HELP BOTNET WAARSCHUWING

ricardo

04-04-2012 22:03

en dan nog het logje van combofix
ComboFix 12-04-04.02 - Ricardo 04-04-2012 21:38:48.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6074.4408
Gestart vanuit: c:\users\Ricardo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-04 to 2012-04-04 ))))))))))))))))))))))))))))))
.
.
2012-04-04 19:42 . 2012-04-04 19:42 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-04 19:42 . 2012-04-04 19:42 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-04 15:21 . 2012-04-04 15:21 ——– d—–w- c:\program files (x86)\Conduit
2012-04-04 04:04 . 2012-04-04 04:04 ——– d—–w- c:\program files (x86)\ESET
2012-04-03 03:59 . 2012-04-03 03:59 418464 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 22:31 . 2012-03-29 22:31 ——– d—–w- c:\users\Ricardo\AppData\Roaming\QuickScan
2012-03-29 21:53 . 2012-03-29 21:53 ——– d—–w- c:\users\Ricardo\AppData\Local\KSafe
2012-03-26 18:22 . 2011-03-03 15:59 29288 —-a-w- c:\windows\system32\nvhdap64.dll
2012-03-26 18:22 . 2011-03-03 15:59 174184 —-a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-03-26 18:22 . 2011-03-03 15:59 1359976 —-a-w- c:\windows\system32\nvhdagenco642040.dll
2012-03-26 18:21 . 2012-03-26 18:21 ——– d—–w- c:\programdata\NVIDIA Corporation
2012-03-26 18:20 . 2011-03-10 13:00 8124520 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-26 18:20 . 2011-03-10 13:00 6042008 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-26 18:20 . 2011-03-10 13:00 20487272 —-a-w- c:\windows\system32\nvoglv64.dll
2012-03-26 18:20 . 2011-03-10 13:00 15061400 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-26 18:20 . 2011-03-10 13:00 13014040 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-26 18:20 . 2011-03-10 13:00 12867992 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-03-26 18:20 . 2011-03-10 13:00 10082712 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-26 18:20 . 2011-03-10 13:00 2214296 —-a-w- c:\windows\system32\nvapi64.dll
2012-03-26 18:20 . 2011-03-10 13:00 1979288 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-03-26 18:16 . 2012-03-26 18:16 ——– d—–w- c:\users\Ricardo\AppData\Roaming\KSafe
2012-03-26 18:16 . 2012-03-26 18:16 ——– d—–w- c:\programdata\KSafe
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- C:\KSafeRecycle
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\users\Ricardo\AppData\Roaming\kingsoft
2012-03-26 18:10 . 2012-03-29 22:13 ——– d—–w- c:\programdata\Kingsoft
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\program files (x86)\Kingsoft
2012-03-26 17:30 . 2012-03-26 17:30 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
2012-03-26 17:28 . 2011-03-10 13:00 1612184 —-a-w- c:\windows\system32\nvdispco642090.dll
2012-03-26 17:28 . 2011-03-10 13:00 1357720 —-a-w- c:\windows\system32\nvgenco642040.dll
2012-03-26 17:28 . 2011-03-10 13:00 67176 —-a-w- c:\windows\system32\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 55704 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 2895256 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 3113576 —-a-w- c:\windows\system32\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 2482280 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 4941720 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-26 17:28 . 2011-03-10 13:00 2252904 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 6607976 —-a-w- c:\windows\system32\nvcuda.dll
2012-03-26 17:27 . 2011-03-10 13:00 13011560 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 18577816 —-a-w- c:\windows\system32\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 8984 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\InstallShield Installation Information
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\My Company Name
2012-03-14 06:14 . 2011-11-19 15:20 5559152 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 06:14 . 2011-11-19 14:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:14 . 2011-11-19 14:50 3913584 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:58 . 2012-02-03 04:34 3145728 —-a-w- c:\windows\system32\win32k.sys
2012-03-14 05:57 . 2012-02-10 06:36 1544192 —-a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:57 . 2012-02-10 05:38 1077248 —-a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:57 . 2012-01-25 06:38 77312 —-a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:57 . 2012-01-25 06:38 149504 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:57 . 2012-01-25 06:33 9216 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:57 . 2012-02-17 06:38 1112064 —-a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 05:57 . 2012-02-17 06:38 1031680 —-a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 05:34 826880 —-a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 04:58 210944 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:57 . 2012-02-17 04:57 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:40 . 2012-03-06 22:40 162664 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 03:59 . 2011-06-21 20:39 70304 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-06-22 20:30 8669240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 15:23 . 2011-09-17 14:13 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-10 06:25 . 2012-02-10 06:27 927800 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{819A1657-856E-4B73-961C-4B64A4402053}\gapaengine.dll
2012-02-05 12:05 . 2012-02-05 12:05 61440 —-a-w- c:\windows\SysWow64\drivers\jbna.sys
2012-02-05 11:58 . 2012-02-05 11:58 61440 —-a-w- c:\windows\SysWow64\drivers\muudei.sys
2012-02-05 11:47 . 2012-02-05 11:47 61440 —-a-w- c:\windows\SysWow64\drivers\ttkkco.sys
2012-01-31 15:48 . 2012-01-31 15:48 129024 —-a-w- c:\windows\RegBootClean64.exe
2012-01-31 12:44 . 2011-06-20 20:10 279656 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_17.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-21 18:03 . 2012-04-04 17:55 48212 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 18:20 30514 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-21 18:03 . 2012-04-04 18:20 10940 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1910047367-3864795175-840720451-1000_UserData.bin
+ 2011-06-20 19:52 . 2012-04-04 19:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-20 19:52 . 2012-04-04 19:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 19:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 19:43 . 2012-04-04 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-04 19:43 . 2012-04-04 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-04 17:53 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-04 19:44 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-04-04 17:53 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-04-04 19:44 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2009-07-14 05:01 . 2012-04-04 17:52 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-04 19:43 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-21 19:57 . 2012-04-04 15:33 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-04 19:43 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-04 19:43 37644900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“IncrediMail”=“c:\program files (x86)\IncrediMail\bin\IncMail.exe”
“Messenger (Yahoo!)”=“c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe”
.
“LogitechQuickCamRibbon”=“c:\program files\Logitech\Logitech WebCam Software\LWS.exe”
“KSafeTray”=“c:\program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
@=“Service”
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 KSafeSvc;KSafe service;c:\program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000Core.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000UA.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zeelandnet.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.115.192.100 62.238.255.69
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-04 21:47:19 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-04 19:47
ComboFix2.txt 2012-04-04 17:56
ComboFix3.txt 2012-02-04 14:35
.
Pre-Run: 325.461.782.528 bytes beschikbaar
Post-Run: 325.441.318.912 bytes beschikbaar
.
- - End Of File - - 951A1D1312BDF8CE1C656AA231774ECF
groetjes ricardo
Ben

