Stef Pillaert

Lid

Bekijk profiel Bekijk hun activiteit

Items
8
Registratiedatum
5 juli 2012
Laatst bezocht
6 juli 2012

Stef Pillaert's prestaties

Groentje (2/14)

Recente badges

Reputatie

Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

ON-GE-LOOF-LIJK BEDANKT!!!! Stef
- 6 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

Neen, alles lijkt OK te zijn. Ik veronderstel dat ik nu de registry moet opruimen met CC-cleaner, en dan nog de herstelpunten vernietigen? Of moet ik eerst nog iets anders doen?
- 6 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

ComboFix 12-07-05.04 - adminTINETO 05/07/2012 23:15:27.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4094.2704 [GMT 2:00] Gestart vanuit: c:\users\adminTINETO\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\adminTINETO\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Application Updater c:\program files (x86)\Application Updater\ApplicationUpdater.exe c:\program files (x86)\Application Updater\config.ini c:\program files (x86)\Common Files\Spigot c:\program files (x86)\Common Files\Spigot\GC\coupons_2.0.crx c:\program files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.0.crx c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\listener.js c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\listener.xul c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome\content\shared.jsm c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf c:\program files (x86)\YouTube Downloader Toolbar c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome.manifest c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\chrome.jar c:\program files (x86)\YouTube Downloader Toolbar\FF\install.rdf c:\program files (x86)\YouTube Downloader Toolbar\IE\6.0\config.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\amazon.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\dailymotion.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\ebay.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\facebook.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\googleplus.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\hulu.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\icon_settings.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1031.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1033.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1034.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1036.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1040.ini c:\program files (x86)\YouTube Downloader Toolbar\Res\metacafe.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-close.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-minimize.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\radiobeta.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button-hover.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron-hover.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_amazon.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_baidu.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_ebay.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yahoo.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yandex.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\search_youtube.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\twitter.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\veoh.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\widgets.xml c:\program files (x86)\YouTube Downloader Toolbar\Res\youtube.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo.gif c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif c:\program files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe c:\programdata\gsklfibccgvsigo c:\programdata\gsklfibccgvsigo\be-flag.png c:\programdata\gsklfibccgvsigo\be-image.png c:\programdata\gsklfibccgvsigo\btn-green.png c:\programdata\gsklfibccgvsigo\corners-btn.png c:\programdata\gsklfibccgvsigo\corners1.png c:\programdata\gsklfibccgvsigo\corners2.png c:\programdata\gsklfibccgvsigo\corners3.png c:\programdata\gsklfibccgvsigo\corners4.png c:\programdata\gsklfibccgvsigo\ie6-7.css c:\programdata\gsklfibccgvsigo\jquery.main.js c:\programdata\gsklfibccgvsigo\main.html c:\programdata\gsklfibccgvsigo\McAfee.png c:\programdata\gsklfibccgvsigo\pays-be.png c:\programdata\gsklfibccgvsigo\steps-be.png c:\programdata\gsklfibccgvsigo\steps-en.png c:\programdata\gsklfibccgvsigo\steps-nl.png c:\programdata\gsklfibccgvsigo\style.css c:\programdata\gsklfibccgvsigo\tabs.png c:\windows\jestertb.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Application Updater . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))) . . 2012-07-05 07:47 . 2012-07-05 07:47 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-05 07:47 . 2012-07-05 07:46 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-05 07:46 . 2012-07-05 07:46 -------- d-----w- c:\program files (x86)\Java 2012-07-05 05:43 . 2012-07-05 05:45 -------- d-----w- c:\programdata\HitmanPro 2012-07-04 22:43 . 2012-07-05 07:46 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-04 16:30 . 2012-07-04 16:30 -------- d-----w- c:\programdata\Malwarebytes 2012-07-04 16:30 . 2012-07-05 07:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-04 16:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\programdata\YTD Video Downloader 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\program files (x86)\GreenTree Applications 2012-06-30 10:38 . 2012-06-30 10:41 -------- d-----w- c:\users\lieve 2012-06-30 10:21 . 2012-06-30 17:57 -------- d-----w- c:\users\toon 2012-06-30 10:07 . 