Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
fazantje
Hoi Marianne,
Ja, probeer maar, en anders AVG verwijderen.
Deze kun je later weer installeren.
Succes,
Huib;)
Hoi Marianne,
Het volgende programma kan ernstige schade toebrengen wanneer je hem niet goed gebruikt.
Lees daarom de instructies grondig door.
Download TDSSKiller hier en sla het op je Bureaublad op.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Windows 7 en Windows Vista gebruikers:
Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.
Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.
Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op je Bureaublad op.
Start TDSSkiller opnieuw.
Klik op "Change parameters" en zorg dat de onderstaande opties allemaal aangevinkt zijn.
• Klik op de knop "Start Scan" en volg de instructies.
Note! Als er "Threats" gevonden worden volgt er automatisch een vervolgscherm na de scan.
Bij een "Fail signature" melding hoef je geen actie te ondernemen.( Gebruik Skip.)
Standaard wordt bij een "Suspicious object" Skip ingevuld. Laat deze actie zo staan. Eventueel zeggen we later wat je hiermee moet doen.
Bij een "Malicious object" wordt er automatisch de actie Cure of Delete ingevuld.
Kies hierbij altijd voor Cure.
Wanneer dit niet mogelijk is, selecteer dan Skip.
Alleen bij een "TDSS File System" kies je voor Delete als Cure niet mogelijk is.
Als je niet weet wat in te vullen, gebruik dan Skip en wacht even op wat we adviseren, voordat je iets Delete.
Klik nu op Continue om verder te gaan.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.
Herstart de pc als TDSSKiller die optie geeft. (Reboot now)
Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.___log.txt
Plaat het TDSS logje in je volgende bericht.
Succes,
Huib;)
Dit is de log van combofix want die ging eerst nog verder.
Moet ik nu evengoed die andere stappen uitvoeren?
Groetjes Marianne
ComboFix 12-08-10.02 - Marianne 12-08-2012 21:15:43.8.4 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1708
Gestart vanuit: c:\documents and settings\Marianne.MARIANNE-4F98D8\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\facemoods.com
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\inst.exe
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Marianne.MARIANNE-4F98D8\Menu Start\Programma's\.lnk
c:\documents and settings\Marianne.MARIANNE-4F98D8\WINDOWS
c:\program files\BFlix\BFLIx.dll
c:\windows\IsUn0413.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_xcpip
——-\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))
.
.
2012-08-12 18:47 . 2012-08-12 18:47 ——– d—–w- c:\windows\LastGood
2012-08-08 18:52 . 2012-08-08 18:52 ——– d—–w- c:\windows\system32\wbem\Repository
2012-08-08 18:52 . 2012-08-08 18:52 ——– d—–w- c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\BabylonToolbar
2012-08-08 18:51 . 2012-08-08 18:51 ——– d—–w- c:\documents and settings\Marianne.MARIANNE-4F98D8\Local Settings\Application Data\AskToolbar
2012-08-08 18:51 . 2012-08-12 19:27 ——– d—–w- c:\program files\BFlix
2012-08-06 11:31 . 2012-06-05 07:37 256904 —-a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-16 20:14 . 2012-07-16 20:14 ——– d—–w- c:\documents and settings\Marianne.MARIANNE-4F98D8\Application Data\DDMSettings
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2010-10-18 18:48 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:55 . 2004-08-04 12:00 1866240 —-a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2007-05-15 14:43 1372672 —-a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 —-a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 —-a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2002-08-02 23:24 329240 —-a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2002-08-02 23:24 219160 —-a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2002-08-02 23:24 210968 —-a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-04 12:00 97304 —-a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2002-08-02 23:24 53784 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-08-02 23:24 35864 —-a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20 15896 —-a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:20 15896 —-a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2002-08-02 23:24 577048 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-07-30 17:19 24088 —-a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2002-08-02 23:24 1933848 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-09-17 10:19 18160 —-a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-09-17 10:19 275696 —-a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-09-17 10:19 214256 —-a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 12:00 602624 —-a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2004-08-04 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe”
“IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe”
“BitTorrent DNA”=“c:\program files\DNA\btdna.exe”
“Steam”=“d:\program files\steam\steam.exe”
“NokiaOviSuite2”=“c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
.
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RTHDCPL”=“RTHDCPL.EXE”
“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe”
“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam10\QuickCam10.exe”
“Google Quick Search Box”=“c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe”
“EvtMgr6”=“c:\program files\Logitech\SetPointP\SetPoint.exe”
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“DivXUpdate”=“c:\program files\DivX\DivX Update\DivXUpdate.exe”
.
“AvgUninstallURL”=“start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjQ4MzEyNzQ0LUJBKzEtS1YzKzctWEwrMS1UNS1GTCs5LVhPMzYrMS1GOU03Qys1LUY5TTMrMS1GTDEwKzEtVFVHKzMtTElDKzE&prod=90&ver=10.0.1382”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
2010-10-28 10:13 64592 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
@=“Driver”
.
@=“”
.
@=“Service”
.
@=“Service”
.