05-04-2012 09:54

Hallo ricardo,
1. Verplaats het onderstaande bestand vanuit temp naar system32
dus van
c:\windows\TEMP\logishrd\LVPrcInj01.dll
naar
c:\windows\system32\logishrd\LVPrcInj01.dll
2. Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\windows\RegBootClean64.exe
c:\windows\SysWow64\drivers\jbna.sys
c:\windows\SysWow64\drivers\muudei.sys
c:\windows\SysWow64\drivers\ttkkco.sys
Driver::
Jbna
Muudei
ttkkco
Folder::
c:\program files (x86)\Conduit
c:\users\Ricardo\AppData\Local\KSafe
c:\users\Ricardo\AppData\Roaming\KSafe
c:\programdata\KSafe
C:\KSafeRecycle
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.
3. Het onderstaande programma verwijderd ook cracks van games.
Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
• Open de map "EmsisoftEmergencyKit“ en dubbelklik op ”Start.exe"
• Klik nu op "Emergency Kit Scanner“ u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op ”Ja"
• Als de update gereed is en de melding "Update process is succesvol afgerond“ verschijnt klikt u op ”menu“ en dan op ”Scan PC"
• Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
• Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
• Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
•
Opmerking:
Als u deze melding ziet.
C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK
Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".
• Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde“ u zal nu de volgende melding krijgen maar klik hier op ”Ja"
• Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
• Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
• Herstart nu de computer.
4. Plaats hierna de verkregen logjes.
Gr.Ben
Antivirusprikbord
ricardo

05-04-2012 17:27

hoi ben
dat 1e bestand kan ik echt niet vinden heb het ook proberen te zoeken
maar misschien dat het verwijderd is???? is dat erg???
ik ga nu je volgende stappen proberen uit te voeren
ricardo