2012-06-30 10:10 -------- d-----w- c:\users\nele 2012-06-30 10:05 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-30 10:05 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-06-30 10:05 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-06-30 10:04 . 2012-06-30 10:04 -------- d-----w- c:\program files\iPod 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\program files\iTunes 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\program files (x86)\iTunes 2012-06-30 10:03 . 2012-06-30 10:03 -------- d-----w- c:\programdata\Apple Computer 2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files\Common Files\Apple 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files\Bonjour 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files (x86)\Bonjour 2012-06-30 09:59 . 2012-06-30 10:03 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-06-30 09:59 . 2012-06-30 10:00 -------- d-----w- c:\programdata\Apple 2012-06-30 09:16 . 2012-07-01 08:32 -------- d-----w- c:\users\tine 2012-06-30 08:27 . 2012-06-30 08:27 -------- d-----w- c:\program files (x86)\FrostWire 5 2012-06-30 08:08 . 2012-06-30 08:23 -------- d-----w- c:\program files (x86)\LimeWire 2012-06-30 07:31 . 2012-06-30 08:40 -------- d-----w- c:\programdata\eMule 2012-06-30 07:02 . 2012-07-05 21:03 -------- d-----w- C:\QUARANTINE 2012-06-29 19:01 . 2012-06-29 19:01 -------- d-----w- c:\programdata\Sibelius Software 2012-06-29 18:59 . 2012-06-29 18:59 -------- d-----w- c:\program files (x86)\Neuratron AudioScore Lite 2012-06-29 18:58 . 2012-06-29 18:58 -------- d-----w- c:\program files (x86)\gs 2012-06-29 18:58 . 2012-06-29 18:58 -------- d-----w- c:\program files (x86)\Neuratron PhotoScore Lite 2012-06-29 14:32 . 2012-06-29 19:02 -------- d-----w- c:\program files (x86)\Sibelius Software 2012-06-29 14:08 . 2010-10-22 18:07 78768 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-29 14:08 . 2010-10-22 18:07 98088 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-29 14:08 . 2010-10-22 18:07 120224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-29 14:08 . 2010-10-22 18:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-29 14:08 . 2010-10-22 18:07 470808 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-29 14:08 . 2010-10-22 18:07 77968 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-29 14:07 . 2012-07-05 07:44 -------- d-----w- c:\programdata\McAfee 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\McAfee 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-06-29 12:27 . 2012-06-29 12:28 -------- d-----w- c:\program files (x86)\Google 2012-06-29 08:30 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll 2012-06-29 08:30 . 2011-09-22 15:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL 2012-06-29 08:17 . 2012-06-29 08:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-06-29 07:58 . 2012-06-30 09:32 -------- d-----w- c:\program files (x86)\Microsoft Office Communicator 2012-06-29 07:52 . 2012-06-29 07:53 -------- d-----w- c:\program files (x86)\Microsoft Small Business 2012-06-29 07:52 . 2012-06-29 07:52 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-06-29 07:49 . 2009-03-31 04:55 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\program files\Microsoft SQL Server 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\windows\SysWow64\1033 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\windows\system32\1033 2012-06-29 07:39 . 2012-06-29 08:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\windows\PCHEALTH 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2012-06-29 07:31 . 2012-06-29 07:31 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-06-29 07:30 . 2012-06-29 07:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-06-29 07:29 . 2012-06-29 08:59 -------- d-----w- c:\programdata\Microsoft Help 2012-06-29 07:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-29 07:13 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-29 07:04 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D763A98B-AC18-4678-A54E-695413CAB36C}\mpengine.dll 2012-06-29 06:49 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-06-29 06:49 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-06-29 06:49 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-06-29 05:43 . 2012-06-29 05:43 -------- d-----w- c:\windows\system32\SPReview 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\windows\system32\EventProviders 2012-06-29 04:41 . 2012-07-04 22:37 -------- d-----w- c:\windows\Panther 2012-06-28 22:57 . 2010-11-20 12:18 243712 ----a-w- c:\windows\SysWow64\audiodev.dll 2012-06-28 22:56 . 2010-11-20 12:21 11264 ----a-w- c:\windows\SysWow64\wshirda.dll 2012-06-28 22:55 . 2010-11-20 12:20 859648 ----a-w- c:\windows\SysWow64\OobeFldr.dll 2012-06-28 22:55 . 2010-11-20 12:18 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2012-06-28 22:53 . 2010-11-20 13:27 577536 ----a-w- c:\windows\system32\WSDApi.dll 2012-06-28 22:53 . 2010-11-20 13:27 483840 ----a-w- c:\windows\system32\StructuredQuery.dll 2012-06-28 22:53 . 2010-11-05 01:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-06-28 22:53 . 2010-11-05 01:53 109928 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-06-28 22:53 . 2010-11-20 13:34 295808 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-06-28 22:53 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys 2012-06-28 22:53 . 2010-11-20 13:27 59904 ----a-w- c:\windows\system32\umb.dll 2012-06-28 22:53 . 2010-11-20 10:44 48640 ----a-w- c:\windows\system32\drivers\umbus.sys 2012-06-28 22:53 . 2010-11-20 10:34 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2012-06-28 22:53 . 2010-11-20 13:33 103808 ----a-w- c:\windows\system32\drivers\sbp2port.sys 2012-06-28 22:53 . 2010-11-20 13:27 60928 ----a-w- c:\program files\Windows Defender\MsMpCom.dll 2012-06-28 22:51 . 