gijzelvirus

Guy

30-09-2012 08:46

Hallo Ben
Ik probeer een HP computer met windows 7 op te schonen van dat gijzelvirus maar de cd die ik heb gebrand. pc lukt niet.
Dus ik doe wat gij in een vorig topic hebt gezegd die rescue antivir op het bureaublad gezet en dan op cd gebrand maar die geinfecteerde pc wil niet vanaf de cd opstarten..
Hopelijk kunt gij mij helpen.
Groetjes Guy
Ben

30-09-2012 10:20

Hallo,
Zorg dat je boot volgorden goed ingesteld staat dus cd/dvd als eerste zetten.
Uitleg: http://www.vista-helpdesk.nl/tips-a-tricks-windows-vista/222-bios-opstartvolgorde-aanpassen.html
Kom je ook niet in veilige modus anders kan je daar Mbam uitvoeren en een logje met HijackThis maken.
Gr.Ben
Antivirusprikbord.nl
Guy

30-09-2012 10:50

Hallo Ben
Ik heb geprobeerd om de start aan te passen maar lukt niet, en veilige modus is opgestart maar wat is een Mbam.
Ge. Guy
Ben

30-09-2012 11:22

Hallo,
Staat allemaal in het stappenplan: http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317
Je kan Mbam anders via andere pc op usb stick zetten en daar op besmete pc uitvoeren.
Gr.Ben
Antivirusprikbord.nl
Guy

30-09-2012 11:27

Hallo
Ik doe dit van een andere pc met de besmette pc krijg ik altijd het politie virus .na het opstarten.
Gr. Guy
Ben

30-09-2012 11:31

Hallo,
Zet mbam via schoone pc op usb stick.
Start besmette pc op in veilige modus en zet dan via usb stick mbam op deze pc en voer het uit.
Gr.Ben
Antivirusprikbord.nl
Guy

30-09-2012 16:28

Hallo
Juist terug van Heerlen ga het straks proberen en dan laat ik morgen iets weten.
Gr.Guy
Guy

01-10-2012 08:42

Dag Ben
Hier het gevraagde logje.
Gr. Guy
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:52, on 1/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\HP\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs: BgGamingMonitor.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 9577 bytes
Ben

01-10-2012 08:50

Hallo,
Heb je het logje van Mbam nog, en zou je die ook willen plaatsen.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
Dubbelklik op DDS om de tool te starten.
Let op!!! Windows Vista & 7 gebruikers dienen dds.scr als administrator uit te voeren "klik met rechtermuisknop : uitvoeren als"
DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt
Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.
Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Vertel erbij ook hoe het staat met je probleem.
Gr.Ben
Antivirusprikbord.nl
Guy