05-04-2012 17:53

hierbij alvast het logje van combofix
ComboFix 12-04-04.02 - Ricardo 05-04-2012 17:32:07.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6074.4589
Gestart vanuit: c:\users\Ricardo\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ricardo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\RegBootClean64.exe”
“c:\windows\SysWow64\drivers\jbna.sys”
“c:\windows\SysWow64\drivers\muudei.sys”
“c:\windows\SysWow64\drivers\ttkkco.sys”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\KSafeRecycle
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\Conduit\Community Alerts\Alert0.dll
c:\programdata\KSafe
c:\users\Ricardo\AppData\Local\KSafe
c:\users\Ricardo\AppData\Local\KSafe\KClear\Logs\RegClean_2012-03-29.log
c:\users\Ricardo\AppData\Local\KSafe\KClear\Logs\TrackClean_2012-03-29.log
c:\users\Ricardo\AppData\Local\KSafe\KClear\Logs\TrackClean_2012-04-03.log
c:\users\Ricardo\AppData\Local\KSafe\KClear\Logs\TrashClean_2012-03-29.log
c:\users\Ricardo\AppData\Local\KSafe\KClear\Logs\TrashClean_2012-04-03.log
c:\users\Ricardo\AppData\Roaming\KSafe
c:\windows\RegBootClean64.exe
c:\windows\SysWow64\drivers\jbna.sys
c:\windows\SysWow64\drivers\muudei.sys
c:\windows\SysWow64\drivers\ttkkco.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-05 to 2012-04-05 ))))))))))))))))))))))))))))))
.
.
2012-04-05 15:36 . 2012-04-05 15:36 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-05 15:36 . 2012-04-05 15:36 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-04 04:04 . 2012-04-04 04:04 ——– d—–w- c:\program files (x86)\ESET
2012-04-03 03:59 . 2012-04-03 03:59 418464 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 22:31 . 2012-03-29 22:31 ——– d—–w- c:\users\Ricardo\AppData\Roaming\QuickScan
2012-03-26 18:22 . 2011-03-03 15:59 29288 —-a-w- c:\windows\system32\nvhdap64.dll
2012-03-26 18:22 . 2011-03-03 15:59 174184 —-a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-03-26 18:22 . 2011-03-03 15:59 1359976 —-a-w- c:\windows\system32\nvhdagenco642040.dll
2012-03-26 18:21 . 2012-03-26 18:21 ——– d—–w- c:\programdata\NVIDIA Corporation
2012-03-26 18:20 . 2011-03-10 13:00 8124520 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-26 18:20 . 2011-03-10 13:00 6042008 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-26 18:20 . 2011-03-10 13:00 20487272 —-a-w- c:\windows\system32\nvoglv64.dll
2012-03-26 18:20 . 2011-03-10 13:00 15061400 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-26 18:20 . 2011-03-10 13:00 13014040 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-26 18:20 . 2011-03-10 13:00 12867992 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-03-26 18:20 . 2011-03-10 13:00 10082712 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-26 18:20 . 2011-03-10 13:00 2214296 —-a-w- c:\windows\system32\nvapi64.dll
2012-03-26 18:20 . 2011-03-10 13:00 1979288 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\users\Ricardo\AppData\Roaming\kingsoft
2012-03-26 18:10 . 2012-03-29 22:13 ——– d—–w- c:\programdata\Kingsoft
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\program files (x86)\Kingsoft
2012-03-26 17:30 . 2012-03-26 17:30 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
2012-03-26 17:28 . 2011-03-10 13:00 1612184 —-a-w- c:\windows\system32\nvdispco642090.dll
2012-03-26 17:28 . 2011-03-10 13:00 1357720 —-a-w- c:\windows\system32\nvgenco642040.dll
2012-03-26 17:28 . 2011-03-10 13:00 67176 —-a-w- c:\windows\system32\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 55704 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 2895256 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 3113576 —-a-w- c:\windows\system32\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 2482280 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 4941720 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-26 17:28 . 2011-03-10 13:00 2252904 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 6607976 —-a-w- c:\windows\system32\nvcuda.dll
2012-03-26 17:27 . 2011-03-10 13:00 13011560 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 18577816 —-a-w- c:\windows\system32\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 8984 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\InstallShield Installation Information
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\My Company Name
2012-03-14 06:14 . 2011-11-19 15:20 5559152 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 06:14 . 2011-11-19 14:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:14 . 2011-11-19 14:50 3913584 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:58 . 2012-02-03 04:34 3145728 —-a-w- c:\windows\system32\win32k.sys
2012-03-14 05:57 . 2012-02-10 06:36 1544192 —-a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:57 . 2012-02-10 05:38 1077248 —-a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:57 . 2012-01-25 06:38 77312 —-a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:57 . 2012-01-25 06:38 149504 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:57 . 2012-01-25 06:33 9216 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:57 . 2012-02-17 06:38 1112064 —-a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 05:57 . 2012-02-17 06:38 1031680 —-a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 05:34 826880 —-a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 04:58 210944 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:57 . 2012-02-17 04:57 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:40 . 2012-03-06 22:40 162664 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 03:59 . 2011-06-21 20:39 70304 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-06-22 20:30 8669240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-28 15:23 . 2011-09-17 14:13 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-10 06:25 . 2012-02-10 06:27 927800 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{819A1657-856E-4B73-961C-4B64A4402053}\gapaengine.dll
2012-01-31 12:44 . 2011-06-20 20:10 279656 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_17.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-21 18:03 . 2012-04-05 15:08 48324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-05 15:08 30562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-21 18:03 . 2012-04-05 15:08 10988 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1910047367-3864795175-840720451-1000_UserData.bin
+ 2011-06-20 19:52 . 2012-04-05 04:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-20 19:52 . 2012-04-05 04:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-05 04:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-05 15:37 . 2012-04-05 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-05 15:37 . 2012-04-05 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-04 17:53 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-05 15:37 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-04-04 17:53 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-04-05 15:37 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2009-07-14 05:01 . 2012-04-05 15:36 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 17:52 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-21 19:57 . 2012-04-04 15:33 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-04 19:43 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-05 15:36 37691760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“IncrediMail”=“c:\program files (x86)\IncrediMail\bin\IncMail.exe”
“Messenger (Yahoo!)”=“c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe”
.
“LogitechQuickCamRibbon”=“c:\program files\Logitech\Logitech WebCam Software\LWS.exe”
“KSafeTray”=“c:\program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
@=“Service”
.
R0 fdejq;fdejq;c:\windows\system32\drivers\jbna.sys
R0 hqkzp;hqkzp;c:\windows\system32\drivers\ttkkco.sys
R0 loboiv;loboiv;c:\windows\system32\drivers\muudei.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 KSafeSvc;KSafe service;c:\program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000Core.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000UA.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zeelandnet.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.115.192.100 62.238.255.69
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-05 17:41:21 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-05 15:41
ComboFix2.txt 2012-04-04 19:47
ComboFix3.txt 2012-04-04 17:56
ComboFix4.txt 2012-02-04 14:35
.
Pre-Run: 325.195.649.024 bytes beschikbaar
Post-Run: 325.058.899.968 bytes beschikbaar
.
- - End Of File - - 6B197D13F8A2D7AF88F7BB29D1587192
ricardo

05-04-2012 23:03

en bij deze het andere logje
die scan duurde echt heel erg lang
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 5-4-2012 17:58:41
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\, G:\, H:\, I:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 5-4-2012 18:00:17
C:\Program Files (x86)\eMule\emule.exe Ontdekt: Trojan-Dropper.Agent!IK
C:\Users\Ricardo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e3062d9-5ad10fd2/suphthauuwc\gnpgnyekeqblk.class Ontdekt: Exploit.Java.CVE!IK
C:\Users\Ricardo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\d96da7b-65d84782/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Ontdekt: JAVA.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.0.50a.Razorback3.Next.Generation.v5.32.Mod-Binary.(fast.and.xtreme).zip/emule.exe Ontdekt: Trojan-Dropper.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.v0.50a.Razorback3.Next.Generation.v5.32.installer.exe/$INSTDIR\emule.exe Ontdekt: Trojan-Dropper.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.v0.50a.Razorback3.Next.Generation.v5.32.installer.exe/emule.exe Ontdekt: Trojan-Dropper.Agent!IK
Gescand
Bestanden: 269629
Sporen: 406988
Cookies: 204
Processen: 52
Gevonden
Bestanden: 7
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 5-4-2012 23:00:21
Scantijd: 5:00:04
C:\Users\Ricardo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\d96da7b-65d84782/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Verwijderd JAVA.Agent!IK
C:\Users\Ricardo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e3062d9-5ad10fd2/suphthauuwc\gnpgnyekeqblk.class Verwijderd Exploit.Java.CVE!IK
C:\Program Files (x86)\eMule\emule.exe Verwijderd Trojan-Dropper.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.0.50a.Razorback3.Next.Generation.v5.32.Mod-Binary.(fast.and.xtreme).zip/emule.exe Verwijderd Trojan-Dropper.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.v0.50a.Razorback3.Next.Generation.v5.32.installer.exe/$INSTDIR\emule.exe Verwijderd Trojan-Dropper.Agent!IK
C:\Users\Ricardo\Downloads\eMule\Incoming\eMule.v0.50a.Razorback3.Next.Generation.v5.32.installer.exe/emule.exe Verwijderd Trojan-Dropper.Agent!IK
Verwijderd
Bestanden: 6
Sporen: 0
Cookies: 0
Ben