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
2005-05-19 13:47 57344 —-a-w- d:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
2004-02-12 12:38 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
2001-07-09 10:50 155648 —-a-w- c:\windows\system32\NeroCheck.exe
.
2010-11-29 16:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
.
“Pando Media Booster”=c:\program files\Pando Networks\Media Booster\PMB.exe
.
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
“PWRISOVM.EXE”=d:\program files\PowerISO\PWRISOVM.EXE
“AppleSyncNotifier”=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
“NokiaMServer”=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\utorrent\\utorrent.exe”=
“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
“c:\\Program Files\\IncrediMail\\bin\\ImApp.exe”=
“c:\\Program Files\\IncrediMail\\bin\\IncMail.exe”=
“c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe”=
“c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe”=
“d:\\program files\\Wolfenstein - Enemy Territory\\ET.exe”=
“d:\\program files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe”=
“d:\\program files\\Eidos\\Pyro Studios\\Commandos Strike Force\\CommXPC.exe”=
“d:\\program files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe”=
“c:\\Program Files\\DNA\\btdna.exe”=
“c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe”=
“d:\\program files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat”=
“d:\\program files\\Steam\\Steam.exe”=
“d:\\program files\\Samsung\\Samsung New PC Studio\\npsasvr.exe”=
“d:\\program files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe”=
“d:\\program files\\BearShare Applications\\BearShare\\BearShare.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“d:\\program files\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe”=
“d:\\program files\\Landwirtschafts Simulator 2011\\game.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“d:\\program files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe”=
“d:\\program files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe”=
“d:\\program files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe”=
“d:\\program files\\Steam\\SteamApps\\cocoownt\\zombie panic! source dedicated server\\srcds.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“d:\\program files\\GamersFirst\\APB Reloaded\\Binaries\\APB.exe”=
“d:\\program files\\GamersFirst\\APB Reloaded\\Binaries\\VivoxVoiceService.exe”=
“c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe”=
“d:\\Program Files\\Skype\\Phone\\Skype.exe”=
“d:\\program files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe”=
“d:\\program files\\Steam\\SteamApps\\cocoownt\\zombie panic! source\\hl2.exe”=
.
“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
“56288:TCP”= 56288:TCP:Pando Media Booster
“56288:UDP”= 56288:UDP:Pando Media Booster
“57412:TCP”= 57412:TCP:Pando Media Booster
“57412:UDP”= 57412:UDP:Pando Media Booster
“58296:TCP”= 58296:TCP:Pando Media Booster
“58296:UDP”= 58296:UDP:Pando Media Booster
“3389:TCP”= 3389:TCP:Remote Desktop
“65533:TCP”= 65533:TCP:Services
“52344:TCP”= 52344:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe
S0 boky;boky;c:\windows\system32\drivers\lbce.sys –> c:\windows\system32\drivers\lbce.sys
S0 hlstucf;hlstucf;c:\windows\system32\drivers\mcvhr.sys –> c:\windows\system32\drivers\mcvhr.sys
S0 sahvgadh;sahvgadh;c:\windows\system32\drivers\vgjnfcby.sys –> c:\windows\system32\drivers\vgjnfcby.sys
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE
S3 dump_wmimmc;dump_wmimmc;d:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys –> c:\windows\system32\drivers\EagleXNt.sys
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
S3 musbehco;musbehco;\??\c:\docume~1\MARIAN~1.MAR\LOCALS~1\Temp\musbehco.sys –> c:\docume~1\MARIAN~1.MAR\LOCALS~1\Temp\musbehco.sys
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service –> c:\windows\system32\GameMon.des -service
S3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
.
2012-08-12 c:\windows\Tasks\Automatisch zoeken van problemen.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
.
2012-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-299502267-682003330-1004Core.job
- c:\documents and settings\Marianne.MARIANNE-4F98D8\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-299502267-682003330-1004UA.job
- c:\documents and settings\Marianne.MARIANNE-4F98D8\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
2012-08-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download met Mipony - file://d:\program files\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Zoek op het web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.178.1
DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-iTunesHelper - d:\program files\iTunes\iTunesHelper.exe
AddRemove-Huishoudboekje - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
“ImagePath”=“c:\windows\system32\GameMon.des -service”
.
“ImagePath”=“\??\c:\program files\CyberLink\PowerDVD\000.fcl”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“oajjecbaildmnenpmnmlecgclkhbkj”=hex:61,69,68,62,68,6d,66,6f,63,67,61,65,6b,63,
64,67,6c,68,6d,67,66,6d,63,67,69,68,6a,6b,6e,66,70,66,6d,6e,6b,66,65,64,6e,\
“iaiiedaidlkoljmlhb”=hex:6a,61,62,62,64,65,6e,65,6c,62,6b,67,6d,62,6c,67,61,68,
6d,6c,00,00
“haohljcalffnckji”=hex:6a,61,62,62,67,65,61,66,65,63,66,68,6c,66,66,67,64,68,
61,63,00,00
.