2010-11-20 13:27 1556992 ----a-w- c:\windows\system32\RacEngn.dll 2012-06-28 21:36 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-06-28 21:24 . 2012-06-29 08:25 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-06-28 21:14 . 2012-06-28 21:14 -------- d-----w- c:\windows\SysWow64\Wat 2012-06-28 21:14 . 2012-06-28 21:14 -------- d-----w- c:\windows\system32\Wat 2012-06-28 20:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-28 20:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-28 20:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-06-28 20:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-28 20:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-06-28 20:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-06-28 20:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-06-28 20:55 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-06-28 20:55 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-06-28 20:54 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-06-28 20:54 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-06-28 20:54 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-06-28 20:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-06-28 20:54 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-06-28 20:54 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-06-28 20:54 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-06-28 20:54 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-06-28 20:54 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-06-28 20:54 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-06-28 20:54 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-06-28 20:54 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-06-28 20:50 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-06-28 20:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-06-28 20:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-06-28 20:49 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-06-28 20:49 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-06-28 20:49 . 2012-06-28 20:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-06-28 20:48 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2012-06-28 20:48 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-29 06:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-06-29 06:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-25 10:11 . 2012-04-25 10:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-04-25 10:11 . 2012-04-25 10:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-05_11.18.26 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-07-05 10:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-05 11:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-05 11:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-05 10:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-05 10:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-05 11:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-07-05 21:29 28948 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-06-28 18:52 . 2012-07-05 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-06-28 18:52 . 2012-07-05 11:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-06-28 18:52 . 2012-07-05 21:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-06-28 18:52 . 2012-07-05 11:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-05 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-05 11:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-28 19:06 . 2012-07-05 21:29 5432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1076764191-3557422255-3985221122-1001_UserData.bin - 2012-07-05 11:17 . 2012-07-05 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-05 21:27 . 2012-07-05 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-05 11:17 . 2012-07-05 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-05 21:27 . 2012-07-05 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-07-05 21:26 401940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-05 11:16 401940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-06-28 20:23 . 2012-07-05 21:26 1480416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2012-06-28 20:23 . 2012-07-05 11:16 1480416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-06-28 21:12 . 2012-07-05 21:26 8890432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1076764191-3557422255-3985221122-1001-8192.dat - 2012-06-28 21:12 . 2012-06-30 18:03 8890432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1076764191-3557422255-3985221122-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 257224] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-22 78768] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2009-07-07 11832] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-10-22 20792] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-22 77968] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . Inhoud van de 'Gedeelde Taken' map . 2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 20:43] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 12:27] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 12:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288] "combofix"="c:\combofix\CF28090.3XE" [2010-11-20 345088] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2012-07-05 23:34:54 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-05 21:34 ComboFix2.txt 2012-07-05 11:32 . Pre-Run: 587.396.898.816 bytes beschikbaar Post-Run: 587.287.515.136 bytes beschikbaar . - - End Of File - - 8C19D61C73DED5C8839BB0430ED9ED77
- 5 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

