Trojaans paard

_Nietjuh

16-10-2012 21:21

Hoi hoi
Hier zoals gevraagd het logbestandje.
Zou je me toevallig ook kunnen vertellen welke instelling ik ook al weer moet doen om te zorgen dat ik niet allemaal x op sites heb. Als ik klik op afbeelding weergeven komen de plaatjes ook niet terug.
Het logbestandje:
21:16:28.0906 1716 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:16:28.0906 1716 ============================================================
21:16:28.0906 1716 Current date / time: 2012/10/16 21:16:28.0906
21:16:28.0906 1716 SystemInfo:
21:16:28.0906 1716
21:16:28.0906 1716 OS Version: 5.1.2600 ServicePack: 3.0
21:16:28.0906 1716 Product type: Workstation
21:16:28.0906 1716 ComputerName: VDBERG
21:16:28.0906 1716 UserName: Rick
21:16:28.0906 1716 Windows directory: C:\WINDOWS
21:16:28.0906 1716 System windows directory: C:\WINDOWS
21:16:28.0906 1716 Processor architecture: Intel x86
21:16:28.0906 1716 Number of processors: 1
21:16:28.0906 1716 Page size: 0x1000
21:16:28.0906 1716 Boot type: Normal boot
21:16:28.0906 1716 ============================================================
21:16:30.0296 1716 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000054
21:16:30.0312 1716 Drive \Device\Harddisk1\DR1 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000054
21:16:30.0312 1716 ============================================================
21:16:30.0312 1716 \Device\Harddisk0\DR0:
21:16:30.0312 1716 MBR partitions:
21:16:30.0312 1716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
21:16:30.0328 1716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5004325, BlocksNum 0x3C1BE44
21:16:30.0343 1716 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8C201AD, BlocksNum 0xC87E47
21:16:30.0343 1716 \Device\Harddisk1\DR1:
21:16:30.0343 1716 MBR partitions:
21:16:30.0375 1716 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x936A9D7
21:16:30.0390 1716 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x936E916, BlocksNum 0x9DE5583
21:16:30.0390 1716 ============================================================
21:16:30.0437 1716 C: <-> \Device\Harddisk0\DR0\Partition1
21:16:30.0453 1716 H: <-> \Device\Harddisk1\DR1\Partition2
21:16:30.0484 1716 I: <-> \Device\Harddisk1\DR1\Partition1
21:16:30.0500 1716 G: <-> \Device\Harddisk0\DR0\Partition3
21:16:30.0531 1716 F: <-> \Device\Harddisk0\DR0\Partition2
21:16:30.0531 1716 ============================================================
21:16:30.0531 1716 Initialize success
21:16:30.0531 1716 ============================================================
21:16:30.0625 1504 ============================================================
21:16:30.0625 1504 Scan started
21:16:30.0625 1504 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
21:16:30.0625 1504 ============================================================
21:16:32.0250 1504 ================ Scan system memory ========================
21:16:32.0265 1504 ================ Scan services =============================
21:16:32.0375 1504 ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:33.0828 1504 ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:16:34.0125 1504 AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:16:34.0171 1504 aec C:\WINDOWS\system32\drivers\aec.sys
21:16:34.0375 1504 AFD C:\WINDOWS\System32\drivers\afd.sys
21:16:34.0484 1504 agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:16:34.0718 1504 Alerter C:\WINDOWS\system32\alrsvc.dll
21:16:35.0140 1504 ALG C:\WINDOWS\System32\alg.exe
21:16:35.0437 1504 aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:16:35.0546 1504 AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:35.0765 1504 atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:35.0953 1504 Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:36.0156 1504 AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:16:36.0343 1504 audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:36.0562 1504 Beep C:\WINDOWS\system32\drivers\Beep.sys
21:16:36.0812 1504 BITS C:\WINDOWS\system32\qmgr.dll
21:16:37.0078 1504 Browser C:\WINDOWS\System32\browser.dll
21:16:37.0171 1504 cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:37.0390 1504 Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:37.0593 1504 Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:37.0781 1504 Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:16:37.0984 1504 CiSvc C:\WINDOWS\system32\cisvc.exe
21:16:38.0187 1504 ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:16:38.0390 1504 clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:38.0593 1504 CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:16:38.0812 1504 ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
21:16:38.0890 1504 ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
21:16:39.0015 1504 ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
21:16:39.0218 1504 ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:16:39.0265 1504 ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:16:39.0343 1504 DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:16:39.0500 1504 Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:16:39.0718 1504 Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:16:39.0921 1504 dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:16:40.0171 1504 dmio C:\WINDOWS\system32\drivers\dmio.sys
21:16:40.0390 1504 dmload C:\WINDOWS\system32\drivers\dmload.sys
21:16:40.0593 1504 dmserver C:\WINDOWS\System32\dmserver.dll
