Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Dag Ben
ik heb ondertussen Avira geinstalleerd en laten draaien dit gaf aan dat er een trojaans paard op de pc aanwezig was heb het in qarantaine geplaatst en de pc terug opgestart dat berichtje is toen niet meer verschenen
Groetjes Guy
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Herman at 12:19:20 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.1843
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uDefault_Page_URL = hxxp://www.aldi.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
uRun: c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: “c:\program files\windows live\messenger\msnmsgr.exe” /background
uRun: “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe”
uRun: c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: “c:\program files\cyberlink\power2go\CLMLSvc.exe”
mRun: c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: “c:\program files\microsoft office\office12\GrooveMonitor.exe”
mRun: “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe”
mRun: “c:\program files\common files\java\java update\jusched.exe”
mRun: “c:\program files\avira\antivir desktop\avgnt.exe” /min
StartupFolder: c:\users\herman\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{16F5B9A4-8252-409A-9203-3A8056E14D64} : DhcpNameServer = 195.130.130.131 195.130.131.131
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe
.
=============== Created Last 30 ================
.
2012-07-10 10:11:08 83392 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-10 10:11:08 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-10 10:11:07 ——– d—–w- c:\programdata\Avira
2012-07-10 10:11:07 ——– d—–w- c:\program files\Avira
2012-07-10 10:03:26 6762896 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{ecac5def-8183-41c0-b36b-1e9f853909b6}\mpengine.dll
2012-07-10 07:09:30 ——– d—–w- c:\users\herman\appdata\local\{400C3D4C-7990-4A9D-B27A-66B3E0BE85B8}
2012-07-10 07:09:20 ——– d—–w- c:\users\herman\appdata\local\{45214353-D872-40F9-AD45-5C4887CEF5B8}
2012-07-09 17:02:16 476936 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-07-09 16:52:52 ——– d-sh–w- C:\found.000
2012-07-09 13:43:16 ——– d—–w- c:\users\herman\appdata\roaming\SUPERAntiSpyware.com
2012-07-09 13:43:12 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
2012-07-09 13:43:12 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-07-09 13:02:15 ——– d—–w- c:\users\herman\appdata\local\{A4BA6BFF-FC58-4DF0-A527-37802B98CCB8}
2012-07-09 13:02:03 ——– d—–w- c:\users\herman\appdata\local\{391166A5-CA96-4846-A066-B009AC1A61D4}
2012-07-08 21:32:59 ——– d—–w- c:\users\herman\appdata\local\{9173D56A-AA72-4A21-BAA6-BE2FA69D3276}
2012-07-08 21:32:48 ——– d—–w- c:\users\herman\appdata\local\{A28A08D1-395F-48F8-A655-B042DF74D2E7}
2012-07-06 10:27:43 ——– d—–w- c:\users\herman\appdata\local\{AFAD573B-9396-4536-B141-9440B57273B7}
2012-07-06 10:27:33 ——– d—–w- c:\users\herman\appdata\local\{7605172D-5B19-4BD0-92B0-67301E13B8DF}
2012-07-04 14:36:10 ——– d—–w- c:\users\herman\appdata\local\{D1AB294D-847D-4558-BF8F-C49C83FEAABE}
2012-07-04 14:36:01 ——– d—–w- c:\users\herman\appdata\local\{6A158383-D646-4656-94FA-501B58139C91}
2012-07-04 14:35:51 ——– d—–w- c:\users\herman\appdata\local\{2CF4EECF-518C-4D5F-9937-E6ED268D2F25}
2012-07-04 14:35:41 ——– d—–w- c:\users\herman\appdata\local\{DB086653-747C-471B-904B-986BF763EDB3}