01-10-2012 09:26

Hallo Ben
Hier het gevraagde logje
A.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HP at 9:21:25 on 2012-10-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.5611.4244
.
AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Backup
C:\Windows\system32\taskhost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
StartupFolder: C:\Users\HP\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
LSP: C:\Windows\system32\BGLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{06A899AD-E716-4061-96E1-FC9AD0E835A3} : DhcpNameServer = 195.130.130.141 195.130.131.141
TCP: Interfaces\{06A899AD-E716-4061-96E1-FC9AD0E835A3}\45563686E6963736865602449656E63747 : DhcpNameServer = 192.168.1.1 192.168.4.1 195.130.131.3
TCP: Interfaces\{06A899AD-E716-4061-96E1-FC9AD0E835A3}\4756C656E65647D21607E6D23354835453 : DhcpNameServer = 195.130.130.3 195.130.131.3
TCP: Interfaces\{06A899AD-E716-4061-96E1-FC9AD0E835A3}\755627B607C616164737 : DhcpNameServer = 192.168.1.1 192.168.4.1 195.130.130.3
TCP: Interfaces\{7618A3F7-29AC-404E-AEBD-4F7D96A60A7F} : DhcpNameServer = 195.130.130.3 195.130.131.3
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun-x64: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys –> C:\Windows\system32\DRIVERS\amd_sata.sys
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys –> C:\Windows\system32\DRIVERS\amd_xata.sys
R1 AFW;Agnitum Firewall Driver;C:\Windows\system32\DRIVERS\afw.sys –> C:\Windows\system32\DRIVERS\afw.sys
R1 BdSpy;BdSpy;C:\Windows\system32\DRIVERS\BdSpy.sys –> C:\Windows\system32\DRIVERS\BdSpy.sys
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\system32\DRIVERS\NSKernel.sys –> C:\Windows\system32\DRIVERS\NSKernel.sys
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\system32\DRIVERS\NSNetmon.sys –> C:\Windows\system32\DRIVERS\NSNetmon.sys
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys –> C:\Windows\system32\DRIVERS\vwififlt.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 BsBackup;BullGuard backup service;C:\Windows\System32\SvcHost.exe -k BullGuard_Backup
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy
R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main
R2 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R3 afwcore;afwcore;C:\Windows\system32\DRIVERS\afwcore.sys –> C:\Windows\system32\DRIVERS\afwcore.sys
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys –> C:\Windows\system32\DRIVERS\amdiox64.sys
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys –> C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys –> C:\Windows\system32\DRIVERS\atikmpag.sys
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys –> C:\Windows\system32\drivers\AtihdW76.sys
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys –> C:\Windows\system32\DRIVERS\clwvd.sys
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys –> C:\Windows\system32\DRIVERS\RtsPStor.sys
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys –> C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys –> C:\Windows\system32\DRIVERS\rtl8192Ce.sys
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys –> C:\Windows\system32\DRIVERS\usbfilter.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys –> C:\Windows\system32\drivers\mbam.sys
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS –> C:\Windows\system32\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS –> C:\Windows\system32\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS –> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys –> C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys –> C:\Windows\system32\drivers\TsUsbGD.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe –> C:\Windows\system32\atiesrxx.exe
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
S4 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
.
=============== Created Last 30 ================
.
2012-10-01 06:31:15 ——– d—–w- C:\Users\HP\AppData\Local\{5BF8395E-9EB6-4D6D-8E67-5127F8F58BBD}
2012-09-30 20:22:26 ——– d—–w- C:\Users\HP\AppData\Local\{45353AE8-DF99-4F51-A14D-6F68FF40134A}
2012-09-30 19:43:02 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-30 19:43:02 ——– d—–w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-30 19:06:47 256904 —-a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-09-30 09:19:02 ——– d—–w- C:\Users\HP\AppData\Local\{C5D7D5F4-568F-4841-8464-8AEC4228090E}
2012-09-30 09:12:27 ——– d—–w- C:\Users\HP\AppData\Local\{45B1E8EC-CFD6-4261-9730-3211EF465F0A}
2012-09-30 08:48:14 ——– d—–w- C:\Users\HP\AppData\Local\{33236F75-D2F9-4BB4-A73E-5CA181E99934}
2012-09-30 08:44:59 ——– d—–w- C:\Users\HP\AppData\Local\{A26E721D-11BD-4813-AFE0-EB9D261BCC7F}
2012-09-30 08:43:06 ——– d—–w- C:\Users\HP\AppData\Local\{84200A9C-9F36-4A7E-A4FC-4E0A5504A82B}
2012-09-30 08:39:15 ——– d—–w- C:\Users\HP\AppData\Local\{87F40D80-3144-4C13-B284-774ABC525202}
2012-09-30 08:30:09 ——– d—–w- C:\Users\HP\AppData\Local\{8D942FD6-D17C-4948-A3C4-584030434803}
2012-09-30 08:00:52 ——– d—–w- C:\Users\HP\AppData\Local\{43F06C33-D67C-4834-B710-B795D915A419}
2012-09-30 06:53:34 ——– d—–w- C:\Users\HP\AppData\Local\{1D762E47-A972-43CC-B848-66DE3DAF5A77}
2012-09-30 06:50:41 ——– d—–w- C:\Users\HP\AppData\Local\{233A7D15-A183-416E-A173-E1AD681EA15D}
2012-09-30 06:32:17 ——– d—–w- C:\Users\HP\AppData\Local\{471B5D2E-BDE9-42A9-9CD1-6A1E9536D99D}
2012-09-30 06:28:20 ——– d—–w- C:\Users\HP\AppData\Local\{F9C8F5D9-B3AE-4F7D-90B6-677D8803B4A8}
2012-09-30 06:25:05 ——– d—–w- C:\Users\HP\AppData\Local\{A6CEEE3B-BF8E-4A40-8C8E-F5B3188921AC}
2012-09-30 06:20:27 ——– d—–w- C:\Users\HP\AppData\Local\{98AF7946-6038-4C37-940A-3192616465CF}
2012-09-29 22:54:38 ——– d—–w- C:\Users\HP\AppData\Local\{70EDA4B3-2695-4A6E-B509-C34DF7D6ED53}
2012-09-29 21:03:39 ——– d—–w- C:\Users\HP\AppData\Local\{6CF6C206-FBAD-4C2B-9809-9883D01CEDD4}
2012-09-29 09:03:24 ——– d—–w- C:\Users\HP\AppData\Local\{FCA84610-7AF3-425B-A8CF-9B72AC566806}
2012-09-28 09:53:55 ——– d—–w- C:\Users\HP\AppData\Local\{8503ECED-6369-4E37-A85E-1C25258294C3}
2012-09-27 19:56:00 ——– d—–w- C:\Users\HP\AppData\Local\{6E3A7701-65A9-4364-92F8-9CFF7D39E1F8}
2012-09-26 16:59:21 ——– d—–w- C:\Users\HP\AppData\Local\{5B25D378-747E-4B09-ADF9-7096900A33E6}
2012-09-25 17:21:42 245760 —-a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 17:16:07 ——– d—–w- C:\Users\HP\AppData\Local\{D42A977E-1CE5-40B1-8750-E48D26B3CE76}
2012-09-24 17:42:17 ——– d—–w- C:\Users\HP\AppData\Local\{6D85AA85-C755-4153-99B8-401CE896C271}
2012-09-23 10:02:56 ——– d—–w- C:\Users\HP\AppData\Local\{D4576999-9794-4FBC-9875-F59FC3D90C2C}
2012-09-22 12:53:26 ——– d—–w- C:\Users\HP\AppData\Local\{7D3C2587-57F5-426A-BCAA-5ABA1BDBA297}
2012-09-21 18:53:48 ——– d—–w- C:\Users\HP\AppData\Local\{6AB6457D-9EB6-42FF-8639-3AB60F2BC154}
2012-09-20 14:50:02 ——– d—–w- C:\Users\HP\AppData\Local\{8252CF73-6255-4722-B758-7F991C50B6CF}
2012-09-17 16:11:53 ——– d—–w- C:\Users\HP\AppData\Local\{B00FA883-AB58-4A57-8139-1C12D17A08C4}
2012-09-16 07:37:58 ——– d—–w- C:\Users\HP\AppData\Local\{A3540A14-9C38-4410-9D43-7E3664B97817}
2012-09-15 15:20:39 ——– d—–w- C:\Users\HP\AppData\Local\{B34E7EB3-2399-484D-A461-4F8F51B0BB96}
2012-09-13 15:57:59 ——– d—–w- C:\Users\HP\AppData\Local\{C3FB27A6-6F95-4762-A8FD-5B4AD9CC0016}
2012-09-12 22:51:49 950128 —-a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 22:51:48 574464 —-a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 22:51:48 490496 —-a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 22:51:48 41472 —-a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 22:51:47 376688 —-a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 22:51:47 288624 —-a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 22:51:47 1913200 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 16:13:56 ——– d—–w- C:\Users\HP\AppData\Local\{1EAE98F7-B6BD-4705-980E-EAEA05328AAE}
2012-09-11 20:54:15 ——– d—–w- C:\Users\HP\AppData\Local\{ED1A6A73-5FB4-4230-AA4E-2C98A03DD7EE}
2012-09-11 08:26:11 ——– d—–w- C:\Users\HP\AppData\Local\{ACA35B63-D397-4316-8FF8-D202BB1D9CEB}
2012-09-09 09:55:17 ——– d—–w- C:\Users\HP\AppData\Local\{6BC02D4F-0DD4-4FDB-8CD4-360A0C04D9A5}
2012-09-08 10:04:34 ——– d—–w- C:\Users\HP\AppData\Local\{A9FDAB5E-D7A3-4C88-B229-F8D9D0A905EA}
2012-09-07 21:58:46 ——– d—–w- C:\Users\HP\AppData\Local\{438B6D45-50CC-4100-B990-3488EED331AE}
2012-09-07 07:35:34 ——– d—–w- C:\Users\HP\AppData\Local\{97258834-6E73-400D-89D3-630F116C503D}
2012-09-06 10:55:39 ——– d—–w- C:\Users\HP\AppData\Local\{86650121-FB6D-46FF-BA2A-C2F2EFD5EE1D}
2012-09-05 07:58:42 ——– d—–r- C:\Program Files (x86)\Skype
2012-09-05 07:12:07 ——– d—–w- C:\Users\HP\AppData\Local\{87001D26-D7E4-4A9F-A66B-B8DD41506268}
2012-09-04 17:40:17 ——– d—–w- C:\Users\HP\AppData\Local\{325C8EB1-628D-4AD8-B523-913F6CB771A4}
2012-09-03 18:10:49 ——– d—–w- C:\Users\HP\AppData\Local\{633AE5E3-A201-40CB-86B8-8768FA1D7C6E}
2012-09-02 18:09:51 ——– d—–w- C:\Users\HP\AppData\Local\{005C51EA-E15A-4201-A3A2-B7428E87406A}
2012-09-01 14:23:45 ——– d—–w- C:\Users\HP\AppData\Local\{8DCA4D19-DE27-4B8F-AAF9-71F8C4DEE0E4}
.
==================== Find3M ====================
.
2012-08-26 19:13:18 111064 —-a-w- C:\Windows\System32\BgGamingMonitor.dll
2012-08-26 19:13:18 100216 —-a-w- C:\Windows\SysWow64\BgGamingMonitor.dll
2012-08-24 10:31:32 2312704 —-a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 —-a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 —-a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-08 22:04:32 63840 —-a-w- C:\Windows\System32\BGLsp.dll
2012-08-08 22:04:32 54624 —-a-w- C:\Windows\SysWow64\BGLsp.dll
2012-07-18 18:15:06 3148800 —-a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 —-a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 —-a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 —-a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 9:22:00,20 ===============

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

gijzelvirus

Guy

Ben

Guy

Ben

Guy

Ben

Guy

Guy

Ben

Guy