Ik heb inderdaad die error-melding gekregen, heb op "neen" geklikt, en de PC herstart. Ik heb daarvoor ook een paar keer een melding gekregen dat "nirkmd" niet gevonden werd, en ik moest op OK klikkeln (ik heb dat gedaan, ik hoop dat dat mocht?) Hieronder de log van combofix: ================================ ComboFix 12-07-05.02 - adminTINETO 05/07/2012 13:08:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4094.2582 [GMT 2:00] Gestart vanuit: c:\users\adminTINETO\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Mail Bomber c:\program files (x86)\Mail Bomber\alternat.txt c:\program files (x86)\Mail Bomber\discounts.txt c:\program files (x86)\Mail Bomber\freegift.txt c:\program files (x86)\Mail Bomber\license.txt c:\program files (x86)\Mail Bomber\mailsend.cnt c:\program files (x86)\Mail Bomber\mailsend.dat c:\program files (x86)\Mail Bomber\mailsend.exe c:\program files (x86)\Mail Bomber\mailsend.hlp c:\program files (x86)\Mail Bomber\mailsend.opt c:\program files (x86)\Mail Bomber\readme.txt c:\program files (x86)\Mail Bomber\unins000.dat c:\program files (x86)\Mail Bomber\unins000.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Mail Bomber Help.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Mail Bomber.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Readme.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Mail Bomber\Uninstall Mail Bomber.lnk c:\programdata\mikwgiupkqhxuqg c:\programdata\rcintfse.exe c:\programdata\zlodvest.exe c:\users\ADMINT~1\AppData\Local\Temp\{D225AF71-522B-4264-9ED6-325AC49EF9DA}\fpb.tmp c:\users\adminTINETO\AppData\Local\Temp\{D225AF71-522B-4264-9ED6-325AC49EF9DA}\fpb.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))) . . 2012-07-05 07:47 . 2012-07-05 07:47 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-05 07:47 . 2012-07-05 07:46 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-05 07:46 . 2012-07-05 07:46 -------- d-----w- c:\program files (x86)\Java 2012-07-05 05:43 . 2012-07-05 05:45 -------- d-----w- c:\programdata\HitmanPro 2012-07-04 22:43 . 2012-07-05 07:46 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-04 16:30 . 2012-07-04 16:30 -------- d-----w- c:\programdata\Malwarebytes 2012-07-04 16:30 . 2012-07-05 07:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-04 16:30 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 17:57 . 2012-06-30 17:57 -------- d-----w- c:\programdata\gsklfibccgvsigo 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\program files (x86)\Application Updater 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\programdata\YTD Video Downloader 2012-06-30 15:30 . 2012-06-30 15:30 -------- d-----w- c:\program files (x86)\GreenTree Applications 2012-06-30 10:38 . 2012-06-30 10:41 -------- d-----w- c:\users\lieve 2012-06-30 10:21 . 2012-06-30 17:57 -------- d-----w- c:\users\toon 2012-06-30 10:07 . 2012-06-30 10:10 -------- d-----w- c:\users\nele 2012-06-30 10:05 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-06-30 10:05 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-06-30 10:05 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-06-30 10:04 . 2012-06-30 10:04 -------- d-----w- c:\program files\iPod 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\program files\iTunes 2012-06-30 10:03 . 2012-06-30 10:05 -------- d-----w- c:\program files (x86)\iTunes 2012-06-30 10:03 . 2012-06-30 10:03 -------- d-----w- c:\programdata\Apple Computer 2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files\Common Files\Apple 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files\Bonjour 2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files (x86)\Bonjour 2012-06-30 09:59 . 2012-06-30 10:03 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-06-30 09:59 . 2012-06-30 10:00 -------- d-----w- c:\programdata\Apple 2012-06-30 09:16 . 2012-07-01 08:32 -------- d-----w- c:\users\tine 2012-06-30 08:27 . 2012-06-30 08:27 -------- d-----w- c:\program files (x86)\FrostWire 5 2012-06-30 08:08 . 2012-06-30 08:23 -------- d-----w- c:\program files (x86)\LimeWire 2012-06-30 07:31 . 2012-06-30 08:40 -------- d-----w- c:\programdata\eMule 2012-06-30 07:27 . 2012-06-30 07:27 20992 ----a-w- c:\windows\jestertb.dll 2012-06-30 07:02 . 2012-06-30 07:16 -------- d-----w- C:\QUARANTINE 2012-06-29 19:01 . 2012-06-29 19:01 -------- d-----w- c:\programdata\Sibelius Software 2012-06-29 18:59 . 2012-06-29 18:59 -------- d-----w- c:\program files (x86)\Neuratron AudioScore Lite 2012-06-29 18:58 . 2012-06-29 18:58 -------- d-----w- c:\program files (x86)\gs 2012-06-29 18:58 . 2012-06-29 18:58 -------- d-----w- c:\program files (x86)\Neuratron PhotoScore Lite 2012-06-29 14:32 . 2012-06-29 19:02 -------- d-----w- c:\program files (x86)\Sibelius Software 2012-06-29 14:08 . 2010-10-22 18:07 78768 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-29 14:08 . 2010-10-22 18:07 98088 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-29 14:08 . 2010-10-22 18:07 120224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-29 14:08 . 2010-10-22 18:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-29 14:08 . 2010-10-22 18:07 470808 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-29 14:08 . 2010-10-22 18:07 77968 ----a-w- c:\windows\system32\mfevtps.exe 2012-06-29 14:07 . 2012-07-05 07:44 -------- d-----w- c:\programdata\McAfee 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\McAfee 2012-06-29 14:07 . 2012-06-29 14:07 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-06-29 12:27 . 2012-06-29 12:28 -------- d-----w- c:\program files (x86)\Google 2012-06-29 08:30 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll 2012-06-29 08:30 . 2011-09-22 15:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL 2012-06-29 08:17 . 2012-06-29 08:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-06-29 07:58 . 2012-06-30 09:32 -------- d-----w- c:\program files (x86)\Microsoft Office Communicator 2012-06-29 07:52 . 2012-06-29 07:53 -------- d-----w- c:\program files (x86)\Microsoft Small Business 2012-06-29 07:52 . 2012-06-29 07:52 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-06-29 07:49 . 