“??”=hex:b3,a0,cf,11,42,b5,2b,da,d6,d2,d0,73,6b,33,95,d1,69,4e,22,79,d1,bc,c8,
8a,f6,74,a4,82,aa,fe,6e,6e,73,fb,35,69,ef,e0,24,31,59,a8,1f,16,80,41,f1,1f,\
“??”=hex:a8,b9,9c,9f,bd,60,2c,9b,08,01,08,14,bb,d4,0f,bb
.
“datasecu”=hex:94,4f,f1,c6,9e,2e,bc,58,ae,83,48,b8,c8,ae,43,00,e4,5f,d0,4d,eb,
34,80,dd,09,13,d3,b8,3d,41,d2,26,20,ec,ef,3f,07,22,3c,2f,f3,30,84,a5,46,5d,\
“rkeysecu”=hex:07,88,ea,06,19,19,25,cf,96,60,50,85,04,9f,3c,0f
.
“3140110900063D11C8EF10054038389C”=“C?\\WINDOWS\\system32\\FM20ENU.DLL”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘winlogon.exe’(240)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > ‘explorer.exe’(1832)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Voltooingstijd: 2012-08-12 21:38:45 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-12 19:38
.
Pre-Run: 45.268.922.368 bytes beschikbaar
Post-Run: 47.656.030.208 bytes beschikbaar
.
- - End Of File - - 9163EE7705965090502A23D65A655FCD
Hallo,
Voer aswMBR.exe nog eens uit.
• Dubbelklik op "aswMBR.exe" om de tool te starten.
Vista en Windows 7 gebruikers: Reschtsklik -> uitvoeren als Administrator.
• Klik bij het volgende venster op "Nee"
Klik op de knop "scan"
Als de scan gereed is klikt je op de knop "save log"
Plaats dit log bestand in het volgende bericht.
Gr.Ben
Hier mijn log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 22:01:58
—————————–
22:01:58.234 OS Version: Windows 5.1.2600 Service Pack 3
22:01:58.234 Number of processors: 4 586 0xF0B
22:01:58.234 ComputerName: MARIANNE-4F98D8 UserName: Marianne
22:01:59.437 Initialize success
22:02:17.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
22:02:17.703 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA52A Size: 238475MB BusType: 3
22:02:17.703 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-12
22:02:17.718 Disk 1 Vendor: Hitachi_HDP725025GLA380 GM2OA52A Size: 238475MB BusType: 3
22:02:17.750 Disk 0 MBR read successfully
22:02:17.750 Disk 0 MBR scan
22:02:17.765 Disk 0 Windows XP default MBR code
22:02:17.781 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
22:02:17.796 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620
22:02:17.828 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683
22:02:17.843 Disk 0 scanning sectors +488376000
22:02:17.890 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
22:02:17.921 Disk 0 PE file @ sector 488376025 !
22:02:17.984 Disk 0 scanning C:\WINDOWS\system32\drivers
22:02:37.593 Service scanning
22:03:04.859 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:03:11.015 Modules scanning
22:03:16.890 Disk 0 trace - called modules:
22:03:17.031 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys
22:03:17.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0
22:03:17.375 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\0000007c
22:03:17.546 5 ACPI.sys -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7
22:03:17.718 Scan finished successfully
22:03:36.859 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Marianne.MARIANNE-4F98D8\Bureaublad\MBR.dat”
22:03:36.890 The log file has been saved successfully to “C:\Documents and Settings\Marianne.MARIANNE-4F98D8\Bureaublad\aswMBR.txt”
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 22:15:01
—————————–
22:15:01.828 OS Version: Windows 5.1.2600 Service Pack 3
22:15:01.828 Number of processors: 4 586 0xF0B
22:15:01.828 ComputerName: MARIANNE-4F98D8 UserName: Marianne
22:15:03.015 Initialize success
22:15:08.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
22:15:08.859 Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA52A Size: 238475MB BusType: 3
22:15:08.859 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-12
22:15:08.875 Disk 1 Vendor: Hitachi_HDP725025GLA380 GM2OA52A Size: 238475MB BusType: 3
22:15:08.906 Disk 0 MBR read successfully
22:15:08.906 Disk 0 MBR scan
22:15:08.921 Disk 0 Windows XP default MBR code
22:15:08.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
22:15:08.953 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620
22:15:08.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683
22:15:09.000 Disk 0 scanning sectors +488376000
22:15:09.125 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:28.968 Service scanning
22:15:57.656 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:16:04.625 Modules scanning
22:16:14.812 Disk 0 trace - called modules:
22:16:14.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys
22:16:15.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0
22:16:15.328 3 CLASSPNP.SYS -> nt!IofCallDriver -> \Device\0000007a
22:16:15.515 5 ACPI.sys -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7
22:16:15.703 Scan finished successfully
22:16:33.890 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Marianne.MARIANNE-4F98D8\Bureaublad\MBR.dat”
22:16:33.906 The log file has been saved successfully to “C:\Documents and Settings\Marianne.MARIANNE-4F98D8\Bureaublad\aswMBR(2).txt”
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
