computer loopt vast.

Ben

05-09-2012 10:08

Hallo,
We gaan even verder kijken;
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Gr.Ben
Antivirusprikbord.nl
Arend

05-09-2012 11:26

Dank je Ben, ga er vanavond mee aan de slag.
Vraagje, als hij mij vast loopt tijdens het uitvoeren, wat kan ik dan het beste doen.
De reset knop indrukken of de aan en uit knop vasthouden tot dat hij uit gaat ?
Gr. Arend.
Ben

05-09-2012 11:50

Hallo,
Maak alvast een backup van je belangrijke foto's en bestanden.
Kan ook zijn dat je hardeschijf aan het begeven is
>>>De reset knop indrukken of de aan en uit knop vasthouden tot dat hij uit gaat ?<<<
Is niet de beste oplossing maar als niet anders kan.
Anders Ctrl/Alt/Delete tegelijk indrukken en dan taakbeeindigen.
Gr.Ben
Antivirusprikbord.nl
Arend

05-09-2012 20:59

Hoi Ben,
Bij deze het logje van tdsskstarter.exe. en het logje van dds.txt., het logje van attach.txt. heb ik opgeslagen.
20:41:50.0625 0128 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:41:50.0641 0128 ============================================================
20:41:50.0641 0128 Current date / time: 2012/09/05 20:41:50.0641
20:41:50.0641 0128 SystemInfo:
20:41:50.0641 0128
20:41:50.0641 0128 OS Version: 5.1.2600 ServicePack: 3.0
20:41:50.0641 0128 Product type: Workstation
20:41:50.0641 0128 ComputerName: ARENDHAAK
20:41:50.0641 0128 UserName: Arend Haak
20:41:50.0641 0128 Windows directory: C:\windows
20:41:50.0641 0128 System windows directory: C:\windows
20:41:50.0641 0128 Processor architecture: Intel x86
20:41:50.0641 0128 Number of processors: 2
20:41:50.0641 0128 Page size: 0x1000
20:41:50.0641 0128 Boot type: Normal boot
20:41:50.0641 0128 ============================================================
20:41:51.0922 0128 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000054
20:41:51.0922 0128 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘W’
20:41:57.0656 0128 ============================================================
20:41:57.0656 0128 \Device\Harddisk0\DR0:
20:41:57.0656 0128 MBR partitions:
20:41:57.0656 0128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:41:57.0656 0128 \Device\Harddisk1\DR2:
20:41:57.0656 0128 MBR partitions:
20:41:57.0656 0128 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
20:41:57.0656 0128 ============================================================
20:41:57.0671 0128 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:57.0671 0128 E: <-> \Device\Harddisk1\DR2\Partition1
20:41:57.0671 0128 ============================================================
20:41:57.0671 0128 Initialize success
20:41:57.0671 0128 ============================================================
20:41:57.0750 0700 ============================================================
20:41:57.0750 0700 Scan started
20:41:57.0750 0700 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
20:41:57.0750 0700 ============================================================
20:41:58.0843 0700 ================ Scan system memory ========================
20:41:59.0546 0700 ================ Scan services =============================
20:41:59.0718 0700 ACPI C:\windows\system32\DRIVERS\ACPI.sys
20:41:59.0999 0700 ACPIEC C:\windows\system32\drivers\ACPIEC.sys
20:42:00.0156 0700 ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
20:42:00.0249 0700 AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:42:00.0296 0700 AEAudioService C:\windows\system32\drivers\AEAudio.sys
20:42:00.0359 0700 aec C:\windows\system32\drivers\aec.sys
20:42:00.0499 0700 AegisP C:\windows\system32\DRIVERS\AegisP.sys
20:42:00.0499 0700 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:42:00.0499 0700 AegisP - detected UnsignedFile.Multi.Generic (1)
20:42:00.0546 0700 AFD C:\windows\System32\drivers\afd.sys
20:42:00.0593 0700 Alerter C:\windows\system32\alrsvc.dll
20:42:00.0734 0700 ALG C:\windows\System32\alg.exe
20:42:00.0906 0700 Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:42:00.0968 0700 AppMgmt C:\windows\System32\appmgmts.dll
20:42:01.0046 0700 Arp1394 C:\windows\system32\DRIVERS\arp1394.sys
20:42:01.0281 0700 aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:42:01.0327 0700 AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:42:01.0452 0700 atapi C:\windows\system32\DRIVERS\atapi.sys
20:42:01.0577 0700 Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
20:42:01.0734 0700 AudioSrv C:\windows\System32\audiosrv.dll
20:42:01.0890 0700 audstub C:\windows\system32\DRIVERS\audstub.sys
20:42:02.0031 0700 Beep C:\windows\system32\drivers\Beep.sys
20:42:02.0202 0700 BITS C:\WINDOWS\system32\qmgr.dll
20:42:02.0374 0700 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:42:02.0437 0700 Bridge C:\windows\system32\DRIVERS\bridge.sys
20:42:02.0515 0700 BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:42:02.0609 0700 Browser C:\windows\System32\browser.dll
20:42:02.0656 0700 cbidf2k C:\windows\system32\drivers\cbidf2k.sys
20:42:02.0812 0700 Cdaudio C:\windows\system32\drivers\Cdaudio.sys
20:42:02.0952 0700 Cdfs C:\windows\system32\drivers\Cdfs.sys
20:42:03.0077 0700 Cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:42:03.0234 0700 CiSvc C:\windows\system32\cisvc.exe
