Virus of gijzelprobleem.

Jos H

13-09-2012 09:26

Goedenmorgen Ben of Huib
Ik heb een laptop ter controle /schoonmaak aangeboden gekregen.
Heel veel troep en toolbars verwijderd.
willen jullie de logjes even controleren.?
{\rtf1\ansi\ansicpg1252\deff0\deflang1043{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs20 Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400\par
www.malwarebytes.org\par
\par
Databaseversie: v2012.09.12.06\par
\par
Windows Vista Service Pack 2 x86 NTFS (Veilige modus/netwerkmogelijkheden)\par
Internet Explorer 9.0.8112.16421\par
Leon en Desir\'e9 :: PC_VAN_DE_NIJS \par
\par
Realtime bescherming: Uitgeschakeld\par
\par
12-9-2012 20:43:08\par
mbam-log-2012-09-12 (20-43-08).txt\par
\par
Scantype: Volledige scan (C:\\|)\par
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM\par
Uitgeschakelde scanopties: P2P\par
Objecten gescand: 219135\par
Verstreken tijd: 48 minuut/minuten, 36 seconde(n) \par
\par
Geheugenprocessen gedetecteerd: 0\par
(Geen kwaadaardige objecten gedetecteerd)\par
\par
Geheugenmodulen gedetecteerd: 0\par
(Geen kwaadaardige objecten gedetecteerd)\par
\par
Registersleutels gedetecteerd: 6\par
HKCR\\CLSID\\\{C2961703-4244-417D-AEF4-826B92EE081E\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{C2961703-4244-417D-AEF4-826B92EE081E\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\\{C2961703-4244-417D-AEF4-826B92EE081E\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\\{C2961703-4244-417D-AEF4-826B92EE081E\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
HKCR\\TypeLib\\\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
HKCR\\Interface\\\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB\} (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
\par
Registerwaarden gedetecteerd: 1\par
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run|eyyrtuayipjohsn (Trojan.Winlock) -> Data: C:\\ProgramData\\eyyrtuay.exe -> Succesvol in quarantaine geplaatst en verwijderd.\par
\par
Registerdata gedetecteerd: 0\par
(Geen kwaadaardige objecten gedetecteerd)\par
\par
Mappen gedetecteerd: 0\par
(Geen kwaadaardige objecten gedetecteerd)\par
\par
Bestanden gedetecteerd: 3\par
C:\\ProgramData\\eyyrtuay.exe (Trojan.Winlock) -> Succesvol in quarantaine geplaatst en verwijderd.\par
C:\\ProgramData\\TheBflix\\bhoclass.dll (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.\par
C:\\Users\\Leon en Desir\'e9\\0.12118183225468238.exe (Trojan.Winlock) -> Succesvol in quarantaine geplaatst en verwijderd.\par
\par
\pard (einde)\par
}
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:35, on 13-9-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\2.0”
O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: “C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE” /STANDALONE
O4 - HKLM\..\Run: “C:\Program Files\McAfee\Common Framework\UdaterUI.exe” /StartedFromRunKey
O4 - HKLM\..\Run: C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: “E:\Setup.exe”
O4 - HKLM\..\Run: %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Google\Google Updater\GoogleUpdater.exe” -check_deprecation
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: “C:\Windows\System32\browserchoice.exe” /run
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c9e5b0760499f5) (gupdate1c9e5b0760499f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
–
End of file - 10425 bytes
Ik lees het straks wel of er nog ongeregeldheden tussen zitten.
bij voorbaat dank Jos
fazantje

13-09-2012 09:48

Hoi Jos,
Ik begrijp dat je die laptop nog gewoon kunt bedienen:S
Start HijackThis, klik op scan en vink de volgende regel aan:
O4 - HKLM\..\Run: “E:\Setup.exe”
Sluit alle nog openstaande vensters, behalve HijackThis en klik op fix checked.
Download combofix.exe hier.
Schakel jou virus scanner nu uit.
Dit doe je rechts onderin jou taakbalk
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”.
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Wees geduldig en denk niet van de scanner is op tilt.
De scantijd en het aanmaken van het logje kan zeker, afhankelijk van de besmettingen, varieren van 40 minuten tot wel 1 1/2 uur.
Post de inhoud van dit bestandje samen met een nieuw HijackThis logje.
Succes,
Huib;)
Jos H

13-09-2012 18:34

Hier de gevraagde logjes;
ComboFix 12-09-13.01 - Leon en Desiré 13-09-2012 17:06:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3068.1826
Gestart vanuit: c:\users\Leon en DesirÚ\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ehiioyqdwhjqjhk
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\hpilclpacieflhmobalmaccogiioldoo.crx
c:\programdata\TheBflix\settings.ini
c:\programdata\TheBflix\uninstall.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_COMSysApp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-13 to 2012-09-13 ))))))))))))))))))))))))))))))
.
.
2012-09-13 15:17 . 2012-09-13 15:17 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-13 06:50 . 2012-09-13 06:50 ——– d—–w- c:\program files\Trend Micro
2012-09-12 20:27 . 2012-09-12 20:27 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-12 19:55 . 2012-09-12 19:55 ——– d—–w- c:\program files\CCleaner
2012-09-12 19:47 . 2012-08-23 07:15 7022536 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB189903-7BD2-45C4-8111-BA3158AC98E6}\mpengine.dll
2012-09-12 18:42 . 2012-09-12 18:42 ——– d—–w- c:\users\Leon en Desiré\AppData\Roaming\Malwarebytes
2012-09-12 18:42 . 2012-09-12 18:42 ——– d—–w- c:\programdata\Malwarebytes
2012-09-10 11:36 . 2012-09-10 11:36 ——– d—–w- c:\programdata\bnirbloyioqxyow
2012-08-15 08:58 . 2012-05-11 15:57 623616 —-a-w- c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-12 20:27 . 2012-01-13 20:54 73416 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe”
“KiesHelper”=“c:\program files\Samsung\Kies\KiesHelper.exe”
“KiesTrayAgent”=“c:\program files\Samsung\Kies\KiesTrayAgent.exe”
“KiesPDLR”=“c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”
“QPService”=“c:\program files\HP\QuickPlay\QPService.exe”
“QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”
“OnScreenDisplay”=“c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe”
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe”
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“ShStatEXE”=“c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE”
“McAfeeUpdaterUI”=“c:\program files\McAfee\Common Framework\UdaterUI.exe”
“WheelMouse”=“c:\advanc~1\wh_exec.exe”
“SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Google Updater”=“c:\program files\Google\Google Updater\GoogleUpdater.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
.
“EnableUIADesktopToggle”= 0 (0x0)
.
@=“Driver”
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
2008-02-26 13:06 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-TQ566808 - E:\Setup.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 17:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(4044)
c:\advanced wheel mouse\wh_hook.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\advanced wheel mouse\wh_exec.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-13 17:30:44 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-13 15:30
.
Pre-Run: 37.468.160.000 bytes beschikbaar
Post-Run: 36.927.651.840 bytes beschikbaar
.
- - End Of File - - F41FDE1DA9179A160153429EF8EC0BD9
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:58:01, on 13-9-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\2.0”
O4 - HKLM\..\Run: “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: “C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE” /STANDALONE
O4 - HKLM\..\Run: “C:\Program Files\McAfee\Common Framework\UdaterUI.exe” /StartedFromRunKey
O4 - HKLM\..\Run: C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Google\Google Updater\GoogleUpdater.exe” -check_deprecation
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c9e5b0760499f5) (gupdate1c9e5b0760499f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
–
End of file - 10228 bytes
De besmette comp / laptop had netwerk problemen
Dus even via mijn eigen pc.
Gr Jos
fazantje

13-09-2012 20:34

Hoi Jos,
Ik ben lerende met nieuwe programma's dus het heeft iets langer geduurd.
Schakel als eerst de virusscannaer uit.
Download hier zoek.exe en plaats het op jou bureaublad.
start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze “Combined fix”(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
c:\programdata\bnirbloyioqxyow;f
emptytemp;
filesrcm;
emptyclsid;
startupall;
emptyjava;
emptyflash;
resetIEproxy;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Succes,
Huib;)
Jos H

13-09-2012 22:16

hoi Huib
Ik heb van alles geprobeerd om zoek.exe op het bureaublad te zetten.
Maar dat verdomde vista geeft niet de optie.
Inmiddels heb ik weer netwerkcontact op de laptop en geen melding meer over blokkades .
Kan gewoon internet op.
De melding die ik gisteren kreeg werd op ip adres geblokt.
Stonden er in de logjes nog verdachte zaken.?
PS: vandaag toevallig vernomen dat deze malware of virus vaak voorkomt en dat het kan gebeuren dat de gehele hd gewist wordt.?
Ben

14-09-2012 08:13

Hallo Jos,
We gaan wat anders proberen.
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
Folder::
c:\programdata\bnirbloyioqxyow
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Gr.Ben
Antivirusprikbord.nl
Jos H

14-09-2012 09:28

Hoi Ben
ik ga daar in de loop van de dag mee aan de gang en plaats het bestandje hier.
Moet even naar de dokter.
Gr Jos
Jos H

14-09-2012 14:18

Hier de logjes:
14:09:57.0553 1708 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:09:57.0554 1708 ============================================================
14:09:57.0554 1708 Current date / time: 2012/09/14 14:09:57.0554
14:09:57.0554 1708 SystemInfo:
14:09:57.0554 1708
14:09:57.0554 1708 OS Version: 6.0.6002 ServicePack: 2.0
14:09:57.0554 1708 Product type: Workstation
14:09:57.0555 1708 ComputerName: PC_VAN_DE_NIJS
14:09:57.0555 1708 UserName: Leon en Desir‚
14:09:57.0555 1708 Windows directory: C:\Windows
14:09:57.0555 1708 System windows directory: C:\Windows
14:09:57.0555 1708 Processor architecture: Intel x86
14:09:57.0555 1708 Number of processors: 2
14:09:57.0555 1708 Page size: 0x1000
14:09:57.0555 1708 Boot type: Normal boot
14:09:57.0555 1708 ============================================================
14:09:59.0013 1708 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050
14:09:59.0015 1708 ============================================================
14:09:59.0015 1708 \Device\Harddisk0\DR0:
14:09:59.0016 1708 MBR partitions:
14:09:59.0016 1708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2423DFC1
14:09:59.0016 1708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2423E000, BlocksNum 0x11EF000
14:09:59.0016 1708 ============================================================
14:09:59.0027 1708 C: <-> \Device\Harddisk0\DR0\Partition1
14:09:59.0212 1708 D: <-> \Device\Harddisk0\DR0\Partition2
14:09:59.0212 1708 ============================================================
14:09:59.0212 1708 Initialize success
14:09:59.0212 1708 ============================================================
14:09:59.0251 4400 ============================================================
14:09:59.0251 4400 Scan started
14:09:59.0251 4400 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
14:09:59.0251 4400 ============================================================
14:10:00.0566 4400 ================ Scan system memory ========================
14:10:00.0567 4400 ================ Scan services =============================
14:10:00.0711 4400 Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:10:00.0880 4400 ACPI C:\Windows\system32\drivers\acpi.sys
14:10:01.0030 4400 AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:01.0174 4400 AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:01.0253 4400 adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:10:01.0302 4400 adpahci C:\Windows\system32\drivers\adpahci.sys
14:10:01.0336 4400 adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:10:01.0365 4400 adpu320 C:\Windows\system32\drivers\adpu320.sys
14:10:01.0448 4400 AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:10:01.0577 4400 AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
14:10:01.0708 4400 AFD C:\Windows\system32\drivers\afd.sys
14:10:01.0796 4400 agp440 C:\Windows\system32\drivers\agp440.sys
14:10:01.0874 4400 aic78xx C:\Windows\system32\drivers\djsvs.sys
14:10:01.0950 4400 ALG C:\Windows\System32\alg.exe
14:10:02.0073 4400 aliide C:\Windows\system32\drivers\aliide.sys
14:10:02.0213 4400 amdagp C:\Windows\system32\drivers\amdagp.sys
14:10:02.0239 4400 amdide C:\Windows\system32\drivers\amdide.sys
14:10:02.0294 4400 AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:10:02.0400 4400 AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:10:02.0519 4400 androidusb C:\Windows\system32\Drivers\ssadadb.sys
14:10:02.0621 4400 Appinfo C:\Windows\System32\appinfo.dll
14:10:02.0691 4400 arc C:\Windows\system32\drivers\arc.sys
14:10:02.0741 4400 arcsas C:\Windows\system32\drivers\arcsas.sys
14:10:02.0827 4400 aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:10:02.0902 4400 aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:10:03.0005 4400 AswRdr C:\Windows\system32\drivers\AswRdr.sys
14:10:03.0307 4400 aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:10:03.0422 4400 aswSP C:\Windows\system32\drivers\aswSP.sys
14:10:03.0488 4400 aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:10:03.0560 4400 AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:03.0620 4400 atapi C:\Windows\system32\drivers\atapi.sys
14:10:03.0682 4400 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:10:03.0712 4400 Audiosrv C:\Windows\System32\Audiosrv.dll
14:10:03.0822 4400 avast\Program Files\AVAST Software\Avast\AvastSvc.exe
14:10:03.0944 4400 BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
14:10:04.0048 4400 BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:10:04.0197 4400 Beep C:\Windows\system32\drivers\Beep.sys
14:10:04.0344 4400 BFE C:\Windows\System32\bfe.dll
14:10:04.0523 4400 BITS C:\Windows\system32\qmgr.dll
14:10:04.0648 4400 blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:10:04.0771 4400 bowser C:\Windows\system32\DRIVERS\bowser.sys
14:10:04.0866 4400 BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:10:04.0940 4400 BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:10:05.0070 4400 Browser C:\Windows\System32\browser.dll
14:10:05.0206 4400 Brserid C:\Windows\system32\drivers\brserid.sys
14:10:05.0342 4400 BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:10:05.0430 4400 BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:10:05.0477 4400 BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:10:05.0571 4400 BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:10:05.0623 4400 BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:10:05.0696 4400 BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:10:05.0743 4400 BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:10:05.0846 4400 BthServ C:\Windows\System32\bthserv.dll
14:10:05.0890 4400 BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:10:06.0294 4400 cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:10:06.0402 4400 cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:10:06.0493 4400 CertPropSvc C:\Windows\System32\certprop.dll
14:10:06.0565 4400 circlass C:\Windows\system32\DRIVERS\circlass.sys
14:10:06.0641 4400 CLFS C:\Windows\system32\CLFS.sys
14:10:06.0830 4400 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:06.0926 4400 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:06.0994 4400 CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:10:07.0065 4400 cmdide C:\Windows\system32\drivers\cmdide.sys
14:10:07.0165 4400 Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:10:07.0257 4400 Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:10:07.0462 4400 crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:10:07.0526 4400 Crusoe C:\Windows\system32\drivers\crusoe.sys
14:10:07.0639 4400 CryptSvc C:\Windows\system32\cryptsvc.dll
14:10:07.0737 4400 DcomLaunch C:\Windows\system32\rpcss.dll
14:10:07.0818 4400 DfsC C:\Windows\system32\Drivers\dfsc.sys
14:10:07.0931 4400 DFSR C:\Windows\system32\DFSR.exe
14:10:08.0086 4400 dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
14:10:08.0181 4400 Dhcp C:\Windows\System32\dhcpcsvc.dll
14:10:08.0258 4400 disk C:\Windows\system32\drivers\disk.sys
14:10:08.0329 4400 Dnscache C:\Windows\System32\dnsrslvr.dll
14:10:08.0402 4400 dot3svc C:\Windows\System32\dot3svc.dll
14:10:08.0490 4400 DPS C:\Windows\system32\dps.dll
14:10:08.0587 4400 drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:10:08.0692 4400 DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:10:08.0803 4400 E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:10:08.0944 4400 EapHost C:\Windows\System32\eapsvc.dll
14:10:09.0061 4400 Ecache C:\Windows\system32\drivers\ecache.sys
14:10:09.0188 4400 ehRecvr C:\Windows\ehome\ehRecvr.exe
14:10:09.0246 4400 ehSched C:\Windows\ehome\ehsched.exe
14:10:09.0295 4400 ehstart C:\Windows\ehome\ehstart.dll
14:10:09.0420 4400 elxstor C:\Windows\system32\drivers\elxstor.sys
14:10:09.0474 4400 EMDMgmt C:\Windows\system32\emdmgmt.dll
14:10:09.0549 4400 enecir C:\Windows\system32\DRIVERS\enecir.sys
14:10:09.0616 4400 ErrDev C:\Windows\system32\drivers\errdev.sys
14:10:09.0686 4400 EventSystem C:\Windows\system32\es.dll
14:10:09.0771 4400 exfat C:\Windows\system32\drivers\exfat.sys
14:10:09.0823 4400 ezSharedSvc C:\Windows\System32\ezsvc7.dll
14:10:09.0835 4400 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
14:10:09.0836 4400 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
14:10:09.0894 4400 fastfat C:\Windows\system32\drivers\fastfat.sys
14:10:09.0986 4400 fdc C:\Windows\system32\DRIVERS\fdc.sys
14:10:10.0043 4400 fdPHost C:\Windows\system32\fdPHost.dll
14:10:10.0124 4400 FDResPub C:\Windows\system32\fdrespub.dll
14:10:10.0246 4400 FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:10:10.0282 4400 Filetrace C:\Windows\system32\drivers\filetrace.sys
14:10:10.0367 4400 flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:10:10.0470 4400 FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:10:10.0589 4400 FontCache C:\Windows\system32\FntCache.dll
14:10:10.0731 4400 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:10:10.0805 4400 Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:10:10.0870 4400 gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:10:10.0968 4400 GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
14:10:11.0037 4400 gpsvc C:\Windows\System32\gpsvc.dll
14:10:11.0192 4400 gupdate1c9e5b0760499f5 C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:11.0215 4400 gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:11.0275 4400 gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:10:11.0333 4400 HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:10:11.0453 4400 HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:10:11.0539 4400 HidBth C:\Windows\system32\drivers\hidbth.sys
14:10:11.0659 4400 HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:10:11.0735 4400 hidserv C:\Windows\System32\hidserv.dll
14:10:11.0795 4400 HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:10:11.0865 4400 hkmsvc C:\Windows\system32\kmsvc.dll
14:10:11.0998 4400 HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:10:12.0006 4400 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:10:12.0006 4400 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:10:12.0031 4400 HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:10:12.0059 4400 hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:10:12.0095 4400 HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:10:12.0189 4400 hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
14:10:12.0237 4400 hpsrv C:\Windows\system32\Hpservice.exe
14:10:12.0316 4400 HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:10:12.0433 4400 HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:10:12.0678 4400 HTTP C:\Windows\system32\drivers\HTTP.sys
14:10:12.0731 4400 i2omp C:\Windows\system32\drivers\i2omp.sys
14:10:12.0816 4400 i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:10:12.0899 4400 iaStorV C:\Windows\system32\drivers\iastorv.sys
14:10:13.0019 4400 IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:10:13.0027 4400 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:10:13.0027 4400 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:10:13.0172 4400 idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:10:13.0256 4400 iirsp C:\Windows\system32\drivers\iirsp.sys
14:10:13.0313 4400 IKEEXT C:\Windows\System32\ikeext.dll
14:10:13.0414 4400 intelide C:\Windows\system32\drivers\intelide.sys
14:10:13.0462 4400 intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:10:13.0543 4400 IPBusEnum C:\Windows\system32\ipbusenum.dll
14:10:13.0623 4400 IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:13.0710 4400 iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:10:13.0789 4400 IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:10:13.0865 4400 IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:10:13.0947 4400 IRENUM C:\Windows\system32\drivers\irenum.sys
14:10:14.0051 4400 isapnp C:\Windows\system32\drivers\isapnp.sys
14:10:14.0129 4400 iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:10:14.0190 4400 iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:10:14.0264 4400 iteraid C:\Windows\system32\drivers\iteraid.sys
14:10:14.0357 4400 JMCR C:\Windows\system32\DRIVERS\jmcr.sys
14:10:14.0415 4400 kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:14.0460 4400 kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:14.0522 4400 KeyIso C:\Windows\system32\lsass.exe
14:10:14.0609 4400 KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:10:14.0702 4400 KtmRm C:\Windows\system32\msdtckrm.dll
14:10:14.0814 4400 LanmanServer C:\Windows\System32\srvsvc.dll
14:10:14.0898 4400 LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:10:14.0981 4400 LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:10:14.0986 4400 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:10:14.0986 4400 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:10:15.0019 4400 lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:10:15.0080 4400 lltdsvc C:\Windows\System32\lltdsvc.dll
14:10:15.0135 4400 lmhosts C:\Windows\System32\lmhsvc.dll
14:10:15.0199 4400 LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:10:15.0225 4400 LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:10:15.0257 4400 LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:10:15.0286 4400 luafv C:\Windows\system32\drivers\luafv.sys
14:10:15.0386 4400 McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
14:10:15.0461 4400 Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:10:15.0498 4400 megasas C:\Windows\system32\drivers\megasas.sys
14:10:15.0596 4400 MegaSR C:\Windows\system32\drivers\megasr.sys
14:10:15.0684 4400 MMCSS C:\Windows\system32\mmcss.dll
14:10:15.0771 4400 Modem C:\Windows\system32\drivers\modem.sys
14:10:15.0855 4400 monitor C:\Windows\system32\DRIVERS\monitor.sys
14:10:15.0901 4400 mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:10:15.0935 4400 mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:10:15.0965 4400 MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:10:16.0014 4400 mpio C:\Windows\system32\drivers\mpio.sys
14:10:16.0040 4400 mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:10:16.0102 4400 MpsSvc C:\Windows\system32\mpssvc.dll
14:10:16.0156 4400 Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:10:16.0187 4400 MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:10:16.0266 4400 mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:16.0326 4400 mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:16.0350 4400 mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:16.0429 4400 msahci C:\Windows\system32\drivers\msahci.sys
14:10:16.0483 4400 msdsm C:\Windows\system32\drivers\msdsm.sys
14:10:16.0530 4400 MSDTC C:\Windows\System32\msdtc.exe
14:10:16.0573 4400 Msfs C:\Windows\system32\drivers\Msfs.sys
14:10:16.0628 4400 msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:10:16.0672 4400 MSiSCSI C:\Windows\system32\iscsiexe.dll
14:10:16.0756 4400 MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:10:16.0824 4400 MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:16.0868 4400 MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:10:16.0957 4400 MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:10:17.0028 4400 mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:10:17.0071 4400 MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:10:17.0128 4400 Mup C:\Windows\system32\Drivers\mup.sys
14:10:17.0215 4400 napagent C:\Windows\system32\qagentRT.dll
14:10:17.0292 4400 NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:10:17.0521 4400 NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
14:10:17.0645 4400 NDIS C:\Windows\system32\drivers\ndis.sys
14:10:17.0746 4400 NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:17.0832 4400 Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:17.0959 4400 NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:18.0049 4400 NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:10:18.0115 4400 NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:10:18.0245 4400 netbt C:\Windows\system32\DRIVERS\netbt.sys
14:10:18.0330 4400 Netlogon C:\Windows\system32\lsass.exe
14:10:18.0419 4400 Netman C:\Windows\System32\netman.dll
14:10:18.0544 4400 netprofm C:\Windows\System32\netprofm.dll
14:10:18.0654 4400 NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:10:18.0728 4400 nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:10:18.0789 4400 NlaSvc C:\Windows\System32\nlasvc.dll
14:10:18.0957 4400 NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:10:19.0018 4400 Npfs C:\Windows\system32\drivers\Npfs.sys
14:10:19.0089 4400 nsi C:\Windows\system32\nsisvc.dll
14:10:19.0184 4400 nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:10:19.0309 4400 Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:10:19.0456 4400 ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:10:19.0587 4400 Null C:\Windows\system32\drivers\Null.sys
14:10:19.0736 4400 NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
14:10:19.0902 4400 NVHDA C:\Windows\system32\drivers\nvhda32v.sys
14:10:20.0144 4400 nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:10:20.0429 4400 nvraid C:\Windows\system32\drivers\nvraid.sys
14:10:20.0476 4400 nvstor C:\Windows\system32\drivers\nvstor.sys
14:10:20.0542 4400 nvsvc C:\Windows\system32\nvvsvc.exe
14:10:20.0588 4400 nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:10:20.0747 4400 odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:10:20.0822 4400 ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:10:20.0956 4400 ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:21.0035 4400 p2pimsvc C:\Windows\system32\p2psvc.dll
14:10:21.0092 4400 p2psvc C:\Windows\system32\p2psvc.dll
14:10:21.0177 4400 Parport C:\Windows\system32\drivers\parport.sys
14:10:21.0290 4400 partmgr C:\Windows\system32\drivers\partmgr.sys
14:10:21.0368 4400 Parvdm C:\Windows\system32\drivers\parvdm.sys
14:10:21.0486 4400 PcaSvc C:\Windows\System32\pcasvc.dll
14:10:21.0552 4400 pci C:\Windows\system32\drivers\pci.sys
14:10:21.0651 4400 pciide C:\Windows\system32\drivers\pciide.sys
14:10:21.0692 4400 pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:10:21.0764 4400 pcouffin C:\Windows\system32\Drivers\pcouffin.sys
14:10:21.0835 4400 PEAUTH C:\Windows\system32\drivers\peauth.sys
14:10:22.0021 4400 pla C:\Windows\system32\pla.dll
14:10:22.0148 4400 PlugPlay C:\Windows\system32\umpnpmgr.dll
14:10:22.0211 4400 PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:10:22.0274 4400 PNRPsvc C:\Windows\system32\p2psvc.dll
14:10:22.0340 4400 PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:10:22.0419 4400 PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:10:22.0491 4400 Processor C:\Windows\system32\drivers\processr.sys
14:10:22.0555 4400 ProfSvc C:\Windows\system32\profsvc.dll
14:10:22.0608 4400 ProtectedStorage C:\Windows\system32\lsass.exe
14:10:22.0674 4400 PSched C:\Windows\system32\DRIVERS\pacer.sys
14:10:22.0763 4400 PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:10:23.0217 4400 ql2300 C:\Windows\system32\drivers\ql2300.sys
14:10:23.0288 4400 ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:10:23.0517 4400 QPCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
14:10:23.0607 4400 QPSched C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
14:10:23.0657 4400 QWAVE C:\Windows\system32\qwave.dll
14:10:23.0688 4400 QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:10:23.0747 4400 RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:10:23.0797 4400 RasAuto C:\Windows\System32\rasauto.dll
14:10:23.0851 4400 Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:23.0951 4400 RasMan C:\Windows\System32\rasmans.dll
14:10:24.0009 4400 RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:24.0059 4400 RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:10:24.0117 4400 rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:10:24.0198 4400 RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:24.0258 4400 rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:10:24.0299 4400 RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:10:24.0415 4400 RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:10:24.0488 4400 Recovery Service for Windows C:\Windows\SMINST\BLService.exe
14:10:24.0601 4400 RemoteAccess C:\Windows\System32\mprdim.dll
14:10:24.0681 4400 RemoteRegistry C:\Windows\system32\regsvc.dll
14:10:24.0791 4400 RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:10:24.0968 4400 RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:10:24.0998 4400 RpcLocator C:\Windows\system32\locator.exe
14:10:25.0083 4400 RpcSs C:\Windows\system32\rpcss.dll
14:10:25.0175 4400 rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:10:25.0277 4400 RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:10:25.0342 4400 SamSs C:\Windows\system32\lsass.exe
14:10:25.0388 4400 sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:10:25.0438 4400 SCardSvr C:\Windows\System32\SCardSvr.dll
14:10:25.0548 4400 Schedule C:\Windows\system32\schedsvc.dll
14:10:25.0650 4400 SCPolicySvc C:\Windows\System32\certprop.dll
14:10:25.0727 4400 sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:10:25.0770 4400 SDRSVC C:\Windows\System32\SDRSVC.dll
14:10:25.0830 4400 secdrv C:\Windows\system32\drivers\secdrv.sys
14:10:25.0900 4400 seclogon C:\Windows\system32\seclogon.dll
14:10:25.0962 4400 SENS C:\Windows\system32\sens.dll
14:10:26.0014 4400 Serenum C:\Windows\system32\drivers\serenum.sys
14:10:26.0116 4400 Serial C:\Windows\system32\drivers\serial.sys
14:10:26.0215 4400 sermouse C:\Windows\system32\drivers\sermouse.sys
14:10:26.0290 4400 SessionEnv C:\Windows\system32\sessenv.dll
14:10:26.0373 4400 sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:10:26.0447 4400 sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:10:26.0508 4400 sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:10:26.0557 4400 sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:10:26.0663 4400 SharedAccess C:\Windows\System32\ipnathlp.dll
14:10:26.0723 4400 ShellHWDetection C:\Windows\System32\shsvcs.dll
14:10:26.0761 4400 sisagp C:\Windows\system32\drivers\sisagp.sys
14:10:26.0785 4400 SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:10:26.0815 4400 SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:10:26.0925 4400 SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:10:27.0156 4400 slsvc C:\Windows\system32\SLsvc.exe
14:10:27.0324 4400 SLUINotify C:\Windows\system32\SLUINotify.dll
14:10:27.0386 4400 Smb C:\Windows\system32\DRIVERS\smb.sys
14:10:27.0442 4400 SNMPTRAP C:\Windows\System32\snmptrap.exe
14:10:27.0487 4400 spldr C:\Windows\system32\drivers\spldr.sys
14:10:27.0545 4400 Spooler C:\Windows\System32\spoolsv.exe
14:10:27.0618 4400 srv C:\Windows\system32\DRIVERS\srv.sys
14:10:27.0688 4400 srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:10:27.0752 4400 srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:10:27.0833 4400 ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
14:10:27.0901 4400 ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:10:27.0957 4400 ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
14:10:28.0006 4400 ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
14:10:28.0096 4400 SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:10:28.0194 4400 SstpSvc C:\Windows\system32\sstpsvc.dll
14:10:28.0353 4400 ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
14:10:28.0434 4400 ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
14:10:28.0611 4400 STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
14:10:28.0731 4400 STHDA C:\Windows\system32\DRIVERS\stwrt.sys
14:10:28.0836 4400 stisvc C:\Windows\System32\wiaservc.dll
14:10:28.0922 4400 swenum C:\Windows\system32\DRIVERS\swenum.sys
14:10:28.0976 4400 swprv C:\Windows\System32\swprv.dll
14:10:29.0018 4400 Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:10:29.0060 4400 Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:10:29.0113 4400 Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:10:29.0178 4400 SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:10:29.0244 4400 SysMain C:\Windows\system32\sysmain.dll
14:10:29.0305 4400 TabletInputService C:\Windows\System32\TabSvc.dll
14:10:29.0351 4400 TapiSrv C:\Windows\System32\tapisrv.dll
14:10:29.0417 4400 TBS C:\Windows\System32\tbssvc.dll
14:10:29.0521 4400 Tcpip C:\Windows\system32\drivers\tcpip.sys
14:10:29.0577 4400 Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:10:29.0659 4400 tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:10:29.0710 4400 TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:10:29.0792 4400 TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:10:29.0873 4400 tdx C:\Windows\system32\DRIVERS\tdx.sys
14:10:29.0924 4400 TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:10:29.0992 4400 TermService C:\Windows\System32\termsrv.dll
14:10:30.0080 4400 Themes C:\Windows\system32\shsvcs.dll
14:10:30.0118 4400 THREADORDER C:\Windows\system32\mmcss.dll
14:10:30.0196 4400 TrkWks C:\Windows\System32\trkwks.dll
14:10:30.0306 4400 TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:30.0364 4400 tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:30.0460 4400 tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:10:30.0506 4400 tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:10:30.0601 4400 uagp35 C:\Windows\system32\drivers\uagp35.sys
14:10:30.0673 4400 udfs C:\Windows\system32\DRIVERS\udfs.sys
14:10:30.0759 4400 UI0Detect C:\Windows\system32\UI0Detect.exe
14:10:30.0863 4400 uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:10:30.0907 4400 uliahci C:\Windows\system32\drivers\uliahci.sys
14:10:30.0942 4400 UlSata C:\Windows\system32\drivers\ulsata.sys
14:10:30.0972 4400 ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:10:31.0013 4400 umbus C:\Windows\system32\DRIVERS\umbus.sys
14:10:31.0077 4400 upnphost C:\Windows\System32\upnphost.dll
14:10:31.0131 4400 usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:31.0189 4400 usbcir C:\Windows\system32\drivers\usbcir.sys
14:10:31.0274 4400 usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:10:31.0338 4400 usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:10:31.0391 4400 usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:10:31.0484 4400 usbprint C:\Windows\system32\drivers\usbprint.sys
14:10:31.0575 4400 USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:31.0656 4400 usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:10:31.0693 4400 usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:10:31.0773 4400 usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:10:31.0835 4400 UxSms C:\Windows\System32\uxsms.dll
14:10:31.0892 4400 vds C:\Windows\System32\vds.exe
14:10:31.0978 4400 vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:32.0041 4400 VgaSave C:\Windows\System32\drivers\vga.sys
14:10:32.0110 4400 viaagp C:\Windows\system32\drivers\viaagp.sys
14:10:32.0158 4400 ViaC7 C:\Windows\system32\drivers\viac7.sys
14:10:32.0207 4400 viaide C:\Windows\system32\drivers\viaide.sys
14:10:32.0255 4400 volmgr C:\Windows\system32\drivers\volmgr.sys
14:10:32.0329 4400 volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:10:32.0367 4400 volsnap C:\Windows\system32\drivers\volsnap.sys
14:10:32.0411 4400 vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:10:32.0585 4400 VSS C:\Windows\system32\vssvc.exe
14:10:32.0695 4400 W32Time C:\Windows\system32\w32time.dll
14:10:32.0795 4400 WacomPen C:\Windows\system32\drivers\wacompen.sys
14:10:32.0883 4400 Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:10:32.0923 4400 Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:10:33.0006 4400 wcncsvc C:\Windows\System32\wcncsvc.dll
14:10:33.0102 4400 WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:33.0189 4400 Wd C:\Windows\system32\drivers\wd.sys
14:10:33.0257 4400 Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:10:33.0340 4400 WdiServiceHost C:\Windows\system32\wdi.dll
14:10:33.0402 4400 WdiSystemHost C:\Windows\system32\wdi.dll
14:10:33.0481 4400 WebClient C:\Windows\System32\webclnt.dll
14:10:33.0538 4400 Wecsvc C:\Windows\system32\wecsvc.dll
14:10:33.0620 4400 wercplsupport C:\Windows\System32\wercplsupport.dll
14:10:33.0677 4400 WerSvc C:\Windows\System32\WerSvc.dll
14:10:33.0756 4400 whfltr2k C:\Windows\system32\DRIVERS\whfltr2k.sys
14:10:33.0848 4400 winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:10:33.0935 4400 WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:10:34.0037 4400 Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:10:34.0158 4400 WinRM C:\Windows\system32\WsmSvc.dll
14:10:34.0278 4400 WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
14:10:34.0368 4400 Wlansvc C:\Windows\System32\wlansvc.dll
14:10:34.0456 4400 WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:10:34.0531 4400 wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:10:34.0692 4400 WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:10:34.0799 4400 WPCSvc C:\Windows\System32\wpcsvc.dll
14:10:34.0852 4400 WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:10:34.0927 4400 WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:10:35.0102 4400 WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:10:35.0163 4400 ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:10:35.0219 4400 wscsvc C:\Windows\system32\wscsvc.dll
14:10:35.0410 4400 wuauserv C:\Windows\system32\wuaueng.dll
14:10:35.0754 4400 WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:35.0841 4400 wudfsvc C:\Windows\System32\WUDFSvc.dll
14:10:35.0956 4400 ================ Scan global ===============================
14:10:36.0002 4400 C:\Windows\system32\basesrv.dll
14:10:36.0057 4400 C:\Windows\system32\winsrv.dll
14:10:36.0078 4400 C:\Windows\system32\winsrv.dll
14:10:36.0132 4400 C:\Windows\system32\services.exe
14:10:36.0142 4400 ================ Scan MBR ==================================
14:10:36.0160 4400 \Device\Harddisk0\DR0
14:10:36.0796 4400 ================ Scan VBR ==================================
14:10:36.0798 4400 \Device\Harddisk0\DR0\Partition1
14:10:36.0813 4400 \Device\Harddisk0\DR0\Partition2
14:10:36.0818 4400 ================ Scan UEFI extensions ======================
14:10:36.0818 4400 ================ Scan active images ========================
14:10:36.0818 4400 ============================================================
14:10:36.0818 4400 Scan finished
14:10:36.0818 4400 ============================================================
14:10:37.0725 1224 Deinitialize success
.
==============================================
System Restore Point Check:
.
CScript-fout: Kan script-engine VBScript voor script C:\Users\Leon en Desir‚\AppData\Local\Temp\B366.tmp\createsrp.vbs niet vinden.
==============================================
.
==============================================
C:\TDSSStarter\Report_14-09-2012_1406_.log
==============================================
Registry Export
.
==============================================
EOF
Jos H

14-09-2012 14:19

tweede log:
ComboFix 12-09-13.03 - Leon en Desiré 14-09-2012 13:18:05.3.2 - x86
Gestart vanuit: c:\users\Leon en Desiré\Desktop\Combifix.exe
gebruikte Opdracht switches :: c:\users\Leon en Desiré\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\bnirbloyioqxyow
c:\programdata\bnirbloyioqxyow\btn-green.png
c:\programdata\bnirbloyioqxyow\corners-btn.png
c:\programdata\bnirbloyioqxyow\corners1.png
c:\programdata\bnirbloyioqxyow\corners2.png
c:\programdata\bnirbloyioqxyow\corners3.png
c:\programdata\bnirbloyioqxyow\corners4.png
c:\programdata\bnirbloyioqxyow\ie6-7.css
c:\programdata\bnirbloyioqxyow\jquery.main.js
c:\programdata\bnirbloyioqxyow\main.html
c:\programdata\bnirbloyioqxyow\McAfee.png
c:\programdata\bnirbloyioqxyow\nl-flag.png
c:\programdata\bnirbloyioqxyow\nl-image.png
c:\programdata\bnirbloyioqxyow\pay7.png
c:\programdata\bnirbloyioqxyow\pay8.png
c:\programdata\bnirbloyioqxyow\pay9.png
c:\programdata\bnirbloyioqxyow\steps-en.png
c:\programdata\bnirbloyioqxyow\steps-nl.png
c:\programdata\bnirbloyioqxyow\style.css
c:\programdata\bnirbloyioqxyow\tabs.png
c:\programdata\bnirbloyioqxyow\wait.html
c:\users\Leon en Desiré\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\LEONEN~1\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\erdnt\cache\userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 ))))))))))))))))))))))))))))))
.
.
2012-09-14 11:40 . 2012-09-14 11:40 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-09-14 09:32 . 2012-08-23 07:15 7022536 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00A72833-3CF9-4666-8A13-38895E69CFC8}\mpengine.dll
2012-09-13 17:58 . 2012-08-21 09:13 21256 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-13 17:58 . 2012-08-21 09:13 355632 —-a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-13 17:58 . 2012-08-21 09:13 35928 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-13 17:58 . 2012-08-21 09:13 54232 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-13 17:58 . 2012-08-21 09:13 729752 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-13 17:58 . 2012-08-21 09:13 58680 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-13 17:57 . 2012-08-21 09:12 41224 —-a-w- c:\windows\avastSS.scr
2012-09-13 17:57 . 2012-08-21 09:12 227648 —-a-w- c:\windows\system32\aswBoot.exe
2012-09-13 17:57 . 2012-09-13 17:57 ——– d—–w- c:\programdata\AVAST Software
2012-09-13 17:57 . 2012-09-13 17:57 ——– d—–w- c:\program files\AVAST Software
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-13 06:50 . 2012-09-13 06:50 ——– d—–w- c:\program files\Trend Micro
2012-09-12 20:27 . 2012-09-12 20:27 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-12 19:55 . 2012-09-12 19:55 ——– d—–w- c:\program files\CCleaner
2012-09-12 18:42 . 2012-09-12 18:42 ——– d—–w- c:\users\Leon en Desiré\AppData\Roaming\Malwarebytes
2012-09-12 18:42 . 2012-09-12 18:42 ——– d—–w- c:\programdata\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-13 06:50 . 2012-09-13 06:50 388096 —-a-r- c:\users\Leon en Desiré\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-12 20:27 . 2012-01-13 20:54 73416 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2012-08-21 09:12 121528 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe”
“KiesHelper”=“c:\program files\Samsung\Kies\KiesHelper.exe”
“KiesTrayAgent”=“c:\program files\Samsung\Kies\KiesTrayAgent.exe”
“KiesPDLR”=“c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”
“QPService”=“c:\program files\HP\QuickPlay\QPService.exe”
“QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”
“OnScreenDisplay”=“c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe”
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe”
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe”
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”
“WheelMouse”=“c:\advanc~1\wh_exec.exe”
“SysTrayApp”=“c:\program files\IDT\WDM\sttray.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Google Updater”=“c:\program files\Google\Google Updater\GoogleUpdater.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
.
@=“Driver”
.
2006-11-17 11:39 136768 —-a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
.
.
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
2008-02-26 13:06 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-14 13:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘Explorer.exe’(5972)
c:\advanced wheel mouse\wh_hook.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\advanced wheel mouse\wh_exec.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-14 13:50:24 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-14 11:50
.
Pre-Run: 38.288.027.648 bytes beschikbaar
Post-Run: 37.952.925.696 bytes beschikbaar
.
- - End Of File - - B870ABED0A64564DDDD41669ECF210CF
fazantje

14-09-2012 14:26

Hoi Jos,
De logjes zien er goed uit en combofix heeft zijn werk gedaan(tu)
Download hier AdwCleaner by Xplode naar je Bureaublad.
Sluit alle openstaande vensters.
Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
Klik vervolgens op Delete.
Klik bij AdwCleaner – Information op OK.
Klik bij AdwCleaner – Restart Required op OK.
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal.
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht, samen met een nieuw HijackThis logje.
Vertel ook even hoe het nu gaat.
Succes,
Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Virus of gijzelprobleem.

Jos H

fazantje

Jos H

fazantje

Jos H

Ben

Jos H

Jos H

Jos H

fazantje