06-04-2012 08:39

Hallo ricardo,
We gaan goed zo.
1. Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\windows\system32\drivers\jbna.sys
c:\windows\system32\drivers\ttkkco.sys
c:\windows\system32\drivers\muudei.sys
Driver::
fdejq
hqkzp
loboiv
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord.
2. Download DDS en bewaar het op je bureaublad.
(Schakel programma's uit die het scripts blokkeren, zoals je Antivirus indien je problemen tijdens het uitvoeren ondervindt.)
Dubbelklik op dds.scr om de tool te starten.
Na het voltooien van de scan worden 2 tekstbestanden geopend :
DDS.txt en
Attach.txt
Sla beide tekstbestanden op op je bureaublad, waarna je het “D.D.S. - How to post the logs” venstertje mag sluiten door op OK te klikken..
=> Kopieer en plak ENKEL het DDS.txt log in je volgende post. (Het Attach.txt log post je enkel indien een Helper je hierom expliciet vraagt !!)
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
3. Plaats nu:
Combofix.txt
DDS.txt
Gr.Ben
Antivirusprikbord
ricardo

06-04-2012 16:34

hoi ben
hierbij het logje van combofix
ComboFix 12-04-04.02 - Ricardo 06-04-2012 16:21:40.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6074.4525
Gestart vanuit: c:\users\Ricardo\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ricardo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\system32\drivers\jbna.sys”
“c:\windows\system32\drivers\muudei.sys”
“c:\windows\system32\drivers\ttkkco.sys”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_fdejq
——-\Service_hqkzp
——-\Service_loboiv
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))
.
.
2012-04-06 14:25 . 2012-04-06 14:25 ——– d—–w- c:\users\Public\AppData\Local\temp
2012-04-06 14:25 . 2012-04-06 14:25 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-04-05 20:03 . 2012-03-14 03:27 8669240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86487FDC-8DD6-4E2E-A561-764EAE4177ED}\mpengine.dll
2012-04-05 17:51 . 2012-04-05 17:51 ——– d—–w- C:\KSafeRecycle
2012-04-05 15:47 . 2012-04-05 15:47 ——– d—–w- c:\users\Ricardo\AppData\Roaming\KSafe
2012-04-05 15:47 . 2012-04-05 15:47 ——– d—–w- c:\programdata\KSafe
2012-04-04 04:04 . 2012-04-04 04:04 ——– d—–w- c:\program files (x86)\ESET
2012-04-03 03:59 . 2012-04-03 03:59 418464 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 22:31 . 2012-03-29 22:31 ——– d—–w- c:\users\Ricardo\AppData\Roaming\QuickScan
2012-03-26 18:22 . 2011-03-03 15:59 29288 —-a-w- c:\windows\system32\nvhdap64.dll
2012-03-26 18:22 . 2011-03-03 15:59 174184 —-a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-03-26 18:22 . 2011-03-03 15:59 1359976 —-a-w- c:\windows\system32\nvhdagenco642040.dll
2012-03-26 18:21 . 2012-03-26 18:21 ——– d—–w- c:\programdata\NVIDIA Corporation
2012-03-26 18:20 . 2011-03-10 13:00 8124520 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-26 18:20 . 2011-03-10 13:00 6042008 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-26 18:20 . 2011-03-10 13:00 20487272 —-a-w- c:\windows\system32\nvoglv64.dll
2012-03-26 18:20 . 2011-03-10 13:00 15061400 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-26 18:20 . 2011-03-10 13:00 13014040 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-26 18:20 . 2011-03-10 13:00 12867992 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-03-26 18:20 . 2011-03-10 13:00 10082712 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-26 18:20 . 2011-03-10 13:00 2214296 —-a-w- c:\windows\system32\nvapi64.dll
2012-03-26 18:20 . 2011-03-10 13:00 1979288 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\users\Ricardo\AppData\Roaming\kingsoft
2012-03-26 18:10 . 2012-03-29 22:13 ——– d—–w- c:\programdata\Kingsoft
2012-03-26 18:10 . 2012-03-26 18:10 ——– d—–w- c:\program files (x86)\Kingsoft
2012-03-26 17:30 . 2012-03-26 17:30 ——– d—–w- c:\program files (x86)\NVIDIA Corporation
2012-03-26 17:28 . 2011-03-10 13:00 1612184 —-a-w- c:\windows\system32\nvdispco642090.dll
2012-03-26 17:28 . 2011-03-10 13:00 1357720 —-a-w- c:\windows\system32\nvgenco642040.dll
2012-03-26 17:28 . 2011-03-10 13:00 67176 —-a-w- c:\windows\system32\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 55704 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-26 17:28 . 2011-03-10 13:00 2895256 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 3113576 —-a-w- c:\windows\system32\nvcuvid.dll
2012-03-26 17:28 . 2011-03-10 13:00 2482280 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 4941720 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-26 17:28 . 2011-03-10 13:00 2252904 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-26 17:28 . 2011-03-10 13:00 6607976 —-a-w- c:\windows\system32\nvcuda.dll
2012-03-26 17:27 . 2011-03-10 13:00 13011560 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 18577816 —-a-w- c:\windows\system32\nvcompiler.dll
2012-03-26 17:27 . 2011-03-10 13:00 8984 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\InstallShield Installation Information
2012-03-18 20:07 . 2012-03-18 20:07 ——– d—–w- c:\program files (x86)\My Company Name
2012-03-14 06:14 . 2011-11-19 15:20 5559152 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 06:14 . 2011-11-19 14:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:14 . 2011-11-19 14:50 3913584 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 05:58 . 2012-02-03 04:34 3145728 —-a-w- c:\windows\system32\win32k.sys
2012-03-14 05:57 . 2012-02-10 06:36 1544192 —-a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:57 . 2012-02-10 05:38 1077248 —-a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 05:57 . 2012-01-25 06:38 77312 —-a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 05:57 . 2012-01-25 06:38 149504 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 05:57 . 2012-01-25 06:33 9216 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 05:57 . 2012-02-17 06:38 1112064 —-a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 05:57 . 2012-02-17 06:38 1031680 —-a-w- c:\windows\system32\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 05:34 826880 —-a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 05:57 . 2012-02-17 04:58 210944 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:57 . 2012-02-17 04:57 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 03:59 . 2011-06-21 20:39 70304 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-06-22 20:30 8669240 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 22:40 . 2012-03-06 22:40 162664 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-28 15:23 . 2011-09-17 14:13 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-10 06:25 . 2012-02-10 06:27 927800 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{819A1657-856E-4B73-961C-4B64A4402053}\gapaengine.dll
2012-01-31 12:44 . 2011-06-20 20:10 279656 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_17.53.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-21 18:03 . 2012-04-06 13:45 48412 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-06 13:45 30570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-21 18:03 . 2012-04-06 13:45 11004 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1910047367-3864795175-840720451-1000_UserData.bin
- 2009-07-14 05:30 . 2012-03-26 18:22 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-04-05 21:16 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-06-20 19:52 . 2012-04-06 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-20 19:52 . 2012-04-04 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-20 19:52 . 2012-04-06 14:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 14:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 14:27 . 2012-04-06 14:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 17:53 . 2012-04-04 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 14:27 . 2012-04-06 14:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-04 17:53 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-04-06 14:27 . 2009-04-30 14:00 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-04-04 17:53 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-04-06 14:27 . 2009-04-30 14:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-06-22 12:25 . 2012-04-05 20:02 219964 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-04-06 14:26 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 17:52 389116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-21 19:57 . 2012-04-04 15:33 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-04 19:43 5748563 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-12288.dat
+ 2011-06-21 19:57 . 2012-04-06 14:26 37741486 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1910047367-3864795175-840720451-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“IncrediMail”=“c:\program files (x86)\IncrediMail\bin\IncMail.exe”
.
“LogitechQuickCamRibbon”=“c:\program files\Logitech\Logitech WebCam Software\LWS.exe”
“KSafeTray”=“c:\program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
@=“Service”
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 KSafeSvc;KSafe service;c:\program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000Core.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910047367-3864795175-840720451-1000UA.job
- c:\users\Ricardo\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— x86-64 ———–
.
.
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“combofix”=“c:\combofix\CF16122.3XE”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zeelandnet.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.115.192.100 62.238.255.69
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-06 16:30:33 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-06 14:30
ComboFix2.txt 2012-04-05 15:41
ComboFix3.txt 2012-04-04 19:47
ComboFix4.txt 2012-04-04 17:56
ComboFix5.txt 2012-04-06 14:20
.
Pre-Run: 324.444.737.536 bytes beschikbaar
Post-Run: 324.020.420.608 bytes beschikbaar
.
- - End Of File - - C6CAF6287289C7EBCE0E09AC12294C0F
ricardo

