Ga naar inhoud

Trojan Downloader HELP

Daann
 Delen

Aanbevolen berichten

Daann Groentje

Daann

Geplaatst:
Geplaatst:

Hallo,

Ik heb deze week een film gedownload, toen kreeg ik meldingen van er is een TrojanDowloader op uw computer.

Meteeen verwijderd maar het kwaad was al geschied.een TrojanDownloader op mijn laptop. Hij heet TrojanDownloader:Win32/Renos.MQ

Ik krijg het met geen mogelijkheid weg windows defender komt met een mededeling ervan en als ik dan zeg alles verwijderen komt die over ong. 30 minuten weer met die mededeling

Heb wel een hijacklog gemaakt. Zal hem hieronder plakken.

Kan iemand mij alsjeblieft helpen om het eraf te krijgen????

Gr. Daan

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:12:21, on 22-7-2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--

End of file - 13341 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd

O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
Daann Groentje

Daann

Geplaatst:
  • Auteur
Geplaatst:

Malwarebytes' Anti-Malware 1.38

Database version: 2373

Windows 6.0.6002 Service Pack 2

22-7-2010 15:36:41

mbam-log-2010-07-22 (15-36-41).txt

Scan type: Quick Scan

Objects scanned: 86172

Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:38:38, on 22-7-2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--

End of file - 11235 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  • Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Daann Groentje

Daann

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 10-07-21.04 - Daan 22-07-2010 18:31:19.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3837.2849 [GMT 2:00]

Gestart vanuit: c:\users\Daan\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\system volume information\SystemRestore

c:\users\Daan\AppData\Roaming\inst.exe

c:\windows\Hgadoa.exe

c:\windows\system32\AutoRun.inf

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 ))))))))))))))))))))))))))))))

.

2010-07-22 16:42 . 2010-07-22 16:44 -------- dc----w- c:\users\Daan\AppData\Local\temp

2010-07-22 16:42 . 2010-07-22 16:42 -------- dc----w- c:\users\Default\AppData\Local\temp

2010-07-22 12:37 . 2010-07-22 12:37 53248 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe

2010-07-22 10:58 . 2010-07-22 14:41 -------- dc----w- c:\programdata\Kaspersky Lab

2010-07-22 10:57 . 2009-10-22 11:54 37392 -c--a-w- c:\windows\system32\drivers\40753002.sys

2010-07-22 10:57 . 2009-10-09 21:31 311312 -c--a-w- c:\windows\system32\drivers\4075300.sys

2010-07-22 10:57 . 2009-09-25 15:59 128016 -c--a-w- c:\windows\system32\drivers\40753001.sys

2010-07-22 10:27 . 2010-07-22 10:30 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2010-07-22 10:27 . 2010-07-22 10:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-07-22 10:01 . 2010-07-22 10:01 388096 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\program files\Miro

2010-07-21 11:24 . 2010-07-21 11:24 970504 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-07-20 10:35 . 2010-07-20 13:31 -------- d-----w- c:\program files\iPod(3)

2010-07-20 10:35 . 2010-07-20 10:37 -------- d-----w- c:\program files\iTunes(4)

2010-07-20 10:25 . 2010-07-20 19:19 -------- d-----w- c:\program files\Bonjour

2010-07-19 18:52 . 2010-07-19 18:52 -------- dc----w- c:\users\Daan\AppData\Roaming\.BitTornado

2010-07-19 16:50 . 2010-07-20 18:22 -------- dc----w- c:\users\Daan\AppData\Roaming\Vso

2010-07-19 16:50 . 2010-07-20 18:22 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys

2010-07-19 16:50 . 2010-07-19 16:50 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys

2010-07-19 16:50 . 2010-02-09 14:37 65602 -c--a-w- c:\windows\system32\cook3260.dll

2010-07-19 16:50 . 2010-02-09 14:37 217127 -c--a-w- c:\windows\system32\drv43260.dll

2010-07-19 16:50 . 2010-02-09 14:37 208935 -c--a-w- c:\windows\system32\drv33260.dll

2010-07-19 16:50 . 2010-02-09 14:37 176165 -c--a-w- c:\windows\system32\drv23260.dll

2010-07-19 16:50 . 2010-02-09 14:37 102439 -c--a-w- c:\windows\system32\sipr3260.dll

2010-07-19 16:50 . 2010-02-09 14:37 626688 -c--a-w- c:\windows\system32\vp7vfw.dll

2010-07-19 16:50 . 2010-02-09 14:37 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll

2010-07-19 16:50 . 2010-07-20 18:23 -------- d-----w- c:\program files\VSO

2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\users\Daan\AppData\Roaming\Canneverbe Limited

2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\programdata\Canneverbe Limited

2010-07-16 19:46 . 2010-07-16 19:46 -------- d-----w- c:\program files\CDBurnerXP

2010-07-16 19:22 . 2010-07-16 19:22 715248 -c--a-w- c:\windows\system32\drivers\sptd.sys

2010-07-16 17:37 . 2010-07-16 17:46 -------- dc----w- c:\users\Daan\AppData\Local\Ahead

2010-07-16 17:32 . 2010-07-16 18:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Ahead

2010-07-16 17:31 . 2010-07-16 17:31 -------- dc----w- c:\programdata\Ahead

2010-07-16 16:29 . 2010-07-16 16:29 -------- dc----w- c:\programdata\NCH Software

2010-07-16 12:07 . 2010-07-16 12:07 -------- dc----w- c:\users\Daan\AppData\Roaming\gtk-2.0

2010-06-30 14:46 . 2010-07-20 19:23 -------- d-----w- c:\program files\iPod

2010-06-30 14:46 . 2010-07-22 15:36 -------- d-----w- c:\program files\iTunes

2010-06-30 14:38 . 2010-06-30 14:38 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-24 14:41 . 2009-11-08 08:55 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-24 14:41 . 2009-11-08 08:55 49472 -c--a-w- c:\windows\system32\netfxperf.dll

2010-06-24 14:41 . 2009-11-08 08:55 297808 -c--a-w- c:\windows\system32\mscoree.dll

2010-06-24 14:41 . 2009-11-08 08:55 295264 -c--a-w- c:\windows\system32\PresentationHost.exe

2010-06-24 14:41 . 2009-11-08 08:55 1130824 -c--a-w- c:\windows\system32\dfshim.dll

2010-06-24 13:23 . 2010-04-16 16:43 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll

2010-06-24 13:23 . 2010-04-16 14:39 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-23 12:23 . 2010-06-23 12:23 501936 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtb975.tmp.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-22 16:25 . 2009-09-11 05:37 31776 -c--a-w- c:\programdata\nvModes.dat

2010-07-22 16:23 . 2010-01-25 15:09 -------- dc----w- c:\users\Daan\AppData\Roaming\DNA

2010-07-22 14:42 . 2009-12-15 19:44 -------- dc----w- c:\users\Daan\AppData\Roaming\LimeWire

2010-07-22 14:39 . 2010-01-25 15:09 -------- d-----w- c:\program files\DNA

2010-07-22 12:45 . 2010-06-01 17:08 256 -c--a-w- c:\windows\system32\pool.bin

2010-07-22 12:30 . 2006-11-02 16:11 670308 -c--a-w- c:\windows\system32\perfh013.dat

2010-07-22 12:30 . 2006-11-02 16:11 127900 -c--a-w- c:\windows\system32\perfc013.dat

2010-07-22 12:17 . 2008-02-17 18:44 -------- dc----w- c:\programdata\Google Updater

2010-07-21 14:38 . 2010-05-26 19:25 -------- dc----w- c:\users\Daan\AppData\Roaming\PCF-VLC

2010-07-20 20:21 . 2009-08-27 16:03 104408 -c--a-w- c:\users\Daan\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-20 19:32 . 2009-09-01 14:20 -------- dc----w- c:\users\Daan\AppData\Roaming\Nero

2010-07-20 19:32 . 2009-08-27 16:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Roxio

2010-07-20 19:32 . 2009-09-13 19:20 -------- dc----w- c:\users\Daan\AppData\Roaming\HpUpdate

2010-07-20 19:30 . 2009-08-28 17:18 -------- d-----w- c:\program files\vlc-0.8.5

2010-07-20 19:29 . 2008-11-07 15:28 -------- dc----w- c:\program files\TuneUp Utilities 2008

2010-07-20 19:28 . 2010-03-31 15:05 -------- d-----w- c:\program files\QuickTime

2010-07-20 19:27 . 2008-02-08 16:09 -------- dc----w- c:\program files\Microsoft Works

2010-07-20 19:24 . 2008-02-11 15:39 -------- dc----w- c:\program files\Messenger Plus! Live

2010-07-20 19:24 . 2009-07-04 16:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-20 19:21 . 2008-02-08 17:26 -------- d-----w- c:\program files\HP

2010-07-20 19:21 . 2008-04-24 18:29 -------- d-----w- c:\program files\Euroglot Professional 4.5

2010-07-20 19:19 . 2008-02-08 17:50 -------- d-----w- c:\program files\CCleaner

2010-07-20 19:19 . 2009-09-11 05:34 -------- d-----w- c:\program files\AGEIA Technologies

2010-07-20 19:17 . 2009-08-15 19:25 -------- dc----w- c:\program files\Microsoft Silverlight

2010-07-20 19:17 . 2008-02-17 19:45 -------- d-----w- c:\program files\Java

2010-07-20 19:17 . 2008-02-17 18:44 -------- d-----w- c:\program files\Google

2010-07-20 13:30 . 2010-03-31 14:49 -------- dc----w- c:\programdata\PMB Files

2010-07-20 13:30 . 2009-08-27 19:55 -------- dc----w- c:\programdata\HP Product Assistant

2010-07-20 13:30 . 2008-02-11 15:09 -------- d-----w- c:\program files\Common Files\Apple

2010-07-20 12:19 . 2009-12-15 19:42 -------- d-----w- c:\program files\LimeWire

2010-07-16 20:34 . 2009-09-01 14:14 -------- d-----w- c:\program files\Nero

2010-07-16 20:33 . 2009-09-01 14:14 -------- dc----w- c:\programdata\Nero

2010-07-16 10:24 . 2008-02-08 16:00 -------- dc----w- c:\programdata\Roxio

2010-07-16 10:24 . 2008-02-08 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-07-16 10:24 . 2008-02-08 15:57 -------- d-----w- c:\program files\Common Files\Roxio Shared

2010-07-16 10:24 . 2009-10-04 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-07-16 10:08 . 2010-06-01 17:05 -------- dc----w- c:\programdata\Research In Motion

2010-07-14 18:04 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail

2010-07-14 18:02 . 2009-12-09 16:06 -------- dc----w- c:\programdata\Microsoft Help

2010-06-15 17:54 . 2009-08-28 18:57 -------- d-----w- c:\program files\Microsoft

2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr

2010-06-02 15:05 . 2010-06-02 15:05 -------- dc----w- c:\users\Daan\AppData\Roaming\InstallShield

2010-06-01 17:40 . 2010-06-01 17:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Research In Motion

2010-06-01 17:07 . 2010-06-01 17:05 -------- d-----w- c:\program files\Research In Motion

2010-06-01 17:05 . 2010-06-01 17:05 -------- d-----w- c:\program files\Common Files\Research In Motion

2010-05-26 17:06 . 2010-06-10 13:26 34304 -c--a-w- c:\windows\system32\atmlib.dll

2010-05-26 15:03 . 2010-05-26 15:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Participatory Culture Foundation

2010-05-26 14:47 . 2010-06-10 13:26 289792 -c--a-w- c:\windows\system32\atmfd.dll

2010-05-21 12:14 . 2009-10-02 17:51 221568 -c----w- c:\windows\system32\MpSigStub.exe

2010-05-19 19:43 . 2010-05-19 19:43 680 -c--a-w- c:\users\Daan\AppData\Local\d3d9caps.dat

2010-05-11 18:34 . 2010-05-11 18:34 149132 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-05-04 05:59 . 2010-06-10 13:25 916480 -c--a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-10 13:25 71680 -c--a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55 . 2010-06-10 13:25 109056 -c--a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31 . 2010-06-10 13:25 133632 -c--a-w- c:\windows\system32\ieUnatt.exe

2010-05-01 14:13 . 2010-06-10 13:25 2037248 -c--a-w- c:\windows\system32\win32k.sys

2008-02-08 16:16 . 2008-02-08 16:16 76 -csh--r- c:\windows\CT4CET.bin

2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-25 323392]

"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

setup_9.0.0.722_22.07.2010_13-32[1].lnk - c:\users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe [2010-7-22 72208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):c8,87,7e,69,a0,30,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2189767671-939685220-2883698749-1000]

"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 715248]

S0 40753002;40753002 Boot Guard Driver;c:\windows\system32\DRIVERS\40753002.sys [2009-10-22 37392]

S1 40753001;40753001;c:\windows\system32\DRIVERS\40753001.sys [2009-09-25 128016]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2010-07-16 c:\windows\Tasks\Easy Onderhoud.job

- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 14:09]

2010-07-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-17 21:33]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19]

2010-07-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]

2010-06-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D68FD34-7637-4E82-939B-057DD3EE896D}.job

- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]

2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{FAE1C805-3CB6-4169-B1D7-65CBDD1C5620}.job

- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://www.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-22 18:44

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*]

@Class="Shell"

[HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*\OpenWithList]

@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2010-07-22 18:48:18

ComboFix-quarantined-files.txt 2010-07-22 16:48

Pre-Run: 87.819.395.072 bytes beschikbaar

Post-Run: 91.303.493.632 bytes beschikbaar

- - End Of File - - BBDABEF715DBB204E7EF68FAEE23F995

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\40753002.sys

c:\windows\system32\drivers\4075300.sys

c:\windows\system32\drivers\40753001.sys

Driver::

40753002

4075300

40753001

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat dan even weten of de pop-ups er nog zijn ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst: (aangepast)
moet dit nog gebeuren want ik heb nergens last meer van je hebt mij in ieder geval super geholpen
Dit zou je best nog doen, ja ... want dat zijn dieperliggende besmettingen die eventueel later nog voor problemen zouden kunnen zorgen. Indien je deze nu definitief verwijderd, heb je opnieuw een volkomen cleane PC. aangepast door kape
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.