21:16:40.0781 1504 DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:16:41.0000 1504 Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:16:41.0140 1504 Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:16:41.0328 1504 drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:16:41.0546 1504 eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
21:16:41.0671 1504 EapHost C:\WINDOWS\System32\eapsvc.dll
21:16:41.0890 1504 ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
21:16:42.0015 1504 ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:16:42.0093 1504 emupia C:\WINDOWS\system32\drivers\emupia2k.sys
21:16:42.0156 1504 epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
21:16:42.0203 1504 ERSvc C:\WINDOWS\System32\ersvc.dll
21:16:42.0421 1504 Eventlog C:\WINDOWS\system32\services.exe
21:16:42.0531 1504 EventSystem C:\WINDOWS\System32\es.dll
21:16:42.0656 1504 Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:16:42.0859 1504 FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:16:42.0921 1504 Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:16:43.0125 1504 Fips C:\WINDOWS\system32\drivers\Fips.sys
21:16:43.0328 1504 Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:16:43.0531 1504 FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:16:43.0796 1504 FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:43.0828 1504 Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:16:44.0109 1504 Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:16:44.0312 1504 gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:16:44.0500 1504 Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:16:44.0750 1504 gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:44.0765 1504 gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:44.0828 1504 ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
21:16:44.0968 1504 helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:16:45.0171 1504 HidServ C:\WINDOWS\System32\hidserv.dll
21:16:45.0359 1504 HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:16:45.0546 1504 hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:16:45.0765 1504 HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:16:45.0859 1504 HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:16:45.0953 1504 HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:16:46.0062 1504 HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:16:46.0156 1504 HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:16:46.0359 1504 i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:16:46.0593 1504 idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:46.0718 1504 Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:16:46.0921 1504 ImapiService C:\WINDOWS\System32\imapi.exe
21:16:47.0171 1504 intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:16:47.0375 1504 ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:16:47.0578 1504 IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:16:47.0765 1504 IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:16:47.0937 1504 IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:16:48.0156 1504 IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:16:48.0328 1504 irda C:\WINDOWS\system32\DRIVERS\irda.sys
21:16:48.0515 1504 IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:16:48.0718 1504 Irmon C:\WINDOWS\System32\irmon.dll
21:16:48.0906 1504 irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
21:16:49.0000 1504 isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:16:49.0187 1504 Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
21:16:49.0187 1504 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:16:49.0187 1504 Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:16:49.0250 1504 JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:16:49.0312 1504 Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:16:49.0500 1504 kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:16:49.0703 1504 kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:16:49.0906 1504 KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:16:50.0000 1504 L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:16:50.0062 1504 L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
21:16:50.0109 1504 lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:16:50.0203 1504 lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:16:50.0296 1504 LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:16:50.0375 1504 LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:16:50.0468 1504 LinksysUpdater C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
21:16:50.0515 1504 LinksysUpdater ( UnsignedFile.Multi.Generic ) - warning
21:16:50.0515 1504 LinksysUpdater - detected UnsignedFile.Multi.Generic (1)
21:16:50.0578 1504 LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:16:50.0781 1504 LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:16:50.0828 1504 LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:16:50.0859 1504 Messenger C:\WINDOWS\System32\msgsvc.dll
21:16:51.0062 1504 mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:16:51.0250 1504 mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:16:51.0453 1504 Modem C:\WINDOWS\system32\drivers\Modem.sys
21:16:51.0656 1504 Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:16:51.0828 1504 mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:16:52.0015 1504 MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:16:52.0187 1504 MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:16:52.0406 1504 MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:16:52.0515 1504 MSDTC C:\WINDOWS\System32\msdtc.exe