2012-07-03 14:56:13 ——– d—–w- c:\users\herman\appdata\local\{4D6333BE-DE6A-46FF-93A8-BF44D254818B}
2012-07-03 14:56:03 ——– d—–w- c:\users\herman\appdata\local\{5FD7468E-531E-4B7B-A231-74A63EEC9F9D}
2012-07-02 20:36:57 ——– d—–w- c:\users\herman\appdata\local\{B7C36C65-ADC1-4759-8C72-0EA2D6D3D8EE}
2012-07-02 20:36:48 ——– d—–w- c:\users\herman\appdata\local\{8DC3C02B-73F0-4962-8968-AB1B4721A63E}
2012-07-02 20:36:38 ——– d—–w- c:\users\herman\appdata\local\{B07D7F03-62C6-4834-A291-2E6C504BEA75}
2012-07-01 12:39:44 ——– d—–w- c:\users\herman\appdata\local\{F6477EC9-1321-4EA2-B61A-0DDF15E4D4F1}
2012-07-01 12:39:34 ——– d—–w- c:\users\herman\appdata\local\{0BF32070-82A9-4015-8605-18592978362D}
2012-06-29 12:15:24 ——– d—–w- c:\users\herman\appdata\local\{41135D12-BF36-40FB-A62B-40075FBF3FD8}
2012-06-29 12:15:14 ——– d—–w- c:\users\herman\appdata\local\{080972C0-12C5-45F7-95A4-18B1C29F52ED}
2012-06-28 20:45:48 ——– d—–w- c:\users\herman\appdata\local\{44CD9A0B-120B-4017-A6A4-4909EF4D357C}
2012-06-28 20:45:39 ——– d—–w- c:\users\herman\appdata\local\{F0E933B8-FB02-47C6-B101-287AE50FC3DE}
2012-06-27 22:01:51 ——– d—–w- c:\users\herman\appdata\local\{348D517B-FE94-49E7-8B88-F76729EC3947}
2012-06-27 22:01:42 ——– d—–w- c:\users\herman\appdata\local\{1AEBD470-79B8-43B9-AB8A-35365516C98D}
2012-06-27 22:01:32 ——– d—–w- c:\users\herman\appdata\local\{AFBA146F-AC26-4B6E-A8B9-D230639D4CDD}
2012-06-27 22:01:23 ——– d—–w- c:\users\herman\appdata\local\{8DCC1D98-DCC0-4368-8B92-FDC500FA21DA}
2012-06-26 21:10:22 ——– d—–w- c:\users\herman\appdata\local\{44A781BD-5CE3-4928-B1D4-4221EB76F584}
2012-06-26 21:10:12 ——– d—–w- c:\users\herman\appdata\local\{DA37D597-21A5-4940-81B9-64E6E603B030}
2012-06-26 21:10:03 ——– d—–w- c:\users\herman\appdata\local\{FF2101A0-4E0B-44FB-B28B-9A4795393498}
2012-06-25 16:12:40 ——– d—–w- c:\users\herman\appdata\local\{08F9D6EE-677A-474A-AC2E-C2686A1C82E6}
2012-06-25 16:12:31 ——– d—–w- c:\users\herman\appdata\local\{931593D2-5FB0-445B-8D0D-0A53E4DC8119}
2012-06-25 16:12:21 ——– d—–w- c:\users\herman\appdata\local\{EE8C2BCE-ED24-43F4-ADD1-927AC80371B2}
2012-06-24 16:17:35 ——– d—–w- c:\users\herman\appdata\local\{53D6C95D-99A6-4B58-B3D2-48FBF7B92431}
2012-06-24 16:17:26 ——– d—–w- c:\users\herman\appdata\local\{C44D1AC8-E7E3-4D66-B776-4C5847F6F8C4}
2012-06-24 16:17:16 ——– d—–w- c:\users\herman\appdata\local\{FF3CF0C9-EDBF-4F18-8ECE-61C2C6ADDD56}
2012-06-23 22:52:28 ——– d—–w- c:\users\herman\appdata\local\{6D2D8FBA-C8B9-4840-A330-70293856CB88}
2012-06-23 22:52:18 ——– d—–w- c:\users\herman\appdata\local\{4CAA59B7-BA79-4EAE-9E11-1BED021FC370}
2012-06-22 12:03:22 ——– d—–w- c:\users\herman\appdata\local\{0DBE05D3-F9E7-4D8D-A2DA-6E7762A0CC38}
2012-06-22 12:03:13 ——– d—–w- c:\users\herman\appdata\local\{DA0BCAD3-F8D3-41B9-B7CC-77472179A0BB}
2012-06-21 13:46:22 ——– d—–w- c:\users\herman\appdata\local\{D121431D-E4E4-4124-B2B5-65AB7C24E7F0}
2012-06-21 13:46:12 ——– d—–w- c:\users\herman\appdata\local\{BF55E075-4E06-46F0-94CD-2A9995B273A3}
2012-06-20 20:15:15 ——– d—–w- c:\users\herman\appdata\local\{792B6682-4C9B-49A5-88D6-9A53135A1B74}
2012-06-20 20:15:05 ——– d—–w- c:\users\herman\appdata\local\{5C75DF2E-48B2-4439-B8FE-1BFD4E46135A}
2012-06-20 20:14:56 ——– d—–w- c:\users\herman\appdata\local\{4630D0A8-F8E1-486A-9F3D-53C5882EDDCE}