06-04-2012 16:41

hoi ben
ik kon het dds progje niet als administrator uitvoeren wel gewoon normaal??
hierbij de logjes
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ricardo at 16:37:26 on 2012-04-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6074.4463
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.zeelandnet.nl/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
mRun: “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
mRun: “C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe” -autorun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.115.192.100 62.238.255.69
TCP: Interfaces\{72DDA3BF-6266-45F9-B1B8-CE304BDF10FB} : DhcpNameServer = 212.115.192.100 62.238.255.69
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
mRun-x64: “C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe” -autorun
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys –> C:\Windows\system32\DRIVERS\MpFilter.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 KSafeSvc;KSafe service;C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys –> C:\Windows\system32\DRIVERS\LVPr2M64.sys
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys –> C:\Windows\system32\DRIVERS\MpNWMon.sys
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys –> C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys –> C:\Windows\system32\drivers\nvhda64v.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys –> C:\Windows\system32\DRIVERS\lvpopf64.sys
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys –> C:\Windows\system32\drivers\LVUSBS64.sys
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys –> C:\Windows\system32\DRIVERS\lvuvc64.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys –> C:\Windows\system32\drivers\rdpvideominiport.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys –> C:\Windows\system32\drivers\tsusbflt.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-04-06 14:33:20 8669240 —-a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33E4714E-E0AA-4752-9963-A2802661F1B8}\mpengine.dll
2012-04-06 14:32:55 ——– d-sh–w- C:\$RECYCLE.BIN
2012-04-06 04:57:18 ——– d—–w- C:\Users\Ricardo\AppData\Local\{A7FD61A8-01B5-4B61-85D5-353ECD611B2F}
2012-04-05 17:51:30 ——– d—–w- C:\KSafeRecycle
2012-04-05 16:52:25 ——– d—–w- C:\Users\Ricardo\AppData\Local\{9290131F-8E92-4B64-BFF3-332D267263FF}
2012-04-05 16:16:09 ——– d—–w- C:\Users\Ricardo\AppData\Local\{FA39BF00-8E28-4A67-A70D-91799C60051C}
2012-04-05 15:47:15 ——– d—–w- C:\Users\Ricardo\AppData\Roaming\KSafe
2012-04-05 15:47:15 ——– d—–w- C:\ProgramData\KSafe
2012-04-05 15:35:24 ——– d—–w- C:\Users\Ricardo\AppData\Local\{79688E98-4FB4-44CE-AA4B-758536FF0D4F}
2012-04-04 18:22:34 ——– d—–w- C:\Users\Ricardo\AppData\Local\{C70444C7-58A9-4A66-A442-20FB68FF32A4}
2012-04-04 17:48:34 ——– d—–w- C:\Users\Ricardo\AppData\Local\{28795BB4-C64C-4108-9935-D1ABDE35CC69}
2012-04-04 17:45:02 98816 —-a-w- C:\Windows\sed.exe
2012-04-04 17:45:02 518144 —-a-w- C:\Windows\SWREG.exe
2012-04-04 17:45:02 256000 —-a-w- C:\Windows\PEV.exe
2012-04-04 17:45:02 208896 —-a-w- C:\Windows\MBR.exe
2012-04-04 05:10:07 ——– d—–w- C:\Users\Ricardo\AppData\Local\{4C90770F-5814-4A77-8A95-23EE88840895}
2012-04-04 04:04:27 ——– d—–w- C:\Program Files (x86)\ESET
2012-04-03 17:09:32 ——– d—–w- C:\Users\Ricardo\AppData\Local\{67D2DCC5-AF58-4606-9DEA-B71A0E13980C}
2012-04-03 04:16:05 ——– d—–w- C:\Users\Ricardo\AppData\Local\{7BC36A48-A417-491E-9298-AEC8D2619A96}
2012-04-03 03:59:44 418464 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 14:10:28 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8A67FBFB-CDF5-4FE3-B04F-7F5EFE159670}
2012-04-01 20:21:22 ——– d—–w- C:\Users\Ricardo\AppData\Local\{1C429690-21B9-4526-B5C5-EFCE3C9CDC15}
2012-04-01 08:20:55 ——– d—–w- C:\Users\Ricardo\AppData\Local\{7DB4604F-CA42-4676-AF96-760A397F9FB6}
2012-03-31 20:13:09 ——– d—–w- C:\Users\Ricardo\AppData\Local\{D45D5337-B9DA-46B2-9FDD-4E810EBB00AF}
2012-03-31 06:03:11 ——– d—–w- C:\Users\Ricardo\AppData\Local\{DBD0BE94-ED71-48D2-8162-9428F9C38FCB}
2012-03-30 17:41:25 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8F07CA4E-078B-4C12-9EDD-3FD15188148B}
2012-03-30 04:20:26 ——– d—–w- C:\Users\Ricardo\AppData\Local\{45A0CF96-86D5-45C7-871F-1611C61E42E4}
2012-03-29 22:31:24 ——– d—–w- C:\Users\Ricardo\AppData\Roaming\QuickScan
2012-03-29 15:43:42 ——– d—–w- C:\Users\Ricardo\AppData\Local\{7A808465-A6B1-4B7F-92AD-19CC44ABC498}
