Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ben
Hallo,
Plaats nog even een DDS.txt logje.
Gr.Ben
Goedenmiddag
een DDS logje
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by manon at 12:47:49 on 2012-12-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.474
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Personal Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uProxyOverride = 127.0.0.1;*.local
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: c:\windows\system32\ctfmon.exe
uRun: “c:\program files\windows live\messenger\msnmsgr.exe” /background
mRun: HDAShCut.exe
mRun: RTHDCPL.EXE
mRun: ALCMTR.EXE
mRun: c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: “c:\program files\microsoft security client\msseces.exe” -hide -runkey
mRun: “c:\program files\quicktime\qttask.exe” -atboottime
dRun: c:\windows\system32\CTFMON.EXE
dRun: “c:\progra~1\common~1\micros~1\dw\dwtrig20.exe” -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{569E45D2-5D2E-441E-BCDA-21ADD0E8C094} : DHCPNameServer = 212.54.40.25 212.54.35.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys –> c:\program files\enigma software group\spyhunter\esgiguard.sys
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll –> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll –> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\content.dll –> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll –> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL
S4 LavasoftFirewall;Lavasoft Personal Firewall Service;c:\program files\lavasoft\personal firewall\lpfw.exe /service –> c:\program files\lavasoft\personal firewall\lpfw.exe
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll –> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll –> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll –> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\c:\program files\lavasoft\personal firewall\kernel\filtnt.sys –> c:\program files\lavasoft\personal firewall\kernel\FILTNT.SYS
.
=============== Created Last 30 ================
.
2012-12-02 21:45:30 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bddecde3-c8f7-4095-9e0a-d9c46c8f9d9f}\mpengine.dll
2012-12-02 21:37:04 ——– dc-h–r- c:\documents and settings\manon\Onlangs geopend
2012-12-02 20:31:25 ——– dc—-w- c:\documents and settings\manon\application data\LavasoftStatistics
2012-12-02 20:26:50 44424 -c–a-w- c:\windows\system32\sbbd.exe
2012-12-02 20:26:50 13560 -c–a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 20:26:42 ——– dc—-w- c:\documents and settings\manon\local settings\application data\adawarebp
2012-12-02 20:26:42 ——– dc—-w- c:\documents and settings\all users\application data\blekko toolbars
2012-12-02 20:26:41 ——– dc—-w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-12-02 20:26:37 ——– dc—-w- c:\documents and settings\manon\application data\adawaretb
2012-12-02 20:26:33 ——– dc—-w- c:\program files\Toolbar Cleaner
2012-12-02 18:38:49 24064 -c–a-w- c:\windows\zoek-delete.exe
2012-12-02 12:46:40 ——– dcsha-r- C:\cmdcons
2012-12-02 12:44:16 98816 -c–a-w- c:\windows\sed.exe
2012-12-02 12:44:16 256000 -c–a-w- c:\windows\PEV.exe
2012-12-02 12:44:16 208896 -c–a-w- c:\windows\MBR.exe
2012-12-02 12:44:10 ——– dcs—w- C:\ComboFix
2012-12-01 07:39:39 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-28 14:42:10 ——– dc—-w- c:\documents and settings\manon\local settings\application data\VS Revo Group
2012-11-27 20:03:00 ——– dc—-w- c:\program files\Microsoft Security Client
2012-11-27 17:45:50 116736 -c–a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-27 17:45:46 23040 -c–a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-27 17:45:45 18944 -c–a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-27 17:45:40 27648 -c–a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-27 17:45:36 4608 -c–a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-27 17:45:31 99865 -c–a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-27 17:45:26 16970 -c–a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-27 17:45:25 19455 -c–a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-27 17:45:20 12063 -c–a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-27 17:45:18 8192 -c–a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-27 17:43:56 19528 -c–a-w- c:\windows\system32\dllcache\w840nd.sys
2012-11-27 17:42:57 793598 -c–a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-27 17:41:57 11520 -c–a-w- c:\windows\system32\dllcache\twotrack.sys
2012-11-27 17:40:58 28232 -c–a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-11-27 17:39:56 94293 -c–a-w- c:\windows\system32\dllcache\sxports.dll
2012-11-27 17:38:56 61824 -c–a-w- c:\windows\system32\dllcache\speed.sys