2012-06-20 20:14:46 ——– d—–w- c:\users\herman\appdata\local\{4C741186-A9DE-4A16-81A5-AE8F935E718E}
2012-06-20 08:14:22 ——– d—–w- c:\users\herman\appdata\local\{EA3617E3-6963-46F0-BD80-87273B9DD00A}
2012-06-20 08:14:13 ——– d—–w- c:\users\herman\appdata\local\{32A28E67-6190-4113-ABC3-9556032097E7}
2012-06-20 08:14:03 ——– d—–w- c:\users\herman\appdata\local\{494FBAEF-419E-433D-BC69-92772FBD7869}
2012-06-19 12:05:17 ——– d—–w- c:\users\herman\appdata\local\{EE5899F6-FFDE-4409-8D24-040ABA37D3D8}
2012-06-19 12:05:07 ——– d—–w- c:\users\herman\appdata\local\{8CB570EA-FB9F-4836-9084-EAFA8BF027F1}
2012-06-18 17:07:53 ——– d—–w- c:\users\herman\appdata\local\{38F7B1FF-B96D-4ED5-AFE5-B087E31537D5}
2012-06-17 20:48:51 ——– d—–w- c:\users\herman\appdata\local\{51A58FC5-0E47-4CCE-AB76-7B7A76E468A8}
2012-06-16 22:10:15 164352 —-a-w- c:\windows\system32\profsvc.dll
2012-06-16 22:10:09 140288 —-a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 22:10:09 1158656 —-a-w- c:\windows\system32\crypt32.dll
2012-06-16 22:10:09 103936 —-a-w- c:\windows\system32\cryptnet.dll
2012-06-16 22:05:27 ——– d—–w- c:\users\herman\appdata\local\{2B339D12-E92D-403E-953F-407F5710975C}
2012-06-16 11:08:13 ——– d—–w- c:\users\herman\appdata\local\{35D3FB39-1CDD-4925-BB6D-761C550060A4}
2012-06-15 21:42:29 ——– d—–w- c:\users\herman\appdata\local\{DA6ED06B-6513-467A-AD08-DCA477A4300F}
2012-06-15 09:42:06 ——– d—–w- c:\users\herman\appdata\local\{5DA6A33C-6CE1-4BC4-AA4A-36797CFF39C4}
2012-06-15 09:41:57 ——– d—–w- c:\users\herman\appdata\local\{EE5A2FCE-5A26-4968-8C26-12089751F191}
2012-06-14 19:26:04 ——– d—–w- c:\users\herman\appdata\local\{B4373B65-10FD-4302-A460-B7E0F65C497C}
2012-06-14 19:25:54 ——– d—–w- c:\users\herman\appdata\local\{0BD502C4-D2C9-4E59-AFF0-C4D3D700FD57}
2012-06-14 19:25:45 ——– d—–w- c:\users\herman\appdata\local\{6CCB0A9C-AAFA-4BA4-BFD9-0B497E8DD3D9}
2012-06-14 19:25:35 ——– d—–w- c:\users\herman\appdata\local\{A265AD4D-7E6D-41F5-A6D2-4D2CD88982C0}
2012-06-14 07:25:12 ——– d—–w- c:\users\herman\appdata\local\{7211701D-AC86-4698-977E-4A8C0AE5A47B}
2012-06-14 07:25:02 ——– d—–w- c:\users\herman\appdata\local\{2963DAEB-A0C4-4FB4-87A7-8317EA312A8D}
2012-06-13 13:58:50 ——– d—–w- c:\users\herman\appdata\local\{F1827852-A268-4179-ADE0-FD1B6C46E9C9}
2012-06-13 13:58:40 ——– d—–w- c:\users\herman\appdata\local\{E9853D8F-B132-46F1-B13B-1FF65E5E76F5}
2012-06-12 20:47:06 ——– d—–w- c:\users\herman\appdata\local\{01CE09B5-0F5F-44F7-9A41-DC549824651D}
2012-06-12 20:46:57 ——– d—–w- c:\users\herman\appdata\local\{76A9D936-6594-46D0-8340-1F438CB2A51E}
2012-06-12 20:46:47 ——– d—–w- c:\users\herman\appdata\local\{0E9F5130-698F-4B80-A53C-6BC0462FEBB7}
2012-06-12 06:29:10 ——– d—–w- c:\users\herman\appdata\local\{FD81E7A1-71A4-410E-B6AA-F8895252B663}
2012-06-12 06:29:00 ——– d—–w- c:\users\herman\appdata\local\{2F2ADEC0-D541-4720-A6CC-BC09E2AA2171}
2012-06-12 06:28:51 ——– d—–w- c:\users\herman\appdata\local\{87A181A0-26D5-488F-9A30-36F1A72D4ABC}
2012-06-11 12:21:51 ——– d—–w- c:\users\herman\appdata\local\{FCBC8AE3-67C6-4BB3-B93D-C73CF1D1FCAA}
2012-06-11 12:21:42 ——– d—–w- c:\users\herman\appdata\local\{2A266E09-AB2C-428F-A220-08FA546899AA}
2012-06-10 18:51:33 ——– d—–w- c:\users\herman\appdata\local\{75EEB14C-341D-479D-9871-DF5A7E29C4F2}
2012-06-10 18:51:23 ——– d—–w- c:\users\herman\appdata\local\{1C4A4A01-7973-4A64-8BD0-E506F284ACD2}
.