21:16:52.0750 1504 Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:16:52.0937 1504 MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:16:53.0109 1504 MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:16:53.0281 1504 MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:16:53.0468 1504 mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:16:53.0671 1504 Mup C:\WINDOWS\system32\drivers\Mup.sys
21:16:53.0765 1504 napagent C:\WINDOWS\System32\qagentrt.dll
21:16:53.0968 1504 NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:16:54.0171 1504 NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:16:54.0218 1504 Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:16:54.0562 1504 NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:16:54.0781 1504 NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:16:54.0906 1504 Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:16:55.0000 1504 NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:16:55.0171 1504 NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:16:55.0375 1504 NetDDE C:\WINDOWS\system32\netdde.exe
21:16:55.0546 1504 NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:16:55.0750 1504 Netlogon C:\WINDOWS\System32\lsass.exe
21:16:55.0937 1504 Netman C:\WINDOWS\System32\netman.dll
21:16:56.0140 1504 NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:56.0187 1504 Nla C:\WINDOWS\System32\mswsock.dll
21:16:56.0343 1504 NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:16:56.0453 1504 nmservice C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
21:16:56.0546 1504 Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:16:56.0750 1504 Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:16:56.0968 1504 NtLmSsp C:\WINDOWS\System32\lsass.exe
21:16:57.0156 1504 NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:16:57.0375 1504 Null C:\WINDOWS\system32\drivers\Null.sys
21:16:57.0625 1504 nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:16:57.0921 1504 NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:16:58.0109 1504 NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:16:58.0359 1504 odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:16:58.0437 1504 ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:58.0500 1504 ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
21:16:58.0625 1504 Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:16:58.0781 1504 PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:16:58.0968 1504 ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:16:59.0156 1504 PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:16:59.0328 1504 PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:16:59.0546 1504 Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:16:59.0765 1504 PfModNT C:\WINDOWS\system32\PfModNT.sys
21:16:59.0781 1504 PfModNT ( UnsignedFile.Multi.Generic ) - warning
21:16:59.0781 1504 PfModNT - detected UnsignedFile.Multi.Generic (1)
21:16:59.0796 1504 PlugPlay C:\WINDOWS\system32\services.exe
21:16:59.0890 1504 Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:16:59.0906 1504 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:16:59.0906 1504 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:16:59.0937 1504 pnarp C:\WINDOWS\system32\DRIVERS\pnarp.sys
21:16:59.0953 1504 PolicyAgent C:\WINDOWS\System32\lsass.exe
21:17:00.0125 1504 PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:00.0296 1504 Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:17:00.0484 1504 ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:17:00.0656 1504 PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:00.0843 1504 Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:01.0062 1504 purendis C:\WINDOWS\system32\DRIVERS\purendis.sys
21:17:01.0109 1504 RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:01.0328 1504 RasAuto C:\WINDOWS\System32\rasauto.dll
21:17:01.0515 1504 Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:17:01.0625 1504 Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:01.0812 1504 RasMan C:\WINDOWS\System32\rasmans.dll
21:17:01.0968 1504 RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:02.0140 1504 Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:02.0359 1504 Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:02.0531 1504 RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:02.0750 1504 RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:02.0859 1504 RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:17:03.0015 1504 redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:03.0218 1504 RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:17:03.0390 1504 RpcLocator C:\WINDOWS\System32\locator.exe
21:17:03.0578 1504 RpcSs C:\WINDOWS\system32\rpcss.dll
21:17:03.0703 1504 RSVP C:\WINDOWS\System32\rsvp.exe
21:17:03.0921 1504 rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:17:04.0062 1504 SamSs C:\WINDOWS\system32\lsass.exe
21:17:04.0234 1504 SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:17:04.0437 1504 Schedule C:\WINDOWS\system32\schedsvc.dll
21:17:04.0671 1504 Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:04.0859 1504 seclogon C:\WINDOWS\System32\seclogon.dll
21:17:05.0046 1504 SENS C:\WINDOWS\system32\sens.dll