2012-11-27 17:37:57 6784 -c–a-w- c:\windows\system32\dllcache\smbhc.sys
2012-11-27 17:36:58 252032 -c–a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-11-27 17:35:56 23936 -c–a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-11-27 17:34:59 29696 -c–a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-11-27 17:33:56 49024 -c–a-w- c:\windows\system32\dllcache\ql1280.sys
2012-11-27 17:32:58 121344 -c–a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-11-27 17:31:56 42496 -c–a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-27 17:30:59 198144 -c–a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-27 17:29:57 27936 -c–a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-27 17:28:55 2944 -c–a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-27 17:28:53 98304 -c–a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-27 17:28:53 22016 -c–a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-27 17:28:43 35200 -c–a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-27 17:28:40 6016 -c–a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-27 17:28:31 17280 -c–a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-11-27 17:28:24 16128 -c–a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-27 17:28:17 6528 -c–a-w- c:\windows\system32\dllcache\miniqic.sys
2012-11-27 17:28:11 320384 -c–a-w- c:\windows\system32\dllcache\mgaum.sys
2012-11-27 17:28:08 235648 -c–a-w- c:\windows\system32\dllcache\mgaud.dll
2012-11-27 17:28:06 26112 -c–a-w- c:\windows\system32\dllcache\memstpci.sys
2012-11-27 17:28:03 47616 -c–a-w- c:\windows\system32\dllcache\memgrp.dll
2012-11-27 17:26:56 19016 -c–a-w- c:\windows\system32\dllcache\ktc111.sys
2012-11-27 17:25:59 13568 -c–a-w- c:\windows\system32\dllcache\inport.sys
2012-11-27 17:24:58 702845 -c–a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2012-11-27 17:23:58 324608 -c–a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-11-27 17:22:58 1733120 -c–a-w- c:\windows\system32\dllcache\g400d.dll
2012-11-27 17:21:55 46080 -c–a-w- c:\windows\system32\dllcache\esunib.dll
2012-11-27 17:20:58 66591 -c–a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-11-27 17:19:58 91305 -c–a-w- c:\windows\system32\dllcache\dimaint.sys
2012-11-27 17:18:59 93952 -c–a-w- c:\windows\system32\dllcache\cwcwdm.sys
2012-11-27 17:17:58 236032 -c–a-w- c:\windows\system32\dllcache\camext20.dll
2012-11-27 17:16:59 38912 -c–a-w- c:\windows\system32\dllcache\avc.sys
2012-11-27 17:15:40 66048 -c–a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-11-24 20:16:53 132560 -c–a-w- c:\windows\system32\esdevapp.exe
2012-11-24 20:16:53 12800 -c–a-w- c:\windows\system32\escdev.dll
2012-11-24 20:16:44 342016 -c–a-w- c:\windows\system32\eswiaud.dll
2012-11-24 19:35:23 237072 -c—-w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-10-22 19:57:06 1866496 -c–a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:35 58368 -c–a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 12:50:08,75 ===============
Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
emptyclsid;
ADBLOCK;s
ARP;s
CONTENT;s
DNSCACHE;s
FTPFILT;s
HTTPFILT;s
IMAPFILT;s
LavasoftFirewall;s
NNTPFILT;s
POP3FILT;s
PROTECT;s
ECRET;s
VFILT;s
c:\program files\lavasoft;fs
c:\documents and settings\manon\local settings\application data\adawarebp;fs
c:\documents and settings\all users\application data\blekko toolbars;fs
c:\documents and settings\all users\application data\Ad-Aware Browsing Protection;fs
c:\documents and settings\manon\application data\adawaretb;fs
c:\program files\Toolbar Cleaner;fs
emptytemp;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
hoi Ben
logje zoek exe
Zoek.exe Version 3.0.0.4 Updated 01-December-2012
Tool run by manon on ma 03-12-2012 at 13:54:49,03.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\DNSCACHE deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftFirewall deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LavasoftFirewall deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VFILT deleted successfully
==== Deleting Files \ Folders ======================
“c:\program files\lavasoft” not found
“c:\documents and settings\manon\local settings\application data\adawarebp” deleted
“c:\documents and settings\all users\application data\blekko toolbars” deleted
“c:\documents and settings\all users\application data\Ad-Aware Browsing Protection” deleted
“c:\documents and settings\manon\application data\adawaretb” deleted
“c:\program files\Toolbar Cleaner” deleted
After Reboot
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\WINDOWS\TEMP successfully emptied
gedaan
lavasoft staat er nog
gaat de rest er wel beter uitzien Ben?8-)
ander die Kl@te lava laten zitten toch?