2012-03-28 19:04:04 ——– d—–w- C:\Users\Ricardo\AppData\Local\{755FC59D-CD57-4806-BBB0-C75918D294C0}
2012-03-28 19:03:43 ——– d—–w- C:\Users\Ricardo\AppData\Local\{58F8FD6D-B7E4-4CDC-B775-D6D77B2BC133}
2012-03-28 18:58:59 ——– d—–w- C:\Users\Ricardo\AppData\Local\{F95288D5-DBFE-4AF5-B208-3D1A31F4EFB3}
2012-03-28 18:58:49 ——– d—–w- C:\Users\Ricardo\AppData\Local\{66B36B2E-CDF3-46F6-894A-E21BF7C8D1B1}
2012-03-28 06:58:24 ——– d—–w- C:\Users\Ricardo\AppData\Local\{9421679E-3290-47AD-B260-077A52F3BF15}
2012-03-28 06:58:02 ——– d—–w- C:\Users\Ricardo\AppData\Local\{14FAA6F6-2C5B-4E8B-965F-79780E698970}
2012-03-27 12:02:24 ——– d—–w- C:\Users\Ricardo\AppData\Local\{E7022C84-465C-4330-A56C-A4586BE180D1}
2012-03-27 12:02:03 ——– d—–w- C:\Users\Ricardo\AppData\Local\{EDB71F31-8884-48BC-9D4B-6289B2516040}
2012-03-26 18:48:28 ——– d—–w- C:\Users\Ricardo\AppData\Local\{FF542632-042A-42E7-B800-3C160D554BF7}
2012-03-26 18:48:06 ——– d—–w- C:\Users\Ricardo\AppData\Local\{67CE1069-1464-4D61-8B2F-C13C3103E024}
2012-03-26 18:22:40 29288 —-a-w- C:\Windows\System32\nvhdap64.dll
2012-03-26 18:22:40 174184 —-a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-03-26 18:22:40 1359976 —-a-w- C:\Windows\System32\nvhdagenco642040.dll
2012-03-26 18:21:09 ——– d—–w- C:\ProgramData\NVIDIA Corporation
2012-03-26 18:20:40 8124520 —-a-w- C:\Windows\System32\nvwgf2umx.dll
2012-03-26 18:20:39 6042008 —-a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-03-26 18:20:38 20487272 —-a-w- C:\Windows\System32\nvoglv64.dll
2012-03-26 18:20:37 15061400 —-a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-03-26 18:20:36 13014040 —-a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-03-26 18:20:32 12867992 —-a-w- C:\Windows\System32\nvd3dumx.dll
2012-03-26 18:20:31 10082712 —-a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-03-26 18:20:18 2214296 —-a-w- C:\Windows\System32\nvapi64.dll
2012-03-26 18:20:18 1979288 —-a-w- C:\Windows\SysWow64\nvapi.dll
2012-03-26 18:10:36 ——– d—–w- C:\Users\Ricardo\AppData\Roaming\kingsoft
2012-03-26 18:10:33 ——– d—–w- C:\ProgramData\Kingsoft
2012-03-26 18:10:28 ——– d—–w- C:\Program Files (x86)\Kingsoft
2012-03-26 17:30:39 ——– d—–w- C:\Program Files (x86)\NVIDIA Corporation
2012-03-26 17:28:37 1612184 —-a-w- C:\Windows\System32\nvdispco642090.dll
2012-03-26 17:28:36 1357720 —-a-w- C:\Windows\System32\nvgenco642040.dll
2012-03-26 17:28:14 67176 —-a-w- C:\Windows\System32\OpenCL.dll
2012-03-26 17:28:14 55704 —-a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-26 17:28:05 2895256 —-a-w- C:\Windows\SysWow64\nvcuvid.dll
2012-03-26 17:28:04 3113576 —-a-w- C:\Windows\System32\nvcuvid.dll
2012-03-26 17:28:04 2482280 —-a-w- C:\Windows\System32\nvcuvenc.dll
2012-03-26 17:28:03 4941720 —-a-w- C:\Windows\SysWow64\nvcuda.dll
2012-03-26 17:28:03 2252904 —-a-w- C:\Windows\SysWow64\nvcuvenc.dll
2012-03-26 17:28:02 6607976 —-a-w- C:\Windows\System32\nvcuda.dll
2012-03-26 17:27:53 13011560 —-a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-03-26 17:27:52 8984 —-a-w- C:\Windows\System32\drivers\nvBridge.kmd
2012-03-26 17:27:52 18577816 —-a-w- C:\Windows\System32\nvcompiler.dll
2012-03-18 20:07:35 ——– d—–w- C:\Program Files (x86)\My Company Name
2012-03-18 20:06:01 32768 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-03-18 20:06:00 729088 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-03-18 20:06:00 69715 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-03-18 20:06:00 5632 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-03-18 20:06:00 266240 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-03-18 20:06:00 192512 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-03-18 20:05:53 188548 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-03-18 20:05:52 311428 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-03-18 09:52:57 ——– d—–w- C:\Users\Ricardo\AppData\Local\{6DD8B6AF-34F2-4921-86CA-A00E8F283ED1}
2012-03-18 09:52:33 ——– d—–w- C:\Users\Ricardo\AppData\Local\{5017C2B4-5217-4EF0-9A72-688E61EFB3F3}
2012-03-17 18:45:33 ——– d—–w- C:\Users\Ricardo\AppData\Local\{C4643EF3-76CF-432F-B207-BD1AAE2841C0}
2012-03-17 18:45:12 ——– d—–w- C:\Users\Ricardo\AppData\Local\{82C202E1-3A25-466D-951B-66522589CCAE}
2012-03-17 06:44:46 ——– d—–w- C:\Users\Ricardo\AppData\Local\{CE8772D7-E2C6-4CF6-87C9-A795B784206A}
2012-03-17 06:44:23 ——– d—–w- C:\Users\Ricardo\AppData\Local\{2952CF4A-6641-40FB-B3D8-BC63A13CCAA6}