21:17:05.0234 1504 serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:05.0421 1504 Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:05.0593 1504 Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:05.0796 1504 SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:17:06.0000 1504 ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:17:06.0062 1504 splitter C:\WINDOWS\system32\drivers\splitter.sys
21:17:06.0250 1504 Spooler C:\WINDOWS\system32\spoolsv.exe
21:17:06.0328 1504 sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:06.0531 1504 srservice C:\WINDOWS\System32\srsvc.dll
21:17:06.0750 1504 Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:06.0875 1504 SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:17:07.0078 1504 stisvc C:\WINDOWS\system32\wiaservc.dll
21:17:07.0296 1504 swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:07.0484 1504 swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:17:07.0703 1504 sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:07.0890 1504 SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:17:08.0109 1504 TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:17:08.0312 1504 Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:08.0453 1504 TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:08.0656 1504 TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:08.0812 1504 TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:09.0015 1504 TermService C:\WINDOWS\System32\termsrv.dll
21:17:09.0203 1504 Themes C:\WINDOWS\System32\shsvcs.dll
21:17:09.0265 1504 TrkWks C:\WINDOWS\system32\trkwks.dll
21:17:09.0453 1504 Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:17:09.0671 1504 Update C:\WINDOWS\system32\DRIVERS\update.sys
21:17:09.0906 1504 upnphost C:\WINDOWS\System32\upnphost.dll
21:17:10.0093 1504 UPS C:\WINDOWS\System32\ups.exe
21:17:10.0265 1504 usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:10.0453 1504 usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:10.0671 1504 usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:10.0843 1504 usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:17:11.0015 1504 usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:11.0203 1504 USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:11.0390 1504 usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:11.0562 1504 VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:17:11.0750 1504 VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:11.0953 1504 VSS C:\WINDOWS\System32\vssvc.exe
21:17:12.0156 1504 W32Time C:\WINDOWS\System32\w32time.dll
21:17:12.0359 1504 Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:12.0562 1504 Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:12.0640 1504 wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:12.0968 1504 WebClient C:\WINDOWS\System32\webclnt.dll
21:17:13.0203 1504 winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:13.0406 1504 WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:17:13.0531 1504 WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:17:13.0828 1504 WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:13.0953 1504 wscsvc C:\WINDOWS\system32\wscsvc.dll
21:17:14.0140 1504 wuauserv C:\WINDOWS\system32\wuauserv.dll
21:17:14.0343 1504 WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:14.0406 1504 WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:14.0484 1504 WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:17:14.0562 1504 WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:17:14.0843 1504 xmlprov C:\WINDOWS\System32\xmlprov.dll
21:17:15.0000 1504 ================ Scan global ===============================
21:17:15.0031 1504 C:\WINDOWS\system32\basesrv.dll
21:17:15.0078 1504 C:\WINDOWS\system32\winsrv.dll
21:17:15.0093 1504 C:\WINDOWS\system32\winsrv.dll
21:17:15.0109 1504 C:\WINDOWS\system32\services.exe
21:17:15.0109 1504 ================ Scan MBR ==================================
21:17:15.0125 1504 \Device\Harddisk0\DR0
21:17:15.0375 1504 \Device\Harddisk1\DR1
21:17:15.0703 1504 ================ Scan VBR ==================================
21:17:15.0703 1504 \Device\Harddisk0\DR0\Partition1
21:17:15.0718 1504 \Device\Harddisk0\DR0\Partition2
21:17:15.0734 1504 \Device\Harddisk0\DR0\Partition3
21:17:15.0734 1504 \Device\Harddisk1\DR1\Partition1
21:17:15.0734 1504 \Device\Harddisk1\DR1\Partition2
21:17:15.0734 1504 ================ Scan UEFI extensions ======================
21:17:15.0734 1504 ================ Scan active images ========================
21:17:15.0734 1504 ============================================================
21:17:15.0734 1504 Scan finished
21:17:15.0734 1504 ============================================================
21:17:16.0640 1896 Deinitialize success
.
==============================================
System Restore Point Check:
.
TDSSKiller Starter Restore Point Created Succesfully
==============================================
Registry Export
.
“139:TCP”=“139:TCP:*:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:*:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:*:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:*:Enabled:@xpsp2res.dll,-22002”
“1900:UDP”=“1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=“2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“139:TCP”=“139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=“445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=“137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=“138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002”
“67:UDP”=“67:UDP:*:Enabled:DHCP Discovery Service”
==============================================
EOF
Grt Anita B)
fazantje