==================== Find3M ====================
.
2012-07-09 17:02:12 472840 —-a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32 2422272 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 —-a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25:14 237072 ——w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:03:54 981504 —-a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 —-a-w- c:\windows\system32\win32k.sys
2012-04-28 03:17:07 183808 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 —-a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 —-a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 —-a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-20 03:16:44 1638912 —-a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:20:32,12 ===============
Hallo,
Dat is leuk en aardig veranderingen aanbrengen maar zo blijf ik achter de feiten aan lopen.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande blauw gedrukte code en plak die in het grote invulvenster:
{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39};c
Sluit nu eerst alle overige nog openstaande programmavensters!
Klik daarna op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Doe nog even een online scan: http://www.windowsecurity.com/trojanscan/
Plaats hier de uitslag van.
Gr.Ben
Hallo,
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
Dag Ben
Hier het gevraagde logje
Groetjes Guy
ComboFix 12-07-10.01 - Herman 10/07/2012 13:17:01.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3063.2153
Gestart vanuit: c:\users\Herman\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Herman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk
c:\users\Herman\AppData\Roaming\Security Solution
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))
.
.
2012-07-10 11:21 . 2012-07-10 11:21 56200 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{ECAC5DEF-8183-41C0-B36B-1E9F853909B6}\offreg.dll ERROR(0x00000005)
2012-07-10 11:21 . 2012-07-10 11:21 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-10 11:21 . 2012-07-10 11:21 ——– d—–w- c:\users\Herman\AppData\Local\temp
2012-07-10 10:22 . 2012-07-10 10:22 ——– d—–w- c:\users\Herman\AppData\Roaming\Avira
2012-07-10 10:11 . 2012-04-27 08:20 137928 —-a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-10 10:11 . 2012-04-24 22:32 83392 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-10 10:11 . 2012-04-16 19:18 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-10 10:11 . 2012-07-10 10:11 ——– d—–w- c:\program files\Avira
2012-07-10 10:03 . 2012-06-18 01:14 6762896 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{ECAC5DEF-8183-41C0-B36B-1E9F853909B6}\mpengine.dll ERROR(0x00000005)
2012-07-09 17:02 . 2012-07-09 17:02 476936 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-07-09 17:02 . 2012-07-09 17:02 ——– d—–w- c:\program files\Java
2012-07-09 16:52 . 2012-07-09 16:52 ——– d—–w- C:\found.000
2012-07-09 13:43 . 2012-07-09 13:43 ——– d—–w- c:\users\Herman\AppData\Roaming\SUPERAntiSpyware.com
2012-07-09 13:43 . 2012-07-09 13:43 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-06-16 22:10 . 2012-05-01 04:44 164352 —-a-w- c:\windows\system32\profsvc.dll
2012-06-16 22:10 . 2012-04-24 04:36 140288 —-a-w- c:\windows\system32\cryptsvc.dll
2012-06-16 22:10 . 2012-04-24 04:36 1158656 —-a-w- c:\windows\system32\crypt32.dll
2012-06-16 22:10 . 2012-04-24 04:36 103936 —-a-w- c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-09 17:02 . 2010-07-01 17:45 472840 —-a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-08 23:12 53784 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:12 45080 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:11 35864 —-a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:11 577048 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:12 1933848 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:12 2422272 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:11 88576 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-08 23:11 171904 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-08 23:11 33792 —-a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-05 14:00 237072 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
.
“IAStorIcon”=“c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“CLMLServer”=“c:\program files\CyberLink\Power2Go\CLMLSvc.exe”
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”
“CanonMyPrinter”=“c:\program files\Canon\MyPrinter\BJMyPrt.exe”
“CanonSolutionMenu”=“c:\program files\Canon\SolutionMenu\CNSLMAIN.exe”
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe”
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
@=“”
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.be/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-07-10 13:22:18
ComboFix-quarantined-files.txt 2012-07-10 11:22
.
Pre-Run: 893.981.659.136 bytes beschikbaar
Post-Run: 895.579.729.920 bytes beschikbaar
.
- - End Of File - - 83913CD495832E9DB8B5242E1AE038E5
Dag Ben
volgens mijn mening zal het nu wel in orde zijn.
Ik woon 15 km. van mijn broer en ben nu terug thuis.
Ik zal hem telefoneren om te vragen hoe het is met de pc.
Ik laat nog iets weten maar dat zal pas voor donderdag zijn.
Hartelijk dank.
Groetjes Guy
PS als het echt niet gaat zal ik het wel vroeger horen.
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