20:42:03.0374 0700 ClipSrv C:\windows\system32\clipsrv.exe
20:42:03.0515 0700 clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:03.0562 0700 CryptSvc C:\windows\System32\cryptsvc.dll
20:42:03.0718 0700 DcomLaunch C:\windows\system32\rpcss.dll
20:42:03.0796 0700 Dhcp C:\windows\System32\dhcpcsvc.dll
20:42:03.0921 0700 Disk C:\windows\system32\DRIVERS\disk.sys
20:42:04.0093 0700 dmboot C:\windows\system32\drivers\dmboot.sys
20:42:04.0265 0700 dmio C:\windows\system32\drivers\dmio.sys
20:42:04.0390 0700 dmload C:\windows\system32\drivers\dmload.sys
20:42:04.0515 0700 dmserver C:\windows\System32\dmserver.dll
20:42:04.0655 0700 DMusic C:\windows\system32\drivers\DMusic.sys
20:42:04.0780 0700 Dnscache C:\windows\System32\dnsrslvr.dll
20:42:04.0827 0700 Dot3svc C:\windows\System32\dot3svc.dll
20:42:04.0968 0700 drmkaud C:\windows\system32\drivers\drmkaud.sys
20:42:05.0124 0700 EapHost C:\windows\System32\eapsvc.dll
20:42:05.0312 0700 ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:42:05.0390 0700 ehSched C:\WINDOWS\eHome\ehSched.exe
20:42:05.0421 0700 ERSvc C:\windows\System32\ersvc.dll
20:42:05.0577 0700 Eventlog C:\windows\system32\services.exe
20:42:05.0624 0700 EventSystem C:\WINDOWS\system32\es.dll
20:42:05.0765 0700 F-Secure Gatekeeper C:\Program Files\Internet Security Pack\Anti-Virus\minifilter\fsgk.sys
20:42:05.0858 0700 F-Secure Gatekeeper Handler Starter C:\Program Files\Internet Security Pack\Anti-Virus\fsgk32st.exe
20:42:05.0937 0700 F-Secure HIPS C:\Program Files\Internet Security Pack\HIPS\drivers\fshs.sys
20:42:05.0983 0700 Fastfat C:\windows\system32\drivers\Fastfat.sys
20:42:06.0124 0700 FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
20:42:06.0171 0700 Fdc C:\windows\system32\DRIVERS\fdc.sys
20:42:06.0312 0700 FETND5BV C:\windows\system32\DRIVERS\fetnd5bv.sys
20:42:06.0374 0700 Fips C:\windows\system32\drivers\Fips.sys
20:42:06.0515 0700 Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:42:06.0671 0700 FltMgr C:\windows\system32\drivers\fltmgr.sys
20:42:06.0858 0700 FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:42:06.0905 0700 fsbts C:\windows\system32\Drivers\fsbts.sys
20:42:06.0983 0700 FSDFWD C:\Program Files\Internet Security Pack\FWES\Program\fsdfwd.exe
20:42:07.0030 0700 FSFW C:\windows\system32\drivers\fsdfw.sys
20:42:07.0093 0700 FSMA C:\Program Files\Internet Security Pack\Common\FSMA32.EXE
20:42:07.0155 0700 FSORSPClient C:\Program Files\Internet Security Pack\ORSP Client\fsorsp.exe
20:42:07.0187 0700 Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:42:07.0312 0700 Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
20:42:07.0468 0700 GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:42:07.0499 0700 giveio C:\windows\system32\giveio.sys
20:42:07.0499 0700 giveio ( UnsignedFile.Multi.Generic ) - warning
20:42:07.0499 0700 giveio - detected UnsignedFile.Multi.Generic (1)
20:42:07.0530 0700 Gpc C:\windows\system32\DRIVERS\msgpc.sys
20:42:07.0687 0700 HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:42:07.0733 0700 HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:42:07.0905 0700 helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:42:08.0186 0700 HidServ C:\windows\System32\hidserv.dll
20:42:08.0311 0700 HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:42:08.0468 0700 hkmsvc C:\windows\System32\kmsvc.dll
20:42:08.0624 0700 HTTP C:\windows\system32\Drivers\HTTP.sys
20:42:08.0671 0700 HTTPFilter C:\windows\System32\w3ssl.dll
20:42:08.0827 0700 i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:42:08.0999 0700 idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:42:09.0077 0700 Imapi C:\windows\system32\DRIVERS\imapi.sys
20:42:09.0233 0700 ImapiService C:\WINDOWS\system32\imapi.exe
20:42:09.0390 0700 intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:42:09.0530 0700 Ip6Fw C:\windows\system32\drivers\ip6fw.sys
20:42:09.0671 0700 IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:42:09.0811 0700 IpInIp C:\windows\system32\DRIVERS\ipinip.sys
20:42:09.0952 0700 IpNat C:\windows\system32\DRIVERS\ipnat.sys
20:42:10.0124 0700 iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:42:10.0202 0700 IPSec C:\windows\system32\DRIVERS\ipsec.sys
20:42:10.0343 0700 IRENUM C:\windows\system32\DRIVERS\irenum.sys
20:42:10.0436 0700 isapnp C:\windows\system32\DRIVERS\isapnp.sys
20:42:10.0624 0700 JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:42:10.0639 0700 Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:42:10.0811 0700 kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:42:10.0952 0700 kmixer C:\windows\system32\drivers\kmixer.sys
20:42:11.0093 0700 KSecDD C:\windows\system32\drivers\KSecDD.sys
20:42:11.0139 0700 lanmanserver C:\windows\System32\srvsvc.dll
20:42:11.0186 0700 lanmanworkstation C:\windows\System32\wkssvc.dll
20:42:11.0249 0700 LmHosts C:\windows\System32\lmhsvc.dll
20:42:11.0421 0700 McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:42:11.0452 0700 Messenger C:\windows\System32\msgsvc.dll
20:42:11.0608 0700 MHN C:\windows\System32\mhn.dll
20:42:11.0608 0700 MHN ( UnsignedFile.Multi.Generic ) - warning
20:42:11.0608 0700 MHN - detected UnsignedFile.Multi.Generic (1)
20:42:11.0639 0700 MHNDRV C:\windows\system32\DRIVERS\mhndrv.sys