2012-03-16 18:25:29 ——– d—–w- C:\Users\Ricardo\AppData\Local\{39CB09F2-328C-4E05-B0FD-6F4D696AD197}
2012-03-16 18:25:14 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8CAC3009-8FF2-4A5E-B408-EE211C8A209B}
2012-03-15 21:18:38 ——– d—–w- C:\Users\Ricardo\AppData\Local\{2881C302-80E1-4F2C-B65F-D5847137DD43}
2012-03-15 21:18:28 ——– d—–w- C:\Users\Ricardo\AppData\Local\{49BC68DB-CCE9-4113-BAC0-D51F722FCBB1}
2012-03-15 05:44:18 ——– d—–w- C:\Users\Ricardo\AppData\Local\{3299932A-6EB7-4025-ADE1-8E9E7C84CD88}
2012-03-15 05:43:55 ——– d—–w- C:\Users\Ricardo\AppData\Local\{76E0D992-E894-47DC-A1D8-344CCF613A0F}
2012-03-14 15:20:46 ——– d—–w- C:\Users\Ricardo\AppData\Local\{D8F2AD1F-FF50-466D-8EA3-7FEF1DE7043B}
2012-03-14 15:20:35 ——– d—–w- C:\Users\Ricardo\AppData\Local\{B4FA9F3A-EAD1-43B1-A986-81CBB6DF7473}
2012-03-14 06:14:12 5559152 —-a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 06:14:11 3968368 —-a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:14:11 3913584 —-a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 05:58:04 3145728 —-a-w- C:\Windows\System32\win32k.sys
2012-03-14 05:57:59 1544192 —-a-w- C:\Windows\System32\DWrite.dll
2012-03-14 05:57:59 1077248 —-a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 05:57:45 9216 —-a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 05:57:45 77312 —-a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 05:57:45 149504 —-a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 05:57:37 826880 —-a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 05:57:37 1112064 —-a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 05:57:37 1031680 —-a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 05:57:36 23552 —-a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 05:57:36 210944 —-a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 21:39:55 ——– d—–w- C:\Users\Ricardo\AppData\Local\{3B922246-A3D1-49D3-8A5D-D5166FE6DCA1}
2012-03-13 21:39:34 ——– d—–w- C:\Users\Ricardo\AppData\Local\{F9F86C70-E731-46EE-841E-42AEB728B07A}
2012-03-13 09:06:50 ——– d—–w- C:\Users\Ricardo\AppData\Local\{6D304CA9-F356-4468-BB9E-8BD13EE22AEC}
2012-03-13 09:06:27 ——– d—–w- C:\Users\Ricardo\AppData\Local\{46F89416-3D51-4BE4-B5E7-7FB2714547BD}
2012-03-12 15:25:07 ——– d—–w- C:\Users\Ricardo\AppData\Local\{32560AD1-D52D-4E2E-9FBB-D6D5746EC718}
2012-03-12 15:24:56 ——– d—–w- C:\Users\Ricardo\AppData\Local\{73456A74-85E1-4AC8-8266-6DE660200CD8}
2012-03-11 22:32:15 ——– d—–w- C:\Users\Ricardo\AppData\Local\{C97E75E1-F71D-4FA7-9067-D7A7FA76E02B}
2012-03-11 22:31:52 ——– d—–w- C:\Users\Ricardo\AppData\Local\{93F38D08-025E-49A3-81C9-CC3B5FA51767}
2012-03-11 10:31:26 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8335B2FD-3263-4E6B-A6C1-031A90B760E7}
2012-03-11 10:31:15 ——– d—–w- C:\Users\Ricardo\AppData\Local\{AFFADD56-EA81-4380-BB9D-3ACAA8C431AD}
2012-03-10 22:30:50 ——– d—–w- C:\Users\Ricardo\AppData\Local\{68A88C4D-D541-46E9-B755-C35877961504}
2012-03-10 22:30:27 ——– d—–w- C:\Users\Ricardo\AppData\Local\{5F07E129-07C5-4DA2-855F-1711AE772F4C}
2012-03-10 08:48:43 ——– d—–w- C:\Users\Ricardo\AppData\Local\{E2F19ABA-2F0F-4BA1-AD28-3C8CEE690242}
2012-03-10 08:48:20 ——– d—–w- C:\Users\Ricardo\AppData\Local\{F7F7828D-AC89-4920-9D31-541F1B5065E0}
2012-03-09 18:14:53 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8B662803-3937-4E53-940F-D1C3477993C9}
2012-03-09 18:14:41 ——– d—–w- C:\Users\Ricardo\AppData\Local\{8D747083-EEEE-42C4-B891-DB43DB311384}
2012-03-09 04:55:07 ——– d—–w- C:\Users\Ricardo\AppData\Local\{55918BBB-E90F-4D3C-9947-85341C41FD86}
2012-03-09 04:54:45 ——– d—–w- C:\Users\Ricardo\AppData\Local\{DCA3EECE-8779-44C5-A4FB-A29844F33600}
2012-03-08 15:25:19 ——– d—–w- C:\Users\Ricardo\AppData\Local\{B97336FF-33B0-4B46-95FB-88A9F95B04E0}
2012-03-08 15:25:08 ——– d—–w- C:\Users\Ricardo\AppData\Local\{D1DE249B-20EB-4214-97F0-514705143110}
2012-03-07 20:17:29 ——– d—–w- C:\Users\Ricardo\AppData\Local\{931BC1BA-B49C-406C-A61E-48CBBE6C4324}
2012-03-07 20:17:17 ——– d—–w- C:\Users\Ricardo\AppData\Local\{733B9B74-AF5F-460D-80D9-82A187782CAE}
2012-03-07 20:16:34 ——– d—–w- C:\Users\Ricardo\AppData\Local\{1D3232AC-F9F4-447F-9589-86046BBD79DB}
.
==================== Find3M ====================
.
2012-04-03 03:59:44 70304 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 15:23:57 472808 —-a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-31 12:44:20 279656 ——w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:38:10,13 ===============
ricardo