16-10-2012 21:36

Hoi Anita,
Je mag TDSS en zoek exe verwijderen.
Nu is het afwachten of NOD32 zich stil houd.
Doe het volgende nog even:
Download Security Check (miror) by screen317 en sla het op je Bureaublad op.
Start Security Check.
Volg de Instructies in het scherm.
Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord.
Succes,
Huib;)
_Nietjuh

16-10-2012 22:07

Hoi hoi
Ik wil dat heel graag doen maar webpagina kan niet weergeven worden.
Grt Anita
fazantje

16-10-2012 22:11

Hoi Anita,
Klopt, hier werkt ie ook niet.
Voor jou afbeeldingen:
Verwijder java helemaal en download de nieuwste versie:
http://www.java.com/nl/download/
Maak ook nog even een nieuw HijackThis logje en plaats deze.
Groetjes Huib;)
_Nietjuh

16-10-2012 22:41

Hoi hoi
Heb java verwijderd kreeg alleen tijdens het verwijderen dat ik trojaans paard eerst af moest sluiten, ik had een browser openstaan.
Nu heb ik alleen nog steeds x op de pagina's ondanks de java heb de allernieuwste er opstaan.
Hier het logbestandje van hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:42, on 16-10-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rick\Bureaublad\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
O4 - HKLM\..\Run: “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM\..\Run: “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347428873734
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 7471 bytes
fazantje

17-10-2012 08:26

Hoi Anita,
Ik ben er nog steeds niet zeker van dat het weg is, dus gaan we verder:
Download hier Combofix en plaats het jou bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast;)
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Succes,
Huib;)
_Nietjuh

17-10-2012 08:36

Goedenmorgen,
Oke dat ga ik doen.
Tot nu toe nog geen melding weer gehad maar toch zekere voor onzekere nemen en dit doen.
Heb ondanks de nieuwe java nog steeds kruisjes op veel site's en ook zijn knoppen soms niet zichtbaar.
Is wel lastig als je bv op een zoek knop moet klikken en deze er niet is.
Groetjes Anita
_Nietjuh