2009-03-31 04:55 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$MSSMLBIZ-sqlagtctr10.1.2531.0.dll 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\program files\Microsoft SQL Server 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\windows\SysWow64\1033 2012-06-29 07:47 . 2012-06-29 07:47 -------- d-----w- c:\windows\system32\1033 2012-06-29 07:39 . 2012-06-29 08:22 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\windows\PCHEALTH 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2012-06-29 07:32 . 2012-06-29 07:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2012-06-29 07:31 . 2012-06-29 07:31 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-06-29 07:30 . 2012-06-29 07:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-06-29 07:29 . 2012-06-29 08:59 -------- d-----w- c:\programdata\Microsoft Help 2012-06-29 07:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-29 07:13 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-29 07:04 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D763A98B-AC18-4678-A54E-695413CAB36C}\mpengine.dll 2012-06-29 06:49 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-06-29 06:49 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-06-29 06:49 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-06-29 05:43 . 2012-06-29 05:43 -------- d-----w- c:\windows\system32\SPReview 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\windows\system32\EventProviders 2012-06-29 04:41 . 2012-07-04 22:37 -------- d-----w- c:\windows\Panther 2012-06-28 22:57 . 2010-11-20 12:18 243712 ----a-w- c:\windows\SysWow64\audiodev.dll 2012-06-28 22:56 . 2010-11-20 12:21 11264 ----a-w- c:\windows\SysWow64\wshirda.dll 2012-06-28 22:55 . 2010-11-20 12:20 859648 ----a-w- c:\windows\SysWow64\OobeFldr.dll 2012-06-28 22:55 . 2010-11-20 12:18 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2012-06-28 22:53 . 2010-11-20 13:27 577536 ----a-w- c:\windows\system32\WSDApi.dll 2012-06-28 22:53 . 2010-11-20 13:27 483840 ----a-w- c:\windows\system32\StructuredQuery.dll 2012-06-28 22:53 . 2010-11-05 01:53 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-06-28 22:53 . 2010-11-05 01:53 109928 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-06-28 22:53 . 2010-11-20 13:34 295808 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-06-28 22:53 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys 2012-06-28 22:53 . 2010-11-20 13:27 59904 ----a-w- c:\windows\system32\umb.dll 2012-06-28 22:53 . 2010-11-20 10:44 48640 ----a-w- c:\windows\system32\drivers\umbus.sys 2012-06-28 22:53 . 2010-11-20 10:34 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2012-06-28 22:53 . 2010-11-20 13:33 103808 ----a-w- c:\windows\system32\drivers\sbp2port.sys 2012-06-28 22:53 . 2010-11-20 13:27 60928 ----a-w- c:\program files\Windows Defender\MsMpCom.dll 2012-06-28 22:51 . 2010-11-20 13:27 1556992 ----a-w- c:\windows\system32\RacEngn.dll 2012-06-28 21:36 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-06-28 21:24 . 2012-06-29 08:25 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-06-28 21:14 . 2012-06-28 21:14 -------- d-----w- c:\windows\SysWow64\Wat 2012-06-28 21:14 . 2012-06-28 21:14 -------- d-----w- c:\windows\system32\Wat 2012-06-28 20:58 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-28 20:58 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-28 20:58 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-06-28 20:58 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-28 20:58 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-06-28 20:58 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-06-28 20:58 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-06-28 20:55 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-06-28 20:55 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-06-28 20:54 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-06-28 20:54 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-06-28 20:54 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-06-28 20:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-06-28 20:54 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-06-28 20:54 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-06-28 20:54 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-06-28 20:54 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-06-28 20:54 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-06-28 20:54 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-06-28 20:54 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-06-28 20:54 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-06-28 20:50 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-06-28 20:50 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-06-28 20:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-29 06:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-06-29 06:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-25 10:11 . 2012-04-25 10:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-04-25 10:11 . 2012-04-25 10:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-10-22 124224] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 257224] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 116648] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-22 78768] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys [2009-07-07 11832] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-27 791488] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-10-22 20792] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-22 77968] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 20:43] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 12:27] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 12:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2012-07-05 13:32:35 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-05 11:32 . Pre-Run: 587.186.368.512 bytes beschikbaar Post-Run: 587.719.446.528 bytes beschikbaar . - - End Of File - - E3D05EFCD1A75C6EBF6787A4712A17BB =========================================
- 5 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