20:42:11.0639 0700 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:42:11.0639 0700 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:42:11.0639 0700 mnmdd C:\windows\system32\drivers\mnmdd.sys
20:42:11.0796 0700 mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:42:11.0952 0700 Modem C:\windows\system32\drivers\Modem.sys
20:42:12.0093 0700 Mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:42:12.0249 0700 mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:42:12.0374 0700 MountMgr C:\windows\system32\drivers\MountMgr.sys
20:42:12.0499 0700 MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
20:42:12.0702 0700 MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:42:12.0827 0700 MSDTC C:\WINDOWS\system32\msdtc.exe
20:42:12.0999 0700 Msfs C:\windows\system32\drivers\Msfs.sys
20:42:13.0139 0700 MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:42:13.0280 0700 MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:42:13.0421 0700 MSPQM C:\windows\system32\drivers\MSPQM.sys
20:42:13.0592 0700 mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:42:13.0780 0700 MTsensor C:\windows\system32\DRIVERS\ASACPI.sys
20:42:13.0858 0700 Mup C:\windows\system32\drivers\Mup.sys
20:42:14.0077 0700 napagent C:\windows\System32\qagentrt.dll
20:42:14.0233 0700 NDIS C:\windows\system32\drivers\NDIS.sys
20:42:14.0374 0700 NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:42:14.0421 0700 Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:42:14.0546 0700 NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:42:14.0686 0700 NDProxy C:\windows\system32\drivers\NDProxy.sys
20:42:14.0749 0700 NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:42:14.0889 0700 NetBT C:\windows\system32\DRIVERS\netbt.sys
20:42:15.0030 0700 NetDDE C:\windows\system32\netdde.exe
20:42:15.0155 0700 NetDDEdsdm C:\windows\system32\netdde.exe
20:42:15.0311 0700 Netlogon C:\windows\system32\lsass.exe
20:42:15.0467 0700 Netman C:\windows\System32\netman.dll
20:42:15.0624 0700 NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:15.0655 0700 NIC1394 C:\windows\system32\DRIVERS\nic1394.sys
20:42:15.0811 0700 Nla C:\windows\System32\mswsock.dll
20:42:15.0858 0700 Npfs C:\windows\system32\drivers\Npfs.sys
20:42:16.0014 0700 Ntfs C:\windows\system32\drivers\Ntfs.sys
20:42:16.0139 0700 NtLmSsp C:\windows\system32\lsass.exe
20:42:16.0295 0700 NtmsSvc C:\windows\system32\ntmssvc.dll
20:42:16.0452 0700 Null C:\windows\system32\drivers\Null.sys
20:42:16.0655 0700 nv C:\windows\system32\DRIVERS\nv4_mini.sys
20:42:16.0842 0700 NVSvc C:\windows\system32\nvsvc32.exe
20:42:16.0905 0700 NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
20:42:17.0030 0700 NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
20:42:17.0170 0700 ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
20:42:17.0311 0700 Parport C:\windows\system32\DRIVERS\parport.sys
20:42:17.0420 0700 PartMgr C:\windows\system32\drivers\PartMgr.sys
20:42:17.0577 0700 ParVdm C:\windows\system32\drivers\ParVdm.sys
20:42:17.0702 0700 PCI C:\windows\system32\DRIVERS\pci.sys
20:42:17.0827 0700 PCIIde C:\windows\system32\DRIVERS\pciide.sys
20:42:17.0952 0700 Pcmcia C:\windows\system32\drivers\Pcmcia.sys
20:42:18.0123 0700 PlugPlay C:\windows\system32\services.exe
20:42:18.0311 0700 PolicyAgent C:\windows\system32\lsass.exe
20:42:18.0452 0700 PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:42:18.0577 0700 ProtectedStorage C:\windows\system32\lsass.exe
20:42:18.0702 0700 PSched C:\windows\system32\DRIVERS\psched.sys
20:42:18.0842 0700 Ptilink C:\windows\system32\DRIVERS\ptilink.sys
20:42:18.0967 0700 PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
20:42:19.0030 0700 RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:42:19.0170 0700 RasAuto C:\windows\System32\rasauto.dll
20:42:19.0311 0700 Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:42:19.0467 0700 RasMan C:\windows\System32\rasmans.dll
20:42:19.0592 0700 RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:42:19.0717 0700 Raspti C:\windows\system32\DRIVERS\raspti.sys
20:42:19.0842 0700 Rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:42:19.0967 0700 RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:42:20.0108 0700 rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
20:42:20.0248 0700 RDPWD C:\windows\system32\drivers\RDPWD.sys
20:42:20.0311 0700 RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:42:20.0467 0700 redbook C:\windows\system32\DRIVERS\redbook.sys
20:42:20.0623 0700 RemoteAccess C:\windows\System32\mprdim.dll
20:42:20.0795 0700 RemoteRegistry C:\windows\system32\regsvc.dll
20:42:20.0983 0700 RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:42:20.0998 0700 RichVideo ( UnsignedFile.Multi.Generic ) - warning
20:42:20.0998 0700 RichVideo - detected UnsignedFile.Multi.Generic (1)
20:42:20.0998 0700 RpcLocator C:\windows\system32\locator.exe
20:42:21.0139 0700 RpcSs C:\windows\system32\rpcss.dll
20:42:21.0217 0700 RSVP C:\windows\system32\rsvp.exe
20:42:21.0342 0700 SamSs C:\windows\system32\lsass.exe
20:42:21.0467 0700 SCardSvr C:\windows\System32\SCardSvr.exe
20:42:21.0639 0700 Schedule C:\windows\system32\schedsvc.dll
20:42:21.0780 0700 Secdrv C:\windows\system32\DRIVERS\secdrv.sys
20:42:21.0858 0700 seclogon C:\windows\System32\seclogon.dll
20:42:22.0014 0700 SenFiltService C:\windows\system32\drivers\Senfilt.sys
20:42:22.0061 0700 SENS C:\windows\system32\sens.dll
20:42:22.0186 0700 serenum C:\windows\system32\DRIVERS\serenum.sys
20:42:22.0311 0700 Serial C:\windows\system32\DRIVERS\serial.sys
20:42:22.0436 0700 Sfloppy C:\windows\system32\drivers\Sfloppy.sys
20:42:22.0592 0700 SharedAccess C:\windows\System32\ipnathlp.dll
20:42:22.0733 0700 ShellHWDetection C:\windows\System32\shsvcs.dll
20:42:22.0779 0700 SONYPVU1 C:\windows\system32\DRIVERS\SONYPVU1.SYS
20:42:22.0920 0700 speedfan C:\windows\system32\speedfan.sys
20:42:22.0998 0700 splitter C:\windows\system32\drivers\splitter.sys
20:42:23.0123 0700 Spooler C:\windows\system32\spoolsv.exe
20:42:23.0139 0700 sr C:\windows\system32\DRIVERS\sr.sys
20:42:23.0233 0700 srservice C:\WINDOWS\system32\srsvc.dll
20:42:23.0342 0700 Srv C:\windows\system32\DRIVERS\srv.sys
20:42:23.0404 0700 SSDPSRV C:\windows\System32\ssdpsrv.dll
20:42:23.0514 0700 stisvc C:\windows\system32\wiaservc.dll
20:42:23.0670 0700 swenum C:\windows\system32\DRIVERS\swenum.sys
20:42:23.0811 0700 swmidi C:\windows\system32\drivers\swmidi.sys
20:42:23.0967 0700 sysaudio C:\windows\system32\drivers\sysaudio.sys
20:42:24.0092 0700 SysmonLog C:\windows\system32\smlogsvc.exe
20:42:24.0233 0700 TapiSrv C:\windows\System32\tapisrv.dll
20:42:24.0389 0700 Tcpip C:\windows\system32\DRIVERS\tcpip.sys
20:42:24.0451 0700 TDPIPE C:\windows\system32\drivers\TDPIPE.sys
20:42:24.0576 0700 TDTCP C:\windows\system32\drivers\TDTCP.sys
20:42:24.0717 0700 TermDD C:\windows\system32\DRIVERS\termdd.sys
20:42:24.0858 0700 TermService C:\windows\System32\termsrv.dll
20:42:24.0983 0700 Themes C:\windows\System32\shsvcs.dll
20:42:25.0029 0700 TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:42:25.0170 0700 TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:42:25.0201 0700 TrkWks C:\windows\system32\trkwks.dll
20:42:25.0342 0700 uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:42:25.0482 0700 Udfs C:\windows\system32\drivers\Udfs.sys
20:42:25.0639 0700 Update C:\windows\system32\DRIVERS\update.sys
20:42:25.0779 0700 upnphost C:\windows\System32\upnphost.dll
20:42:25.0857 0700 UPS C:\windows\System32\ups.exe
20:42:26.0014 0700 USBAAPL C:\windows\system32\Drivers\usbaapl.sys
20:42:26.0061 0700 usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:42:26.0201 0700 usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:42:26.0326 0700 usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:42:26.0467 0700 usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:42:26.0623 0700 usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:42:26.0779 0700 USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:42:26.0920 0700 usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:42:27.0045 0700 VgaSave C:\windows\System32\drivers\vga.sys
20:42:27.0186 0700 ViaIde C:\windows\system32\DRIVERS\viaide.sys
20:42:27.0326 0700 videX32 C:\windows\system32\DRIVERS\videX32.sys
20:42:27.0357 0700 VolSnap C:\windows\system32\drivers\VolSnap.sys
20:42:27.0498 0700 VSS C:\windows\System32\vssvc.exe
20:42:27.0592 0700 W32Time C:\WINDOWS\system32\w32time.dll
20:42:27.0717 0700 Wanarp C:\windows\system32\DRIVERS\wanarp.sys
20:42:27.0873 0700 wdmaud C:\windows\system32\drivers\wdmaud.sys
20:42:28.0014 0700 WebClient C:\windows\System32\webclnt.dll
20:42:28.0154 0700 winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:42:28.0420 0700 WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:42:28.0482 0700 Wmi C:\windows\System32\advapi32.dll
20:42:28.0545 0700 WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:42:28.0748 0700 WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:42:28.0826 0700 WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
20:42:28.0982 0700 wscsvc C:\windows\system32\wscsvc.dll
20:42:29.0123 0700 wuauserv C:\WINDOWS\system32\wuauserv.dll
20:42:29.0279 0700 WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
20:42:29.0310 0700 WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
20:42:29.0357 0700 WudfSvc C:\windows\System32\WUDFSvc.dll
20:42:29.0420 0700 WUSB54GPV4SRV C:\windows\system32\DRIVERS\rt2500usb.sys
20:42:29.0467 0700 WUSB54Gv4SVC C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
20:42:29.0467 0700 WUSB54Gv4SVC ( UnsignedFile.Multi.Generic ) - warning
20:42:29.0467 0700 WUSB54Gv4SVC - detected UnsignedFile.Multi.Generic (1)
20:42:29.0514 0700 WZCSVC C:\windows\System32\wzcsvc.dll
20:42:29.0670 0700 xfilt C:\windows\system32\DRIVERS\xfilt.sys
20:42:29.0701 0700 xmlprov C:\windows\System32\xmlprov.dll
20:42:29.0826 0700 ================ Scan global ===============================
20:42:29.0857 0700 C:\windows\system32\basesrv.dll
20:42:29.0889 0700 C:\windows\system32\winsrv.dll
20:42:29.0920 0700 C:\windows\system32\winsrv.dll
20:42:29.0920 0700 C:\windows\system32\services.exe
20:42:29.0935 0700 ================ Scan MBR ==================================
20:42:29.0951 0700 \Device\Harddisk0\DR0
20:42:30.0170 0700 \Device\Harddisk1\DR2
20:42:30.0342 0700 ================ Scan VBR ==================================
20:42:30.0342 0700 \Device\Harddisk0\DR0\Partition1
20:42:30.0342 0700 \Device\Harddisk1\DR2\Partition1
20:42:30.0342 0700 ================ Scan UEFI extensions ======================
20:42:30.0342 0700 ================ Scan active images ========================
20:42:30.0342 0700 ============================================================
20:42:30.0342 0700 Scan finished
20:42:30.0342 0700 ============================================================
20:42:31.0310 3272 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
.
==============================================
C:\TDSSStarter\Report_05-09-2012_2024_.log
==============================================
Registry Export
.
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10243:TCP”=“10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10280:UDP”=“10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10281:UDP”=“10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10282:UDP”=“10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10283:UDP”=“10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10284:UDP”=“10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“3389:TCP”="3389:TCP:*isabled:@xpsp2res.dll,-22009"
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10243:TCP”=“10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10280:UDP”=“10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10281:UDP”=“10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10282:UDP”=“10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10283:UDP”=“10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10284:UDP”=“10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“3389:TCP”="3389:TCP:*isabled:@xpsp2res.dll,-22009"
==============================================
EOF
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Arend Haak at 20:43:15 on 2012-09-05
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.523
.
AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Ziggo internetbeveiliging 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\windows\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Internet Security Pack\Common\FSHDLL32.EXE
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Internet Security Pack\Common\FSM32.EXE
C:\Program Files\Internet Security Pack\FWES\Program\fsdfwd.exe
C:\Program Files\Internet Security Pack\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Security Pack\Anti-Virus\fsav32.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.ziggo.nl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: c:\windows\system32\ctfmon.exe
uRun: c:\program files\regclean pro\RegCleanPro.exe -rem
mRun: “c:\program files\internet security pack\common\FSM32.EXE” /splash
mRun: “c:\program files\internet security pack\fsgui\TNBUtil.exe” /CHECKALL /WAITFORSW
mRun: RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: “c:\program files\common files\apple\apple application support\APSDaemon.exe”
mRun: “c:\program files\quicktime\qttask.exe” -atboottime
mRun: “c:\program files\itunes\iTunesHelper.exe”
mRun: %systemroot%\system32\dumprep 0 -k
IE: Download with &Shareaza
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://go.microsoft.com/fwlink/?LinkId=82580
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5FCE72BB-E742-460A-9723-56B37ABE5AE2} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\syste
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\internet security pack\hips\drivers\fshs.sys
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\internet security pack\anti-virus\fsgk32st.exe
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\internet security pack\anti-virus\minifilter\fsgk.sys
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\internet security pack\orsp client\fsorsp.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys –> c:\windows\system32\drivers\rt2870.sys
.
=============== Created Last 30 ================
.
2012-09-05 18:22:45 ——– d—–w- C:\TDSSStarter
2012-09-04 17:36:56 ——– d—–w- c:\documents and settings\arend haak\application data\Malwarebytes
2012-09-04 17:36:25 ——– d—–w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-04 17:36:22 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 17:36:22 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2012-08-13 07:23:54 ——– d—–w- c:\documents and settings\arend haak\local settings\application data\Downloaded Installations
.
==================== Find3M ====================
.
2012-08-18 08:43:35 70344 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 08:43:35 426184 -c–a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 08:25:12 44240 -c–a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-06 13:58:53 78336 —-a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:21 139784 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:23:00 1866240 —-a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38:21 916992 —-a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38:20 43520 —-a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38:20 1469440 ——w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:56 385024 —-a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:44:03,97 ===============
Ben

05-09-2012 21:13

Hallo,
Hoe draait je pc hierna?
Gr.Ben
Antivirusprikbord.nl
Arend

05-09-2012 21:30

Hoi,
Had het bricht net gepost, toen liep hij vast, gereset nu doet hij het weer.
Heb net het idee als er een programma gaat mee lopen dat hij het niet trekt.
gr. Arend.
Ben

05-09-2012 21:38

Hallo,
Dan gaan we nog één ding bekijken;
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
emptytemp;
filesrcm;
emptyclsid;
startupall;
emptyjava;
emptyflash;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Helpt dit niet moet je toch even bij je eigen nagaan welk programma je heb geïnstalleerd voor je deze problemen kreeg.
Zijn al je drivers wel up to date?
Gr.Ben
Antivirusprikbord.nl
Arend

05-09-2012 22:17

Hoi Ben,
hier het logje, liep helaas bij de herstart weer vast, aan welke drivers moet ik denken.
Zoek.exe Version 3.0.0.3 Updated 04-SEPT-2012
Tool run by Arend Haak on wo 05-09-2012 at 22:02:58,91.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running from: C:\DOCUME~1\ARENDH~1\LOCALS~1\Temp\zoek.exe
==== Suspicious Entries Found ======================
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10243:TCP”=“10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10280:UDP”=“10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10281:UDP”=“10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10282:UDP”=“10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10283:UDP”=“10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10284:UDP”=“10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“3389:TCP”="3389:TCP:*isabled:@xpsp2res.dll,-22009"
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10243:TCP”=“10243:TCP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10280:UDP”=“10280:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10281:UDP”=“10281:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10282:UDP”=“10282:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10283:UDP”=“10283:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“10284:UDP”=“10284:UDP:LocalSubNet:Enabled:Windows Media Player Service voor delen via het netwerk”
“3389:TCP”="3389:TCP:*isabled:@xpsp2res.dll,-22009"
==== Files Recently Created / Modified ======================
====== C:\windows ====
====== C:\DOCUME~1\ARENDH~1\LOCALS~1\Temp ====
2012-09-03 17:58:27 71571DF7DBF4705F3C88222EF1B6FA79 341032 —-a-w- C:\DOCUME~1\ARENDH~1\LOCALS~1\Temp\msscct32.dll
====== C:\windows\system32 =====
====== C:\windows\system32\drivers =====
2012-09-04 17:36:22 6DFE7F2E8E8A337263AA5C92A215F161 22344 —-a-w- C:\windows\System32\drivers\mbam.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Documents and Settings\Arend Haak\Application Data ======
2012-09-04 17:23:40 4471284E31F3883883CB31067D22BD0E 211763 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Application Data\census.cache
2012-09-04 17:23:29 99FC81AB6D341E6AD16CC8F0D4AE1427 198088 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Application Data\ars.cache
2012-09-03 17:47:37 84F32255CFF0D8D99D8D023468C9F577 36 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Application Data\housecall.guid.cache
2012-08-13 07:23:54 ——– d—–w- C:\Documents and Settings\Arend Haak\Local Settings\Application Data\Downloaded Installations
====== C:\Documents and Settings\Arend Haak ======
====== C: exe-files ==
2012-09-05 18:22:23 7AD347718319D488FD9FE6D15DF8DCD6 93184 —-a-w- C:\Documents and Settings\Arend Haak\Mijn documenten\TDSSKStarter.exe
2012-09-04 17:47:15 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Documents and Settings\Arend Haak\Mijn documenten\HijackThis.exe
2012-09-03 17:47:42 FD35BD83DCD48338931442B47644719A 192512 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\bspatch.exe
2012-09-03 17:47:38 A7A0791ECADCF96CAEE258033A2D3878 2445744 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HCBackup\hcpackage.exe
=== C: other files ==
2012-09-05 18:30:01 2E84724E785214F625E16D1E89519DA2 607260 ——r- C:\Documents and Settings\Arend Haak\Mijn documenten\dds.com
2012-09-04 17:36:22 6DFE7F2E8E8A337263AA5C92A215F161 22344 —-a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-09-04 17:15:23 82337F9C52EDF268C4ED5DF450CE1910 486928 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\tscdll32.dll
2012-09-04 17:15:21 5B0514235274FF4C84DC87DE7AF96294 91552 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\BPMNT.dll
2012-09-04 17:15:21 53CB3D2A569106F08924BB4F2DAAE984 25600 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\MEMBOOT.DLL
2012-09-04 17:15:21 050BB5AE62F1B9054DFB7D41250BBFBC 1824272 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\vsapi32.dll
2012-09-03 17:58:27 71571DF7DBF4705F3C88222EF1B6FA79 341032 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\msscct32.dll
2012-09-03 17:47:45 43007FAF2DB8BB4119A604303CD9D842 14126080 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth936700.zip
2012-09-03 17:47:44 B1A40CDE3EC06C7A74C9FF01B3D0CAA6 2392 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
2012-09-03 17:47:43 EE9BF48743DCCEF46527C54BBD8BA5AE 528384 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\libcurl.dll
2012-09-03 17:47:43 DF6FEFE6F98FAFD3E5CE55C81079AF23 315392 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\ssleay32.dll
2012-09-03 17:47:43 DECA60F8772002CB8A7F7215814DDF77 151552 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\libexpatw.dll
2012-09-03 17:47:43 D79B8B7BED8D30387C22663B24E8C191 256904 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\tmcomm.sys
2012-09-03 17:47:43 ACC5FAD1798DBC029D77F08081E268B9 550416 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\tmfbeng.dll
2012-09-03 17:47:43 A38C1A1003C76E5EEBDAE66B0C7B844F 890192 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\tmufeng.dll
2012-09-03 17:47:43 9AA69A2F61E7C4F1C6D94A6C3E3680E0 1249280 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\libeay32.dll
2012-09-03 17:47:43 743F1AEFBFEA418A1B80566B22BBAB68 181776 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\perfiCrcPerfMonMgr.dll
2012-09-03 17:47:43 148D2019D0E7C718793F0E68A87F2FFA 58632 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\utilClientLoader.dll
2012-09-03 17:47:43 0BC449E397A3A82FD48636BFFE19403E 263728 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\TmEngDrv.dll
2012-09-03 17:47:42 9B165FA638E01D5CFEBEEB2C7C29244B 1586224 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\hc_core.dll
2012-09-03 17:47:42 75676CFB7D636406059C49280BB00791 824848 —-a-w- C:\Documents and Settings\Arend Haak\Local Settings\Temp\HouseCall\ICRCHdler.dll
2012-08-31 21:54:39 6199D3312F1DEECCCD5EEB818593E16C 18874368 —-a-w- C:\Documents and Settings\Arend Haak\Mijn documenten\Mijn muziek\iTunes\iTunes Media\Mobile Applications\com.rovio.AngryBirdsHalloween.zip
==== Startup Registry Enabled ======================
“ctfmon.exe”=“C:\windows\system32\ctfmon.exe”
“F-Secure Manager”=“C:\Program Files\Internet Security Pack\Common\FSM32.EXE /splash”
“F-Secure TNB”=“C:\Program Files\Internet Security Pack\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW”
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup”
“MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto”
“APSDaemon”=“C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe -atboottime”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”
“KernelFaultCheck”=“%systemroot%\system32\dumprep 0 -k”
“ctfmon.exe”=“C:\windows\system32\ctfmon.exe”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“AdobeARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Reader_sl”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“APSDaemon”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ctfmon”
“hkey”=“HKCU”
“command”=“C:\\WINDOWS\\system32\\ctfmon.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“ehtray”
“hkey”=“HKLM”
“command”=“C:\\WINDOWS\\ehome\\ehtray.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“HDAShCut”
“hkey”=“HKLM”
“command”=“HDAShCut.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iTunesHelper”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“dumprep 0 -k”
“hkey”=“HKLM”
“command”=“%systemroot%\\system32\\dumprep 0 -k”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Language”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msmsgs”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Messenger\\msmsgs.exe\“ /background”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NvCpl”
“hkey”=“HKLM”
“command”=“RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“NvMcTray”
“hkey”=“HKLM”
“command”=“RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“nwiz”
“hkey”=“HKLM”
“command”=“nwiz.exe /install”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“jusched”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“qttask”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\QuickTime\\qttask.exe\“ -atboottime”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“RegCleanPro”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\RegClean Pro\\RegCleanPro.exe -rem”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Smax4”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\“ /tray”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“smax4pnp”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“jusched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“TomTomHOMERunner”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“WMPNSCFG”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe”
“path”=“C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk”
“backup”=“C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup”
“command”=“C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l”
“item”=“Microsoft Office”
==== Task Scheduler Jobs ======================
C:\windows\tasks\Adobe Flash Player Updater.job –a—— C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\AppleSoftwareUpdate.job –a—— C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\windows\tasks\RegClean Pro_DEFAULT.job –a—— C:\Program Files\RegClean Pro\RegCleanPro.exe
C:\windows\tasks\RegClean Pro_UPDATES.job –a—— C:\Program Files\RegClean Pro\RegCleanPro.exe
C:\windows\tasks\Scheduled scanning task.job –a—— C:\PROGRA1\INTERN2\ANTI-V1\fsav.exe
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\DOCUME~1\ARENDH~1\LOCALS~1\Temp successfully emptied
Ben

06-09-2012 08:07

Hallo,
Ik zie geen malware.
Kijk eens bij Apparaatbeheer of daar gele vraag tekens staan en daar kan je je drivers na kijken.
Schakel ander eens programma’s uit die kunnen storen bij het opstarten:
Tik in uitvoeren/zoeken bij start dit in: Msconfig Hiermee kun je onnodige services/programma's noem het maar op uitschakelen tijdens de volgende reboot
Download CrystalDiskInfo
Installeer het tool en start vervolgens CrystalDiskInfo
N.B. vink wel de meeliftende software uit, indien je niet wenst dat dit ook wordt geïnstalleerd.
Het tool leest daarop de SMART-gegevens van de aangesloten harddisks.
Is de kleur Blauw - dan volledig gezond.
Is de kleur Geel - dan zijn er problemen.
Is de kleur Rood - dan de HD z.s.m. vervangen.
Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)
Gr.Ben
Antivirusprikbord.nl
Ben

11-09-2012 13:37

Omdat er geen reactie meer volgt wordt dit topic gesloten.
Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).
Zij zullen dan het “slotje” er van af halen en het topic is weer geopend.
Gr.Ben
Antivirusprikbord.nl

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

computer loopt vast.

Ben

Arend

Ben

Arend

Ben

Arend

Ben

Arend

Ben

Ben