17-10-2012 09:00

Nou het viel mee hij was zo klaar
Hier beide logbestandjes.
combofixlog:
ComboFix 12-10-16.02 - Rick 17-10-2012 8:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.550
Gestart vanuit: c:\documents and settings\Rick\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET188.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))
.
.
2012-10-17 06:15 . 2012-10-17 06:15 ——– d—–w- c:\program files\Common Files\Java
2012-10-17 06:13 . 2012-10-17 06:12 143872 —-a-w- c:\windows\system32\javacpl.cpl
2012-10-17 06:13 . 2012-10-17 06:12 93672 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-17 06:12 . 2012-10-17 06:12 ——– d—–w- c:\program files\Java
2012-10-17 05:46 . 2012-10-17 05:46 ——– d–h–r- c:\documents and settings\Rick\Onlangs geopend
2012-10-17 05:40 . 2012-10-17 05:40 ——– d—–w- c:\documents and settings\Rick\Local Settings\Application Data\Sun
2012-10-16 20:29 . 2012-10-17 06:12 821736 —-a-w- c:\windows\system32\npDeployJava1.dll
2012-10-16 19:16 . 2012-10-16 19:17 ——– d—–w- C:\TDSSStarter
2012-10-16 17:53 . 2012-09-19 19:38 167424 —-a-w- c:\windows\zoek-delete.exe
2012-10-15 11:48 . 2012-10-15 11:48 ——– d—–w- c:\documents and settings\Rick\Application Data\Malwarebytes
2012-10-14 21:14 . 2012-10-14 21:14 696760 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-14 21:14 . 2012-10-14 21:14 73656 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-13 16:02 . 2012-10-13 16:02 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-08 18:04 . 2012-10-08 18:04 9575864 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-30 12:19 . 2012-09-30 12:19 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-09-30 12:14 . 2012-09-30 12:14 ——– d—–w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-09-30 12:14 . 2012-10-14 20:06 ——– d—–w- c:\documents and settings\Rick\Local Settings\Application Data\Google
2012-09-30 12:14 . 2012-10-14 20:11 ——– d—–w- c:\program files\Google
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 05:57 . 2012-01-25 22:35 472808 —-a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:17 . 2002-09-11 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2002-09-11 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2002-09-11 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2012-01-25 13:30 385024 —-a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-11 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2002-09-11 12:00 2197248 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2002-09-09 13:17 2073984 —-a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe”
.
“WINDVDPatch”=“CTHELPER.EXE”
“UpdReg”=“c:\windows\UpdReg.EXE”
“Jet Detection”=“c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“nmctxth”=“c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“HP Component Manager”=“c:\program files\HP\hpcoretech\hpcmpmgr.exe”
“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe”
“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE”
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe
.
@=“Driver”
.
@=“”
.
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe”=
“c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe”=
.
“67:UDP”= 67:UDP:DHCP Discovery Service
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-17 08:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
Voltooingstijd: 2012-10-17 08:53:33
ComboFix-quarantined-files.txt 2012-10-17 06:53
.
Pre-Run: 27.328.196.608 bytes beschikbaar
Post-Run: 27.422.945.280 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /fastdetect /NoExecute=OptIn
.
- - End Of File - - C8ADACDCA204E49A8D76326E3D34FDBC
hijackthis log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:08, on 17-10-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rick\Bureaublad\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: CTHELPER.EXE
O4 - HKLM\..\Run: C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
O4 - HKLM\..\Run: “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM\..\Run: “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347428873734
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 6909 bytes
Groetjes Anita
fazantje

17-10-2012 09:02

Hoi Anita,
Deze scan heeft nog het nodige verwijderd.
Hoe is het nu met de melding en met de plaatjes/afbeeldingen?
Groetjes Huib;)
_Nietjuh

17-10-2012 09:14

Hoi Huib
Ik heb nog steeds kruisjes,voorbeeld hier boven aan de pagina staat links forum voor antivirus pagina ik heb dat dus in tekst in een wit vlak staan en links van de tekst heb ik een rood kruisje staan.
Zo heb ik dat bv ook op startpagina.nl staat er gewoon in de kolommen tekst met een kruisje.
Alvast bedankt voor alle hulp en tijd die je in mijn probleem steekt (tu)
Groetjes Anita

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Trojaans paard

_Nietjuh

fazantje

_Nietjuh

fazantje

_Nietjuh

fazantje

_Nietjuh

_Nietjuh

fazantje

_Nietjuh