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by manon at 14:09:56 on 2012-12-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.536
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Personal Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uProxyOverride = 127.0.0.1;*.local
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: c:\windows\system32\ctfmon.exe
uRun: “c:\program files\windows live\messenger\msnmsgr.exe” /background
mRun: HDAShCut.exe
mRun: RTHDCPL.EXE
mRun: ALCMTR.EXE
mRun: c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: “c:\program files\microsoft security client\msseces.exe” -hide -runkey
mRun: “c:\program files\quicktime\qttask.exe” -atboottime
dRun: c:\windows\system32\CTFMON.EXE
dRun: “c:\progra~1\common~1\micros~1\dw\dwtrig20.exe” -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys –> c:\program files\enigma software group\spyhunter\esgiguard.sys
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll –> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll –> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\content.dll –> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll –> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll –> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll –> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll –> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL
.
=============== Created Last 30 ================
.
2012-12-03 13:08:41 ——– dc-h–r- c:\documents and settings\manon\Onlangs geopend
2012-12-03 12:59:00 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65cfda12-ebc1-48bb-adfa-2fa3433abe18}\mpengine.dll
2012-12-03 12:56:55 24064 -c–a-w- c:\windows\zoek-delete.exe
2012-12-03 12:53:01 ——– dcs—w- C:\ComboFix
2012-12-02 20:31:25 ——– dc—-w- c:\documents and settings\manon\application data\LavasoftStatistics
2012-12-02 20:26:50 44424 -c–a-w- c:\windows\system32\sbbd.exe
2012-12-02 20:26:50 13560 -c–a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 12:46:40 ——– dcsha-r- C:\cmdcons
2012-12-02 12:44:16 98816 -c–a-w- c:\windows\sed.exe
2012-12-02 12:44:16 256000 -c–a-w- c:\windows\PEV.exe
2012-12-02 12:44:16 208896 -c–a-w- c:\windows\MBR.exe
2012-12-01 07:39:39 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-28 14:42:10 ——– dc—-w- c:\documents and settings\manon\local settings\application data\VS Revo Group
2012-11-27 20:03:00 ——– dc—-w- c:\program files\Microsoft Security Client
2012-11-27 17:45:50 116736 -c–a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-27 17:45:46 23040 -c–a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-27 17:45:45 18944 -c–a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-27 17:45:40 27648 -c–a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-27 17:45:36 4608 -c–a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-27 17:45:31 99865 -c–a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-27 17:45:26 16970 -c–a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-27 17:45:25 19455 -c–a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-27 17:45:20 12063 -c–a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-27 17:45:18 8192 -c–a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-27 17:43:56 19528 -c–a-w- c:\windows\system32\dllcache\w840nd.sys
2012-11-27 17:42:57 793598 -c–a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-27 17:41:57 11520 -c–a-w- c:\windows\system32\dllcache\twotrack.sys
2012-11-27 17:40:58 28232 -c–a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-11-27 17:39:56 94293 -c–a-w- c:\windows\system32\dllcache\sxports.dll
2012-11-27 17:38:56 61824 -c–a-w- c:\windows\system32\dllcache\speed.sys
2012-11-27 17:37:57 6784 -c–a-w- c:\windows\system32\dllcache\smbhc.sys
2012-11-27 17:36:58 252032 -c–a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-11-27 17:35:56 23936 -c–a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-11-27 17:34:59 29696 -c–a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-11-27 17:33:56 49024 -c–a-w- c:\windows\system32\dllcache\ql1280.sys
2012-11-27 17:32:58 121344 -c–a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-11-27 17:31:56 42496 -c–a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-27 17:30:59 198144 -c–a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-27 17:29:57 27936 -c–a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-27 17:28:55 2944 -c–a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-27 17:28:53 98304 -c–a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-27 17:28:53 22016 -c–a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-27 17:28:43 35200 -c–a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-27 17:28:40 6016 -c–a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-27 17:28:31 17280 -c–a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-11-27 17:28:24 16128 -c–a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-27 17:28:17 6528 -c–a-w- c:\windows\system32\dllcache\miniqic.sys
2012-11-27 17:28:11 320384 -c–a-w- c:\windows\system32\dllcache\mgaum.sys
2012-11-27 17:28:08 235648 -c–a-w- c:\windows\system32\dllcache\mgaud.dll
2012-11-27 17:28:06 26112 -c–a-w- c:\windows\system32\dllcache\memstpci.sys
2012-11-27 17:28:03 47616 -c–a-w- c:\windows\system32\dllcache\memgrp.dll
2012-11-27 17:26:56 19016 -c–a-w- c:\windows\system32\dllcache\ktc111.sys
2012-11-27 17:25:59 13568 -c–a-w- c:\windows\system32\dllcache\inport.sys
2012-11-27 17:24:58 702845 -c–a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2012-11-27 17:23:58 324608 -c–a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-11-27 17:22:58 1733120 -c–a-w- c:\windows\system32\dllcache\g400d.dll
2012-11-27 17:21:55 46080 -c–a-w- c:\windows\system32\dllcache\esunib.dll
2012-11-27 17:20:58 66591 -c–a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-11-27 17:19:58 91305 -c–a-w- c:\windows\system32\dllcache\dimaint.sys
2012-11-27 17:18:59 93952 -c–a-w- c:\windows\system32\dllcache\cwcwdm.sys
2012-11-27 17:17:58 236032 -c–a-w- c:\windows\system32\dllcache\camext20.dll
2012-11-27 17:16:59 38912 -c–a-w- c:\windows\system32\dllcache\avc.sys
2012-11-27 17:15:40 66048 -c–a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-11-24 20:16:53 132560 -c–a-w- c:\windows\system32\esdevapp.exe
2012-11-24 20:16:53 12800 -c–a-w- c:\windows\system32\escdev.dll
2012-11-24 20:16:44 342016 -c–a-w- c:\windows\system32\eswiaud.dll
2012-11-24 19:35:23 237072 -c—-w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-10-22 19:57:06 1866496 -c–a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:35 58368 -c–a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 14:11:00,25 ===============
Hallo,
Doe het volgende:
Open een kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster:
File::
c:\program files\lavasoft\personal firewall\kernel\adblock.dll
c:\program files\lavasoft\personal firewall\kernel\arp.dll
c:\program files\lavasoft\personal firewall\kernel\content.dll
c:\program files\lavasoft\personal firewall\kernel\dnscache.dll
c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll
c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll
c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll
c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll
c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll
c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll
c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll
c:\program files\lavasoft\personal firewall\kernel\protect.dll
c:\program files\lavasoft\personal firewall\kernel\secret.dll
Folder::
c:\program files\lavasoft
c:\documents and settings\manon\application data\LavasoftStatistics
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
Gr.Ben
hahahaha klopt wat een bak ellende he
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by manon at 15:17:40 on 2012-12-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.571
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Lavasoft Personal Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uProxyOverride = 127.0.0.1;*.local
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: c:\windows\system32\ctfmon.exe
uRun: “c:\program files\windows live\messenger\msnmsgr.exe” /background
mRun: HDAShCut.exe
mRun: RTHDCPL.EXE
mRun: ALCMTR.EXE
mRun: c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: “c:\program files\microsoft security client\msseces.exe” -hide -runkey
mRun: “c:\program files\quicktime\qttask.exe” -atboottime
dRun: c:\windows\system32\CTFMON.EXE
dRun: “c:\progra~1\common~1\micros~1\dw\dwtrig20.exe” -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353790306718
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{569E45D2-5D2E-441E-BCDA-21ADD0E8C094} : DHCPNameServer = 212.54.40.25 212.54.35.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys –> c:\program files\enigma software group\spyhunter\esgiguard.sys
S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll –> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll –> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\content.dll –> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll –> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll –> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll –> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll –> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll –> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL
.
=============== Created Last 30 ================
.
2012-12-03 14:07:06 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{10b73ac9-b4d3-4112-b880-ffea82a3cdc3}\mpengine.dll
2012-12-03 13:56:26 ——– dcs—w- C:\ComboFix
2012-12-03 13:08:41 ——– dc-h–r- c:\documents and settings\manon\Onlangs geopend
2012-12-03 12:56:55 24064 -c–a-w- c:\windows\zoek-delete.exe
2012-12-02 20:31:25 ——– dc—-w- c:\documents and settings\manon\application data\LavasoftStatistics
2012-12-02 20:26:50 44424 -c–a-w- c:\windows\system32\sbbd.exe
2012-12-02 20:26:50 13560 -c–a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-02 12:46:40 ——– dcsha-r- C:\cmdcons
2012-12-02 12:44:16 98816 -c–a-w- c:\windows\sed.exe
2012-12-02 12:44:16 256000 -c–a-w- c:\windows\PEV.exe
2012-12-02 12:44:16 208896 -c–a-w- c:\windows\MBR.exe
2012-12-01 07:39:39 6812136 -c–a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-28 14:42:10 ——– dc—-w- c:\documents and settings\manon\local settings\application data\VS Revo Group
2012-11-27 20:03:00 ——– dc—-w- c:\program files\Microsoft Security Client
2012-11-27 17:45:50 116736 -c–a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-11-27 17:45:46 23040 -c–a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-11-27 17:45:45 18944 -c–a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-11-27 17:45:40 27648 -c–a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-11-27 17:45:36 4608 -c–a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-11-27 17:45:31 99865 -c–a-w- c:\windows\system32\dllcache\xlog.exe
2012-11-27 17:45:26 16970 -c–a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-11-27 17:45:25 19455 -c–a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-11-27 17:45:20 12063 -c–a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-11-27 17:45:18 8192 -c–a-w- c:\windows\system32\dllcache\wshirda.dll
2012-11-27 17:43:56 19528 -c–a-w- c:\windows\system32\dllcache\w840nd.sys
2012-11-27 17:42:57 793598 -c–a-w- c:\windows\system32\dllcache\usr1806.sys
2012-11-27 17:41:57 11520 -c–a-w- c:\windows\system32\dllcache\twotrack.sys
2012-11-27 17:40:58 28232 -c–a-w- c:\windows\system32\dllcache\tos4mo.sys
2012-11-27 17:39:56 94293 -c–a-w- c:\windows\system32\dllcache\sxports.dll
2012-11-27 17:38:56 61824 -c–a-w- c:\windows\system32\dllcache\speed.sys
2012-11-27 17:37:57 6784 -c–a-w- c:\windows\system32\dllcache\smbhc.sys
2012-11-27 17:36:58 252032 -c–a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-11-27 17:35:56 23936 -c–a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-11-27 17:34:59 29696 -c–a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-11-27 17:33:56 49024 -c–a-w- c:\windows\system32\dllcache\ql1280.sys
2012-11-27 17:32:58 121344 -c–a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-11-27 17:31:56 42496 -c–a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-11-27 17:30:59 198144 -c–a-w- c:\windows\system32\dllcache\nv3.sys
2012-11-27 17:29:57 27936 -c–a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-11-27 17:28:55 2944 -c–a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-11-27 17:28:53 98304 -c–a-w- c:\windows\system32\dllcache\msir3jp.dll
2012-11-27 17:28:53 22016 -c–a-w- c:\windows\system32\dllcache\msircomm.sys
2012-11-27 17:28:43 35200 -c–a-w- c:\windows\system32\dllcache\msgame.sys
2012-11-27 17:28:40 6016 -c–a-w- c:\windows\system32\dllcache\msfsio.sys
2012-11-27 17:28:31 17280 -c–a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-11-27 17:28:24 16128 -c–a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-11-27 17:28:17 6528 -c–a-w- c:\windows\system32\dllcache\miniqic.sys
2012-11-27 17:28:11 320384 -c–a-w- c:\windows\system32\dllcache\mgaum.sys
2012-11-27 17:28:08 235648 -c–a-w- c:\windows\system32\dllcache\mgaud.dll
2012-11-27 17:28:06 26112 -c–a-w- c:\windows\system32\dllcache\memstpci.sys
2012-11-27 17:28:03 47616 -c–a-w- c:\windows\system32\dllcache\memgrp.dll
2012-11-27 17:26:56 19016 -c–a-w- c:\windows\system32\dllcache\ktc111.sys
2012-11-27 17:25:59 13568 -c–a-w- c:\windows\system32\dllcache\inport.sys
2012-11-27 17:24:58 702845 -c–a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2012-11-27 17:23:58 324608 -c–a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-11-27 17:22:58 1733120 -c–a-w- c:\windows\system32\dllcache\g400d.dll
2012-11-27 17:21:55 46080 -c–a-w- c:\windows\system32\dllcache\esunib.dll
2012-11-27 17:20:58 66591 -c–a-w- c:\windows\system32\dllcache\el90xbc5.sys
2012-11-27 17:19:58 91305 -c–a-w- c:\windows\system32\dllcache\dimaint.sys
2012-11-27 17:18:59 93952 -c–a-w- c:\windows\system32\dllcache\cwcwdm.sys
2012-11-27 17:17:58 236032 -c–a-w- c:\windows\system32\dllcache\camext20.dll
2012-11-27 17:16:59 38912 -c–a-w- c:\windows\system32\dllcache\avc.sys
2012-11-27 17:15:40 66048 -c–a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-11-24 20:16:53 132560 -c–a-w- c:\windows\system32\esdevapp.exe
2012-11-24 20:16:53 12800 -c–a-w- c:\windows\system32\escdev.dll
2012-11-24 20:16:44 342016 -c–a-w- c:\windows\system32\eswiaud.dll
2012-11-24 19:35:23 237072 -c—-w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-10-22 19:57:06 1866496 -c–a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:35 58368 -c–a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 15:18:49,12 ===============
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