06-04-2012 16:41

2e logje
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume4
Install Date: 20-6-2011 21:55:48
System Uptime: 6-4-2012 16:32:22 (0 hours ago)
.
Motherboard: Intel Corporation | | DP35DP
Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz | J1PR | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 371 GiB total, 301,884 GiB free.
D: is FIXED (NTFS) - 164 GiB total, 12,095 GiB free.
E: is FIXED (NTFS) - 164 GiB total, 37,936 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 11 GiB total, 2,29 GiB free.
H: is FIXED (NTFS) - 34 GiB total, 3,366 GiB free.
I: is FIXED (NTFS) - 31 GiB total, 4,289 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: HID Non-User Input Data Filter
Device ID: HID\VID_045E&PID_009D&MI_01&COL01\7&89985D8&0&0000
Manufacturer: Microsoft
Name: HID Non-User Input Data Filter
PNP Device ID: HID\VID_045E&PID_009D&MI_01&COL01\7&89985D8&0&0000
Service:
.
Class GUID:
Description: PCI Simple Communications-controller
Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Manufacturer:
Name: PCI Simple Communications-controller
PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Service:
.
==== System Restore Points ===================
.
RP126: 29-3-2012 23:50:28 - Windows Update
RP127: 2-4-2012 16:19:52 - Windows Update
RP128: 4-4-2012 19:45:08 - ComboFix created restore point
RP129: 5-4-2012 17:17:34 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Reader X (10.1.2) - Nederlands
Ashampoo Burning Studio 2009
ASUS nVidia Driver
AVG PC Tuneup 2011
D3DX10
ESET Online Scanner v3
Google Chrome
GrabIt 1.7.2 Beta 4 (build 997)
IncrediMail
IncrediMail 2.0
IncrediMail JunkFilter Plus
Java Auto Updater
Java(TM) 6 Update 31
JunkFilterPlus
K-Lite Codec Pack 7.2.0 (Full)
Kingsoft PC Doctor 3.6.0.10
Logitech Vid HD
Malwarebytes Anti-Malware versie 1.60.1.1000
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Photo Notifier and Animation Creator
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SpotLite
Spotnet
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Your Uninstaller! 2006 Version 5
.
==== End Of File ===========================
Ben

06-04-2012 17:05

Hallo ricardo,
Dit ziet er picobello uit, ondervind je nog wat zo nee dan kunnen we gaan opruimen.
Gr.Ben
Antivirusprikbord

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

HELP BOTNET WAARSCHUWING

ricardo

Ben

ricardo

ricardo

ricardo

Ben

ricardo

ricardo

ricardo

Ben