*Ik luk er blijkbaar niet in om dat goed uit te voeren, wellicht doe ik iets verkeerd. Als ik die commando's een voor een kopieer naar dat vakje dat verschijnt vlak boven de "start"-knop ("Programma's en bestanden zoeken"), en dan op "enter" druk, zie ik telkens snel een zwart (dos?-) venstertje openen en snel weer sluiten. Ik blijf inderdaad die meldingen krijgen in mijn log-bestand van hijackthis... Wat doe ik verkeerd? (Sorry indien ik iets stoms over het hoofd zie). *Aanmelden in gewone modus als Toon lijkt nu weer Ok te zijn (hoewel het vrij lang duurde vooraleer ik goed en wel aangemeld geraakte). Trouwens, de eerste keer weer aanmelden als admin in gewone modus, duurde ook vrij lang, ik veronderstel dat dat normaal is? *Die drie eerder vermelde bestanden in mijn oorspr. post, zijn die alle drie OK? Ik zie die nog steeds staan: zlodvest.exe; rcintfse; mikwgiupkqhxuqg (in C:\ProgramData), is dat veilig dat die daar blijven staan?
- 5 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

OK, MBAM leek me niets te vinden (zie log), en daaronder de log van hijackthis, uitgevoerd vanaf account "toon" in safe-mode, maar als 'administrator' uitgevoerd: ===================================== Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.02 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 toon :: TINETO [limited] Protection: Disabled 5/07/2012 10:41:19 mbam-log-2012-07-05 (10-41-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 215983 Time elapsed: 1 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ========================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:46:28, on 5/07/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\adminTINETO\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9772 bytes ===============================
- 5 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert reageerde op Stef Pillaert's topic in Archief Bestrijding malware & virussen

OK, hieronder in volgorde: -log van MBAM -nieuwe log Hijackthis (admin) -log Hijackthis (aangemeld in Save Mode als besmette user "toon") ============================================================== Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.07.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 adminTINETO :: TINETO [administrator] Realtime bescherming: Ingeschakeld 5/07/2012 9:40:34 mbam-log-2012-07-05 (09-51-31).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 290448 Verstreken tijd: 8 minuut/minuten, 44 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\adminTINETO\Downloads\installer_hitman_pro.exe (PUP.BundleInstaller.BT) -> Geen actie ondernomen. (einde) ======================================= Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:02:55, on 5/07/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\adminTINETO\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9972 bytes ======================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:18:17, on 5/07/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Users\adminTINETO\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1076764191-3557422255-3985221122-1010\..\Run: [zlodvestdlchybs] C:\ProgramData\zlodvest.exe (User 'toon') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9788 bytes ============================================
- 5 juli 2012
- 14 antwoorden
Ukash: ook hier (maar enkel voor 1 user op win7)

Stef Pillaert plaatste een topic in Archief Bestrijding malware & virussen

Gegroet, ook ik heb het zitten: Ukash. Enkel als een van de kinderen zich aanmeldt (ze hebben elk hun account op Win7-64bit). Marwarebytes vindt niets (meer), en toch blijft het probleem. Ik merk dat iedereen een log post van hijackthis. Ik heb een aantal andere posts nagelezen op dit forum om te ontdekken of ik daaruit zelf kon leren hoe ik zo'n log moest interpreteren, maar... dat lukt me niet echt, sorry ;-). Daarom post ik hieronder de log. Deze is gemaakt vanop de admin-account (omdat ik me uiteraard niet kan aanmelden op de account die besmet is). (P.S. Kan het iets te maken hebben met de volgende 3 bestanden die staan onder C:\Programdata: zlodvest.exe; rcintfse; mikwgiupkqhxuqg ? Kan iemand me verder helpen? Of doorverwijzen naar instructies die uitleggen hoe ik die log moet interpreteren? Bedankt, Stef Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:32:48, on 5/07/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\adminTINETO\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10668 bytes
- 5 juli 2012
- 14 antwoorden

Inloggen

Stef Pillaert

Items

Registratiedatum

Laatst bezocht

Stef Pillaert's prestaties

Groentje (2/14)

Recente badges

Reputatie

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

Ukash: ook hier (maar enkel voor 1 user op win7)

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie