorrent\uTorrent.exe[2820] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\uTorrent\uTorrent.exe[2820] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A00F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 013E0001
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] user32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] user32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] user32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] user32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A7, 71]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[3164] user32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 719B0F5A
.text C:\Program Files\PC Tools Security\pctsGui.exe[3332] kernel32.dll!CreateThread + 1A 7C7E06F1 4 Bytes CALL 0044BB95 C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Program Files\PC Tools Security\pctsSvc.exe[3516] kernel32.dll!CreateThread + 1A 7C7E06F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Skype\Phone\Skype.exe[3872] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 003C0001
.text C:\Program Files\Skype\Phone\Skype.exe[3872] USER32.dll!ChangeDisplaySettingsExA 7E3A384E 6 Bytes JMP 71A60F5A
.text C:\Program Files\Skype\Phone\Skype.exe[3872] USER32.dll!SetForegroundWindow 7E3A42ED 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[3872] USER32.dll!SetWindowPos 7E3A99F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[3872] USER32.dll!SetWindowPos + 4 7E3A99F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Skype\Phone\Skype.exe[3872] USER32.dll!ChangeDisplaySettingsExW 7E3D95BD 6 Bytes JMP 71A30F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spvk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spvk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spvk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spvk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spvk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spvk.sys
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\arv77qv3.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B4877672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B4875C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B4877CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B48774C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89C521F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys

Device \FileSystem\Fastfat \FatCdrom 885653F0
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 898F01F8
Device \Driver\usbuhci \Device\USBPDO-1 898F01F8
Device \Driver\usbuhci \Device\USBPDO-2 898F01F8
Device \Driver\usbehci \Device\USBPDO-3 899AF3F0
Device \Driver\usbuhci \Device\USBPDO-4 898F01F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BE31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BE31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6C33B951-FDAF-4EF4-9F65-84DD1832F426} 88CD61F8
Device \Driver\Cdrom \Device\CdRom0 898AF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E2EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 898AF1F8
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)
Device \Driver\NetBT \Device\NetBT_Tcpip_{B73B9530-8B1D-45A5-B64D-EF21603762E8} 88CD61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88CD61F8
Device \Driver\NetBT \Device\NetbiosSmb 88CD61F8
Device \Driver\PCI_PNP4834 \Device\0000004c spvk.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\sptd \Device\2153349834 spvk.sys
Device \Driver\usbuhci \Device\USBFDO-0 898F01F8
Device \Driver\usbuhci \Device\USBFDO-1 898F01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896C5500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 898F01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896C5500
Device \Driver\usbuhci \Device\USBFDO-3 898F01F8
Device \Driver\usbehci \Device\USBFDO-4 899AF3F0
Device \Driver\Ftdisk \Device\FtControl 89BE31F8
Device \Driver\arv77qv3 \Device\Scsi\arv77qv31 898AA1F8
Device \Driver\arv77qv3 \Device\Scsi\arv77qv31Port2Path0Target0Lun0 898AA1F8
Device \FileSystem\Fastfat \Fat 885653F0

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89862500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0xD8 0xAE 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0xCA 0xEB 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0xE9 0xF8 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0xD8 0xAE 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x82 0xCA 0xEB 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFF 0xE9 0xF8 0xF2 ...

---- EOF - GMER 1.0.15 ----
Pagina: 1
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq