kan iemand misschien naar mijn logjes kijken??

suus

16-09-2012 10:44

Hallo,
Ik heb microsof security essentials op mijn computer geinstalleerd, ineens kwam de melding dat hij het niet meer deed. Toen heb ik hem verwijderd maar nu doet hij het nog steeds niet??
Misschien dat jullie kunnen helpen want ik kan hem ook niet meer verwijderen.
Hier heb ik de logjes van Hijjack this en mbam:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Databaseversie: v2012.09.16.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
suzanneenchris :: CHRISENSUZANNE
16-9-2012 10:29:56
mbam-log-2012-09-16 (10-29-56).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 209615
Verstreken tijd: 4 minuut/minuten, 56 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 23
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Geen actie ondernomen.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Geen actie ondernomen.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\TWK70 (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\twk70|n (Malware.Trace) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 8
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Geen actie ondernomen.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Geen actie ondernomen.
Bestanden gedetecteerd: 5
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Geen actie ondernomen.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Geen actie ondernomen.
C:\Documents and Settings\All Users\Application Data\TheBflix\aicjcijfbjpmgnlbojmcnflkgeecpfnn.crx (PUP.BFlix) -> Geen actie ondernomen.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Geen actie ondernomen.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Geen actie ondernomen.
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:54, on 16-9-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ik\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzanneenchris\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: “C:\WINDOWS\is-3G23J.exe” /REG /REGSVRMODE
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Documents and Settings\suzanneenchris\Application Data\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\pwdrvioc.dll”,Wusp
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\d3dx9_30S.dll”,Osmoyk
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1140/Navigram.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 6170 bytes
Oh ja, er staat idd een programma op waarmee ik kan zien wat er op mijn computer gedaan wordt dit weten al mijn huisgenoten.
Groeten, Suus
suus

16-09-2012 10:58

Heb ook gekeken met chrystal disk info en hij gaf een waarschuwing in c5 en c6, wie kan mij vertellen wat dit inhoudt?
Ben

16-09-2012 11:09

Hallo,
>>>Oh ja, er staat idd een programma op waarmee ik kan zien wat er op mijn computer gedaan wordt dit weten al mijn huisgenoten.<<<
Heb je daarom ook bewust geen actie ondernomen bij veel dingen wat Mbam wil verwijderen?
Er staan genoeg infecties op je pc, als ik verder ga kan het zijn dat ook automatie het programma O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe waar jij het over heb verwijderd of onderdelen daarvan.
Dus aan jou de keus.
Doe Mbam op nieuw en laat alles verwijderen wat hij vind.
Plaats dat logje en een nieuw HijackThis logje.
Gr.Ben
Antivirusprikbord.nl
suus

16-09-2012 12:19

Hallo,
Het verwijderen in mbam had ik zelf verkeerd gedaan ik dacht dat het programma alles zelf aanvinkte maar dat was niet zo.
Hier de logjes:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:17, on 16-9-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\ik\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzanneenchris\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: E:\ik\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Documents and Settings\suzanneenchris\Application Data\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\pwdrvioc.dll”,Wusp
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\d3dx9_30S.dll”,Osmoyk
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1140/Navigram.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
–
End of file - 6061 bytes
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Databaseversie: v2012.09.16.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
suzanneenchris :: CHRISENSUZANNE
16-9-2012 12:00:31
mbam-log-2012-09-16 (12-00-31).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 209591
Verstreken tijd: 4 minuut/minuten, 10 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 20
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 8
C:\Documents and Settings\All Users\Application Data\TheBflix (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 5
C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\TheBflix\background.html (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\TheBflix\aicjcijfbjpmgnlbojmcnflkgeecpfnn.crx (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\TheBflix\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\TheBflix\settings.ini (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Ben

16-09-2012 13:29

Hallo,
Start HijackThis en kies voor “Do a systemscan only”.
Vink vervolgens enkel deze onderstaande regels aan:
O4 - HKCU\..\Run: “C:\Documents and Settings\suzanneenchris\Application Data\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\pwdrvioc.dll”,Wusp
O4 - HKLM\..\Policies\Explorer\Run: rundll32 “C:\WINDOWS\system32\d3dx9_30S.dll”,Osmoyk
Sluit vervolgens alle vensters, behalve HijackThis. Klik daarna op “Fix checked”.
Wanneer je een vraag krijgt of je het zeker weet, bevestig deze dan met "Ja".
Herstart je pc.
Download ComboFix van >>Hier<<, tevens kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
Antivirusprikbord.nl
suus

16-09-2012 14:13

Hallo,
Hier het logje van combofix
ComboFix 12-09-15.02 - suzanneenchris 16-09-2012 14:01:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1790.1384
Gestart vanuit: c:\documents and settings\suzanneenchris\Bureaublad\proggies\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\msadoex.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gast\Application Data\PriceGong
c:\documents and settings\Gast\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Gast\Application Data\PriceGong\Data\z.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\1.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\371.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\450.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\a.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\b.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\c.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\d.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\e.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\f.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\g.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\h.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\i.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\j.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\k.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\l.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\m.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\n.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\o.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\p.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\q.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\r.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\s.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\t.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\u.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\v.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\w.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\x.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\y.txt
c:\documents and settings\suzanneenchris\Application Data\PriceGong\Data\z.txt
c:\documents and settings\suzanneenchris\Application Data\Toolbar4
c:\documents and settings\suzanneenchris\Application Data\win
c:\documents and settings\suzanneenchris\lame_enc_en.dll
c:\documents and settings\suzanneenchris\lametritonus_en.dll
c:\documents and settings\suzanneenchris\WINDOWS
c:\windows\config.txt
c:\windows\IsUn0413.exe
c:\windows\iun6002.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET10CE.tmp
c:\windows\system32\SET10E1.tmp
c:\windows\system32\SET10E2.tmp
c:\windows\system32\SET10EC.tmp
c:\windows\system32\SET10FF.tmp
c:\windows\system32\SET1104.tmp
c:\windows\system32\SET1110.tmp
c:\windows\system32\SET112B.tmp
c:\windows\system32\SET1140.tmp
c:\windows\system32\SET1156.tmp
c:\windows\system32\SET116C.tmp
c:\windows\system32\SET1173.tmp
c:\windows\system32\SET1174.tmp
c:\windows\system32\SET1175.tmp
c:\windows\system32\SET1177.tmp
c:\windows\system32\SET118C.tmp
c:\windows\system32\SET11B2.tmp
c:\windows\system32\SET11C6.tmp
c:\windows\system32\SET11CF.tmp
c:\windows\system32\SET1222.tmp
c:\windows\system32\SET1226.tmp
c:\windows\system32\SET122E.tmp
c:\windows\system32\SET1276.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET264.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27C.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET416.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SETEA6.tmp
c:\windows\system32\SETEAB.tmp
c:\windows\system32\SETEBD.tmp
c:\windows\system32\SETEE5.tmp
c:\windows\system32\SETF6E.tmp
c:\windows\system32\Thumbs.db
c:\windows\unin0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))
.
.
2012-09-16 08:52 . 2012-09-16 08:52 ——– d—–w- c:\program files\CrystalDiskInfo
2012-09-15 06:51 . 2012-09-16 08:42 ——– d–h–r- c:\documents and settings\suzanneenchris\Onlangs geopend
2012-09-13 14:15 . 2012-09-13 14:15 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Freeze Tag
2012-09-12 19:27 . 2012-09-12 19:27 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\GameDevo
2012-09-12 14:02 . 2012-09-12 14:02 ——– d—–w- c:\program files\MSXML 4.0
2012-09-12 13:56 . 2012-01-09 15:28 8192 —-a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-09-12 13:56 . 2012-01-09 15:28 8192 —-a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-09-12 13:56 . 2012-01-09 15:28 23168 —-a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-09-12 13:55 . 2012-01-09 15:28 18176 —-a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-09-12 08:57 . 2012-09-12 08:57 ——– d—–w- c:\windows\system32\wbem\Repository
2012-09-12 08:57 . 2012-09-16 08:28 ——– d—–w- c:\program files\Microsoft Security Client
2012-09-08 22:49 . 2008-04-14 15:34 32000 -c–a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-09-08 22:49 . 2008-04-14 15:34 32000 —-a-w- c:\windows\system32\drivers\wceusbsh.sys
2012-09-08 22:46 . 2012-09-08 22:46 147456 –sha-r- c:\windows\system32\pwdrvioc.dll
2012-09-08 22:46 . 2012-09-08 22:46 147456 –sha-r- c:\windows\system32\d3dx9_30S.dll
2012-09-08 07:50 . 2012-08-23 07:15 7022536 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3CA1F54-75E2-4313-8395-C10440280BE6}\mpengine.dll
2012-09-08 00:20 . 2012-09-08 00:20 ——– d–h–r- c:\documents and settings\Gast\Onlangs geopend
2012-09-07 03:19 . 2012-08-23 07:15 7022536 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-26 21:15 . 2012-08-26 21:15 ——– d—–w- c:\documents and settings\suzanneenchris\Local Settings\Application Data\BVRP Software
2012-08-25 09:27 . 2012-06-27 13:18 19072 —-a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-08-25 09:26 . 2012-08-25 09:26 ——– d—–w- c:\program files\PC Connectivity Solution
2012-08-21 10:52 . 2012-08-21 10:52 ——– d—–w- c:\program files\Pando Networks
2012-08-18 11:44 . 2012-08-18 11:44 ——– d—–w- c:\documents and settings\Gast\Application Data\Softonic
2012-08-18 11:03 . 2012-09-08 00:06 ——– d—–w- c:\documents and settings\Gast\Local Settings\Application Data\Spotify
2012-08-18 11:02 . 2012-09-08 00:06 ——– d—–w- c:\documents and settings\Gast\Application Data\Spotify
2012-08-18 10:57 . 2012-08-24 06:24 ——– d—–w- c:\program files\Yontoo
2012-08-18 10:57 . 2012-08-18 10:57 ——– d—–w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-18 10:56 . 2012-08-20 08:35 167 —-a-w- C:\user.js
2012-08-18 10:56 . 2012-08-18 10:56 ——– d—–w- c:\program files\Photo!
2012-08-17 21:00 . 2012-09-15 12:28 ——– d—–w- c:\documents and settings\suzanneenchris\Local Settings\Application Data\Spotify
2012-08-17 20:59 . 2012-09-15 12:28 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 07:21 . 2012-03-31 01:10 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 07:21 . 2011-07-17 08:52 73416 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-04-27 12:19 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-27 12:38 477168 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-04-30 13:34 473072 -c–a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-06-27 12:38 73728 —-a-w- c:\windows\system32\javacpl.cpl
2007-03-12 16:59 . 2007-03-12 16:59 299008 -c–a-w- c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“A8GSdsApp”=“e:\ik\A8GSdsApp\AGSeiApp.exe”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe”
.
@=“Service”
.
@=“Driver”
.
2012-07-27 20:51 919008 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2009-04-24 03:21 203928 -c–a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
2009-11-01 17:30 2508104 -c–a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
2009-09-03 16:43 767312 -c–a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
2008-02-25 11:29 1626112 ——w- c:\windows\system32\nwiz.exe
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“e:\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\utorrent\\uTorrent.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Documents and Settings\\suzanneenchris\\Application Data\\Spotify\\spotify.exe”=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys
S1 lcxdpazj;lcxdpazj;\??\c:\windows\system32\drivers\lcxdpazj.sys –> c:\windows\system32\drivers\lcxdpazj.sys
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys –> c:\program files\VMLaunch\BuddyVM.sys
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{33FC4C53-B05F-4A01-BB75-92ECC69D5A92}.job
- c:\windows\system32\msfeedssync.exe
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{BA22967F-1414-42CD-B789-3DDD77ACE2E3}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-iTunesHelper - e:\i\iTunesHelper.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-Sony PC Companion - c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
Voltooingstijd: 2012-09-16 14:09:36
ComboFix-quarantined-files.txt 2012-09-16 12:09
.
Pre-Run: 25.990.045.696 bytes beschikbaar
Post-Run: 25.992.658.944 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
.
- - End Of File - - C508BB9F06DB9B8BDB8085E4D7A1978F
Ben

16-09-2012 17:11

Hallo,
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
Folder::
c:\program files\Yontoo
c:\documents and settings\Gast\Application Data\Softonic
File::
c:\windows\system32\pwdrvioc.dll
c:\windows\system32\d3dx9_30S.dll
c:\windows\system32\drivers\lcxdpazj.sys
Driver::
lcxdpazj
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord..
Gr. Ben
Antivirusprikbord.nl
suus

16-09-2012 18:10

ComboFix 12-09-15.02 - suzanneenchris 16-09-2012 17:58:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1790.1272
Gestart vanuit: c:\documents and settings\suzanneenchris\Bureaublad\proggies\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\suzanneenchris\Bureaublad\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
“c:\windows\system32\d3dx9_30S.dll”
“c:\windows\system32\drivers\lcxdpazj.sys”
“c:\windows\system32\pwdrvioc.dll”
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gast\Application Data\Softonic
c:\program files\Yontoo
c:\windows\system32\d3dx9_30S.dll
c:\windows\system32\pwdrvioc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_lcxdpazj
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-16 to 2012-09-16 ))))))))))))))))))))))))))))))
.
.
2012-09-16 08:52 . 2012-09-16 08:52 ——– d—–w- c:\program files\CrystalDiskInfo
2012-09-15 06:51 . 2012-09-16 15:54 ——– d–h–r- c:\documents and settings\suzanneenchris\Onlangs geopend
2012-09-13 14:15 . 2012-09-13 14:15 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Freeze Tag
2012-09-12 19:27 . 2012-09-12 19:27 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\GameDevo
2012-09-12 14:02 . 2012-09-12 14:02 ——– d—–w- c:\program files\MSXML 4.0
2012-09-12 13:56 . 2012-01-09 15:28 8192 —-a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-09-12 13:56 . 2012-01-09 15:28 8192 —-a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-09-12 13:56 . 2012-01-09 15:28 23168 —-a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-09-12 13:55 . 2012-01-09 15:28 18176 —-a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-09-12 08:57 . 2012-09-12 08:57 ——– d—–w- c:\windows\system32\wbem\Repository
2012-09-12 08:57 . 2012-09-16 08:28 ——– d—–w- c:\program files\Microsoft Security Client
2012-09-08 22:49 . 2008-04-14 15:34 32000 -c–a-w- c:\windows\system32\dllcache\wceusbsh.sys
2012-09-08 22:49 . 2008-04-14 15:34 32000 —-a-w- c:\windows\system32\drivers\wceusbsh.sys
2012-09-08 07:50 . 2012-08-23 07:15 7022536 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3CA1F54-75E2-4313-8395-C10440280BE6}\mpengine.dll
2012-09-08 00:20 . 2012-09-08 00:20 ——– d–h–r- c:\documents and settings\Gast\Onlangs geopend
2012-09-07 03:19 . 2012-08-23 07:15 7022536 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-26 21:15 . 2012-08-26 21:15 ——– d—–w- c:\documents and settings\suzanneenchris\Local Settings\Application Data\BVRP Software
2012-08-25 09:27 . 2012-06-27 13:18 19072 —-a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-08-25 09:26 . 2012-08-25 09:26 ——– d—–w- c:\program files\PC Connectivity Solution
2012-08-21 10:52 . 2012-08-21 10:52 ——– d—–w- c:\program files\Pando Networks
2012-08-18 11:03 . 2012-09-08 00:06 ——– d—–w- c:\documents and settings\Gast\Local Settings\Application Data\Spotify
2012-08-18 11:02 . 2012-09-08 00:06 ——– d—–w- c:\documents and settings\Gast\Application Data\Spotify
2012-08-18 10:57 . 2012-08-18 10:57 ——– d—–w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-08-18 10:56 . 2012-08-20 08:35 167 —-a-w- C:\user.js
2012-08-18 10:56 . 2012-08-18 10:56 ——– d—–w- c:\program files\Photo!
2012-08-17 21:00 . 2012-09-15 12:28 ——– d—–w- c:\documents and settings\suzanneenchris\Local Settings\Application Data\Spotify
2012-08-17 20:59 . 2012-09-15 12:28 ——– d—–w- c:\documents and settings\suzanneenchris\Application Data\Spotify
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 07:21 . 2012-03-31 01:10 696520 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 07:21 . 2011-07-17 08:52 73416 -c–a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-04-27 12:19 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-27 12:38 477168 —-a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-04-30 13:34 473072 -c–a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-06-27 12:38 73728 —-a-w- c:\windows\system32\javacpl.cpl
2007-03-12 16:59 . 2007-03-12 16:59 299008 -c–a-w- c:\program files\navigram_register.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_12.07.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-16 16:04 . 2012-09-16 16:04 16384 c:\windows\Temp\Perflib_Perfdata_c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RTHDCPL”=“RTHDCPL.EXE”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“A8GSdsApp”=“e:\ik\A8GSdsApp\AGSeiApp.exe”
“BluetoothAuthenticationAgent”=“bthprops.cpl”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe”
.
@=“Service”
.
@=“Driver”
.
2012-07-27 20:51 919008 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2009-04-24 03:21 203928 -c–a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
2009-11-01 17:30 2508104 -c–a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
2009-09-03 16:43 767312 -c–a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
2008-02-25 11:29 1626112 ——w- c:\windows\system32\nwiz.exe
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“e:\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\utorrent\\uTorrent.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Documents and Settings\\suzanneenchris\\Application Data\\Spotify\\spotify.exe”=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\VMLaunch\BuddyVM.sys –> c:\program files\VMLaunch\BuddyVM.sys
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-09-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{33FC4C53-B05F-4A01-BB75-92ECC69D5A92}.job
- c:\windows\system32\msfeedssync.exe
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{BA22967F-1414-42CD-B789-3DDD77ACE2E3}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 18:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘explorer.exe’(1572)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\System32\SCardSvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-16 18:08:25 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-16 16:08
ComboFix2.txt 2012-09-16 12:09
.
Pre-Run: 26.004.271.104 bytes beschikbaar
Post-Run: 25.923.801.088 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1EEC6D160E89EF3969F2A016A8B34E1C
Zoals gevraagd het logje.
Bedankt voor het werk dat jullie/jij doen/doet!
Ben

16-09-2012 18:54

Hallo,
Download AdwCleaner by Xplode naar je Bureaublad.
Sluit alle openstaande vensters
Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
Klik vervolgens op Delete
lik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner.txt ) post de inhoud in een volgende bericht.
Als je Startpagina ook gehijackt was, stel deze dan opnieuw in ,deze wordt namelijk standaard door AdwCleaner terug gezet naar Google.
Download TDSSKStarter naar het bureaublad.
"TDSSKStarter.exe" gebruiken:
Sluit nu eerst alle nog openstaande programmavensters!
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met TDSSKStarter.exe
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op "TDSSKStarter.exe".
Windows Vista en Windows 7: start de tool middels rechtsklik op "TDSSKStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Gr.Ben
Antivirusprikbord.nl
suus

16-09-2012 19:14

19:08:27.0718 3220 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:08:27.0718 3220 ============================================================
19:08:27.0718 3220 Current date / time: 2012/09/16 19:08:27.0718
19:08:27.0718 3220 SystemInfo:
19:08:27.0718 3220
19:08:27.0718 3220 OS Version: 5.1.2600 ServicePack: 3.0
19:08:27.0718 3220 Product type: Workstation
19:08:27.0718 3220 ComputerName: CHRISENSUZANNE
19:08:27.0718 3220 UserName: suzanneenchris
19:08:27.0718 3220 Windows directory: C:\WINDOWS
19:08:27.0718 3220 System windows directory: C:\WINDOWS
19:08:27.0718 3220 Processor architecture: Intel x86
19:08:27.0718 3220 Number of processors: 1
19:08:27.0718 3220 Page size: 0x1000
19:08:27.0718 3220 Boot type: Normal boot
19:08:27.0718 3220 ============================================================
19:08:28.0062 3220 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000058
19:08:28.0062 3220 ============================================================
19:08:28.0062 3220 \Device\Harddisk0\DR0:
19:08:28.0078 3220 MBR partitions:
19:08:28.0078 3220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1384C7A, BlocksNum 0x63F7D3D
19:08:28.0093 3220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x777C9F6, BlocksNum 0xB29C0CB
19:08:28.0093 3220 ============================================================
19:08:28.0125 3220 C: <-> \Device\Harddisk0\DR0\Partition1
19:08:28.0156 3220 E: <-> \Device\Harddisk0\DR0\Partition2
19:08:28.0156 3220 ============================================================
19:08:28.0156 3220 Initialize success
19:08:28.0156 3220 ============================================================
19:08:28.0218 0540 ============================================================
19:08:28.0218 0540 Scan started
19:08:28.0218 0540 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
19:08:28.0218 0540 ============================================================
19:08:28.0406 0540 ================ Scan system memory ========================
19:08:28.0406 0540 ================ Scan services =============================
19:08:28.0625 0540 ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:08:28.0875 0540 ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:08:29.0234 0540 AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:29.0281 0540 aec C:\WINDOWS\system32\drivers\aec.sys
19:08:29.0468 0540 AFD C:\WINDOWS\System32\drivers\afd.sys
19:08:29.0531 0540 Alerter C:\WINDOWS\system32\alrsvc.dll
19:08:29.0718 0540 ALG C:\WINDOWS\System32\alg.exe
19:08:29.0875 0540 aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:08:29.0906 0540 AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:08:30.0078 0540 atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:08:30.0234 0540 Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:08:30.0406 0540 AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:08:30.0531 0540 audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:08:30.0687 0540 Beep C:\WINDOWS\system32\drivers\Beep.sys
19:08:30.0875 0540 BITS C:\WINDOWS\system32\qmgr.dll
19:08:31.0093 0540 Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:08:31.0140 0540 Browser C:\WINDOWS\System32\browser.dll
19:08:31.0265 0540 BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:08:31.0437 0540 BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:08:31.0609 0540 BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:08:31.0812 0540 BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
19:08:31.0859 0540 BthServ C:\WINDOWS\System32\bthserv.dll
19:08:32.0031 0540 BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:08:32.0218 0540 cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:32.0390 0540 Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:32.0593 0540 Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:32.0765 0540 Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:32.0953 0540 CiSvc C:\WINDOWS\system32\cisvc.exe
19:08:33.0125 0540 ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:08:33.0312 0540 clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:33.0375 0540 clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:33.0421 0540 CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:08:33.0562 0540 DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:08:33.0609 0540 Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:08:33.0812 0540 Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:34.0015 0540 dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:08:34.0203 0540 dmio C:\WINDOWS\system32\drivers\dmio.sys
19:08:34.0390 0540 dmload C:\WINDOWS\system32\drivers\dmload.sys
19:08:34.0562 0540 dmserver C:\WINDOWS\System32\dmserver.dll
19:08:34.0718 0540 DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:08:34.0890 0540 Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:08:35.0015 0540 Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:08:35.0187 0540 drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:35.0359 0540 DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
19:08:35.0375 0540 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
19:08:35.0375 0540 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
19:08:35.0406 0540 e.dentifier2 C:\WINDOWS\system32\DRIVERS\aabed2.sys
19:08:35.0453 0540 EapHost C:\WINDOWS\System32\eapsvc.dll
19:08:35.0625 0540 ERSvc C:\WINDOWS\System32\ersvc.dll
19:08:35.0765 0540 Eventlog C:\WINDOWS\system32\services.exe
19:08:35.0796 0540 EventSystem C:\WINDOWS\system32\es.dll
19:08:35.0828 0540 Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:36.0015 0540 FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:08:36.0125 0540 Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:08:36.0281 0540 Fips C:\WINDOWS\system32\drivers\Fips.sys
19:08:36.0453 0540 Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:08:36.0625 0540 FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:08:36.0843 0540 FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:36.0875 0540 fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:08:36.0953 0540 fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:08:37.0015 0540 Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:37.0187 0540 Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:37.0343 0540 ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
19:08:37.0390 0540 ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
19:08:37.0421 0540 Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:37.0593 0540 HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:37.0812 0540 HidServ C:\WINDOWS\System32\hidserv.dll
19:08:37.0968 0540 HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:38.0109 0540 hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:08:38.0265 0540 HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:38.0437 0540 HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:08:38.0593 0540 i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:38.0828 0540 IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:08:38.0843 0540 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:08:38.0843 0540 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:08:38.0906 0540 idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:38.0953 0540 Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:39.0187 0540 ImapiService C:\WINDOWS\system32\imapi.exe
19:08:39.0500 0540 IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:08:39.0703 0540 ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:08:39.0875 0540 IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:40.0031 0540 IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:40.0187 0540 IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:40.0328 0540 IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:40.0484 0540 IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:40.0562 0540 isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:40.0781 0540 JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:08:40.0796 0540 Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:40.0953 0540 kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:08:41.0125 0540 KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:41.0171 0540 lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:08:41.0343 0540 lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:08:41.0390 0540 LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:08:41.0546 0540 Messenger C:\WINDOWS\System32\msgsvc.dll
19:08:41.0734 0540 mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:42.0109 0540 mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:08:42.0531 0540 Modem C:\WINDOWS\system32\drivers\Modem.sys
19:08:43.0000 0540 Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:43.0296 0540 mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:43.0437 0540 MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:43.0593 0540 MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:08:43.0625 0540 MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:43.0796 0540 MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:43.0843 0540 MSDTC C:\WINDOWS\System32\msdtc.exe
19:08:43.0984 0540 Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:08:44.0125 0540 MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:44.0312 0540 MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:08:44.0359 0540 MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:44.0531 0540 MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:44.0687 0540 mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:44.0828 0540 Mup C:\WINDOWS\system32\drivers\Mup.sys
19:08:45.0343 0540 napagent C:\WINDOWS\System32\qagentrt.dll
19:08:45.0562 0540 NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:08:45.0875 0540 NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:46.0046 0540 Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:46.0203 0540 NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:46.0453 0540 NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:46.0890 0540 NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:47.0484 0540 NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:47.0796 0540 NetDDE C:\WINDOWS\system32\netdde.exe
19:08:48.0031 0540 NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:08:48.0265 0540 Netlogon C:\WINDOWS\system32\lsass.exe
19:08:48.0500 0540 Netman C:\WINDOWS\System32\netman.dll
19:08:48.0734 0540 NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:48.0828 0540 Nla C:\WINDOWS\System32\mswsock.dll
19:08:48.0984 0540 nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
19:08:49.0234 0540 nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:08:49.0484 0540 Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:08:49.0640 0540 Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:50.0171 0540 NtLmSsp C:\WINDOWS\System32\lsass.exe
19:08:50.0734 0540 NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:08:50.0953 0540 Null C:\WINDOWS\system32\drivers\Null.sys
19:08:51.0656 0540 nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:08:51.0921 0540 NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:08:51.0953 0540 nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
19:08:52.0015 0540 nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:08:52.0062 0540 NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:08:52.0125 0540 NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:52.0265 0540 NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:52.0468 0540 odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:08:52.0515 0540 ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:52.0562 0540 Parport C:\WINDOWS\system32\drivers\Parport.sys
19:08:52.0718 0540 PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:52.0906 0540 ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:53.0093 0540 pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:08:53.0125 0540 PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:53.0281 0540 PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:53.0421 0540 Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:53.0609 0540 PlugPlay C:\WINDOWS\system32\services.exe
19:08:53.0625 0540 PolicyAgent C:\WINDOWS\system32\lsass.exe
19:08:53.0750 0540 PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:53.0921 0540 Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:08:54.0062 0540 ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:08:54.0187 0540 PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:54.0390 0540 Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:54.0578 0540 pwdrvio C:\WINDOWS\system32\pwdrvio.sys
19:08:54.0609 0540 pwdspio C:\WINDOWS\system32\pwdspio.sys
19:08:54.0640 0540 PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:08:54.0687 0540 RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:54.0859 0540 RasAuto C:\WINDOWS\System32\rasauto.dll
19:08:55.0000 0540 Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:55.0140 0540 RasMan C:\WINDOWS\System32\rasmans.dll
19:08:55.0250 0540 RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:55.0406 0540 Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:55.0531 0540 Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:55.0687 0540 RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:55.0859 0540 RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:56.0015 0540 RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:08:56.0156 0540 redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:56.0328 0540 RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:08:56.0468 0540 RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:08:56.0609 0540 RpcLocator C:\WINDOWS\System32\locator.exe
19:08:56.0750 0540 RpcSs C:\WINDOWS\System32\rpcss.dll
19:08:56.0796 0540 RSVP C:\WINDOWS\System32\rsvp.exe
19:08:57.0015 0540 s0017bus C:\WINDOWS\system32\DRIVERS\s0017bus.sys
19:08:57.0062 0540 s0017mdfl C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
19:08:57.0093 0540 s0017mdm C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
19:08:57.0140 0540 s0017mgmt C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
19:08:57.0171 0540 s0017nd5 C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
19:08:57.0203 0540 s0017obex C:\WINDOWS\system32\DRIVERS\s0017obex.sys
19:08:57.0250 0540 s0017unic C:\WINDOWS\system32\DRIVERS\s0017unic.sys
19:08:57.0296 0540 s1018bus C:\WINDOWS\system32\DRIVERS\s1018bus.sys
19:08:57.0312 0540 s1018mdfl C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
19:08:57.0328 0540 s1018mdm C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
19:08:57.0359 0540 s1018mgmt C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
19:08:57.0421 0540 s1018nd5 C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
19:08:57.0453 0540 s1018obex C:\WINDOWS\system32\DRIVERS\s1018obex.sys
19:08:57.0468 0540 s1018unic C:\WINDOWS\system32\DRIVERS\s1018unic.sys
19:08:57.0484 0540 SamSs C:\WINDOWS\system32\lsass.exe
19:08:57.0609 0540 SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:08:57.0781 0540 Schedule C:\WINDOWS\system32\schedsvc.dll
19:08:57.0921 0540 Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:58.0000 0540 seclogon C:\WINDOWS\System32\seclogon.dll
19:08:58.0125 0540 seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
19:08:58.0171 0540 SENS C:\WINDOWS\system32\sens.dll
19:08:58.0296 0540 Serial C:\WINDOWS\system32\drivers\Serial.sys
19:08:58.0484 0540 ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:08:58.0546 0540 Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:58.0703 0540 SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:08:58.0843 0540 ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:08:58.0984 0540 SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:08:59.0125 0540 splitter C:\WINDOWS\system32\drivers\splitter.sys
19:08:59.0281 0540 Spooler C:\WINDOWS\system32\spoolsv.exe
19:08:59.0437 0540 sptd C:\WINDOWS\system32\Drivers\sptd.sys
19:08:59.0437 0540 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
19:08:59.0437 0540 sptd ( LockedFile.Multi.Generic ) - warning
19:08:59.0437 0540 sptd - detected LockedFile.Multi.Generic (1)
19:08:59.0437 0540 sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:59.0531 0540 srservice C:\WINDOWS\system32\srsvc.dll
19:08:59.0671 0540 Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:59.0703 0540 SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:08:59.0875 0540 StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
19:08:59.0906 0540 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
19:08:59.0906 0540 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
19:08:59.0937 0540 stisvc C:\WINDOWS\system32\wiaservc.dll
19:09:00.0062 0540 swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:09:00.0234 0540 swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:09:00.0375 0540 sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:09:00.0531 0540 SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:09:00.0671 0540 taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
19:09:00.0703 0540 TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:09:00.0859 0540 Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:09:00.0906 0540 TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:09:01.0062 0540 TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:09:01.0203 0540 TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:09:01.0343 0540 TermService C:\WINDOWS\System32\termsrv.dll
19:09:01.0468 0540 Themes C:\WINDOWS\System32\shsvcs.dll
19:09:01.0609 0540 TrkWks C:\WINDOWS\system32\trkwks.dll
19:09:01.0750 0540 Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:09:01.0921 0540 Update C:\WINDOWS\system32\DRIVERS\update.sys
19:09:02.0093 0540 upnphost C:\WINDOWS\System32\upnphost.dll
19:09:02.0171 0540 upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:09:02.0281 0540 UPS C:\WINDOWS\System32\ups.exe
19:09:02.0421 0540 usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:09:02.0578 0540 usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:09:02.0734 0540 usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:09:02.0875 0540 usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:09:03.0015 0540 usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:09:03.0156 0540 usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:09:03.0312 0540 usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
19:09:03.0453 0540 UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:09:03.0546 0540 usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:09:03.0703 0540 VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:09:03.0843 0540 VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:09:03.0984 0540 VSS C:\WINDOWS\System32\vssvc.exe
19:09:04.0093 0540 W32Time C:\WINDOWS\system32\w32time.dll
19:09:04.0218 0540 Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:09:04.0375 0540 wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:09:04.0531 0540 Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:09:04.0609 0540 wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:09:04.0765 0540 WebClient C:\WINDOWS\System32\webclnt.dll
19:09:04.0921 0540 winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:09:05.0046 0540 winusb C:\WINDOWS\system32\DRIVERS\winusb.sys
19:09:05.0093 0540 WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:09:05.0125 0540 WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:09:05.0281 0540 WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:09:05.0484 0540 WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:09:05.0562 0540 WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:09:05.0640 0540 WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:09:05.0703 0540 WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:09:05.0859 0540 wscsvc C:\WINDOWS\system32\wscsvc.dll
19:09:06.0000 0540 wuauserv C:\WINDOWS\system32\wuauserv.dll
19:09:06.0140 0540 WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:09:06.0187 0540 WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:09:06.0218 0540 WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:09:06.0281 0540 WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:09:06.0406 0540 xmlprov C:\WINDOWS\System32\xmlprov.dll
19:09:06.0593 0540 ================ Scan global ===============================
19:09:06.0609 0540 C:\WINDOWS\system32\basesrv.dll
19:09:06.0656 0540 C:\WINDOWS\system32\winsrv.dll
19:09:06.0671 0540 C:\WINDOWS\system32\winsrv.dll
19:09:06.0687 0540 C:\WINDOWS\system32\services.exe
19:09:06.0687 0540 ================ Scan MBR ==================================
19:09:06.0703 0540 \Device\Harddisk0\DR0
19:09:06.0968 0540 ================ Scan VBR ==================================
19:09:06.0968 0540 \Device\Harddisk0\DR0\Partition1
19:09:07.0000 0540 \Device\Harddisk0\DR0\Partition2
19:09:07.0000 0540 ================ Scan UEFI extensions ======================
19:09:07.0000 0540 ================ Scan active images ========================
19:09:07.0000 0540 ============================================================
19:09:07.0000 0540 Scan finished
19:09:07.0000 0540 ============================================================
19:09:07.0625 3668 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
.
==============================================
C:\TDSSStarter\Report.log
==============================================
Registry Export
.
19:04:45.0718 2356 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:04:45.0718 2356 ============================================================
19:04:45.0718 2356 Current date / time: 2012/09/16 19:04:45.0718
19:04:45.0718 2356 SystemInfo:
19:04:45.0718 2356
19:04:45.0718 2356 OS Version: 5.1.2600 ServicePack: 3.0
19:04:45.0718 2356 Product type: Workstation
19:04:45.0718 2356 ComputerName: CHRISENSUZANNE
19:04:45.0718 2356 UserName: suzanneenchris
19:04:45.0718 2356 Windows directory: C:\WINDOWS
19:04:45.0718 2356 System windows directory: C:\WINDOWS
19:04:45.0718 2356 Processor architecture: Intel x86
19:04:45.0718 2356 Number of processors: 1
19:04:45.0718 2356 Page size: 0x1000
19:04:45.0718 2356 Boot type: Normal boot
19:04:45.0718 2356 ============================================================
19:04:46.0093 2356 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000058
19:04:46.0109 2356 ============================================================
19:04:46.0109 2356 \Device\Harddisk0\DR0:
19:04:46.0109 2356 MBR partitions:
19:04:46.0109 2356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1384C7A, BlocksNum 0x63F7D3D
19:04:46.0125 2356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x777C9F6, BlocksNum 0xB29C0CB
19:04:46.0125 2356 ============================================================
19:04:46.0156 2356 C: <-> \Device\Harddisk0\DR0\Partition1
19:04:46.0218 2356 E: <-> \Device\Harddisk0\DR0\Partition2
19:04:46.0218 2356 ============================================================
19:04:46.0218 2356 Initialize success
19:04:46.0218 2356 ============================================================
19:04:46.0265 2360 ============================================================
19:04:46.0265 2360 Scan started
19:04:46.0265 2360 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
19:04:46.0265 2360 ============================================================
19:04:46.0812 2360 ================ Scan system memory ========================
19:04:46.0812 2360 ================ Scan services =============================
19:04:47.0578 2360 ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:04:48.0421 2360 ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:04:48.0671 2360 AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Hallo,
Hier het logje van tdssk starter, die andere lukt niet.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

kan iemand misschien naar mijn logjes kijken??

suus

suus

Ben

suus

Ben

suus

Ben

suus

Ben

suus