Ga naar inhoud

Probleem: conhost.exe

Yasmien
 Delen

Aanbevolen berichten

Yasmien Nieuweling

Yasmien

Geplaatst:
Geplaatst:

Hallo,

sinds enkele dagen geeft AVG om de 3/5 minuten een melding dat er een bedreiging (bestandsnaam: conhost.exe / bedreiging naam: trojan horse Agent_r.AOB) is gedetecteerd. Als ik dit object dan probeer te verwijderen, geeft AVG vervolgens de melding dat het object niet toegankelijk is of niet bestaat. Een scan met Malwarebytes vond niets. Hieronder een log van Hijackthis en alvast bedankt voor jullie hulp!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:53:11, on 29-8-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jasmine\Application Data\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\dycxaf\setup.exe (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 9604 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop AMService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete AMService

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites
Yasmien Nieuweling

Yasmien

Geplaatst:
  • Auteur
Geplaatst:

ComboFix logje

ComboFix 11-08-29.03 - Jasmine 30-08-2011 7:56.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.377 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Jasmine\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Menu Start\Programma's\AdwareAway Antimalware

c:\documents and settings\All Users\Menu Start\Programma's\AdwareAway Antimalware\AdwareAway Antimalware.lnk

c:\documents and settings\All Users\Menu Start\Programma's\AdwareAway Antimalware\Uninstall.lnk

c:\documents and settings\Jasmine\Application Data\PriceGong

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Jasmine\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Jasmine\Bureaublad\Internet Explorer.lnk

c:\documents and settings\Jasmine\Mijn documenten\~WRL0004.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL0707.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL0735.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL0740.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL0797.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL0882.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1257.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1320.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1506.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1585.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1592.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1705.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL1758.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL2162.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL2434.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL2575.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3238.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3290.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3406.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3649.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3687.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL3817.tmp

c:\documents and settings\Jasmine\Mijn documenten\~WRL4099.tmp

c:\program files\AA Antimalware

c:\program files\AA Antimalware\AA Antimalware.exe

c:\program files\AA Antimalware\aa_global.dll

c:\program files\AA Antimalware\aaupdate.exe

c:\program files\AA Antimalware\debug.log

c:\program files\AA Antimalware\en-US\Res.dll

c:\program files\AA Antimalware\LastScanResult.log

c:\program files\AA Antimalware\Microsoft.VC90.CRT.manifest

c:\program files\AA Antimalware\msvcr90.dll

c:\program files\AA Antimalware\unins000.dat

c:\program files\AA Antimalware\unins000.exe

c:\program files\Search Settings

c:\program files\Search Settings\kb128\SearchSettingsRes409.dll

c:\program files\Search Settings\SearchSettings.exe

c:\windows\system32\Drivers\DiagnosticScan.SYS

c:\windows\system32\Drivers\Start1Driver.SYS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_DIAGNOSTICSCAN

-------\Legacy_SSHNAS

-------\Legacy_START1DRIVER

-------\Service_DiagnosticScan

-------\Service_Start1Driver

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 ))))))))))))))))))))))))))))))

.

.

2011-08-29 06:28 . 2011-08-29 06:28 388096 ----a-r- c:\documents and settings\Jasmine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-29 06:28 . 2011-08-29 06:28 -------- d-----w- c:\program files\Trend Micro

2011-08-28 19:53 . 2011-08-29 17:42 -------- d--h--r- c:\documents and settings\Jasmine\Onlangs geopend

2011-08-28 19:09 . 2011-08-28 19:09 -------- d-----w- c:\program files\CCleaner

2011-08-28 12:19 . 2011-08-28 12:19 -------- d-----w- c:\windows\system32\wbem\Repository

2011-08-13 13:11 . 2011-08-13 13:16 -------- d-----w- c:\documents and settings\Jasmine\Application Data\DVDVideoSoft

2011-08-11 08:26 . 2011-08-15 07:43 -------- d-----w- c:\program files\RealArcade

2011-08-10 18:27 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-10 18:25 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-21 18:18 . 2011-07-21 18:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-15 13:29 . 2003-04-08 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2003-04-08 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2009-10-01 11:19 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2003-04-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2003-04-08 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-06 11:35 . 2003-04-08 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2003-04-24 13:25 . 2003-04-24 13:25 586240 ----a-w- c:\program files\OWC11.MSI

2003-04-24 13:17 . 2003-04-24 13:17 4085248 ----a-w- c:\program files\PRO11.MSI

2003-04-19 10:10 . 2003-04-19 10:10 417336 ----a-w- c:\program files\SETUP.EXE

2007-06-21 17:38 . 2007-06-21 17:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 17:38 . 2007-06-21 17:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 17:38 . 2007-06-21 17:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 17:38 . 2007-06-21 17:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 17:39 . 2007-06-21 17:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 17:39 . 2007-06-21 17:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 17:39 . 2007-06-21 17:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 17:39 . 2007-06-21 17:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 17:40 . 2007-06-21 17:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2011-08-17 23:07 . 2011-03-23 21:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Jasmine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Jasmine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Jasmine\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2006-11-01 1392640]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"igfxtray"="c:\windows\System32\igfxtray.exe" [2006-06-06 94208]

"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2006-06-06 77824]

"igfxpers"="c:\windows\System32\igfxpers.exe" [2006-06-06 118784]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-03 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Jasmine\Menu Start\Programma's\Opstarten\

Dropbox.lnk - c:\documents and settings\Jasmine\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-2 113664]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, myvghqos.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Free Download Manager\\fdm.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Jasmine\\Bureaublad\\KompoZer 0.7.10\\kompozer.exe"=

"c:\\Documents and Settings\\Jasmine\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19-1-2011 4:32 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10-2-2011 7:54 297168]

R1 ethxpysl;ethxpysl;c:\windows\system32\drivers\ETHXPYSL.SYS [21-3-2011 22:29 74832]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-4-2011 17:39 7398752]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 5:33 269520]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18-12-2009 0:32 497856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30-3-2011 17:17 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 27216]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5-2-2011 18:31 136176]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5-2-2011 18:31 136176]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:31]

.

2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 16:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.standaard.be/

uInternet Settings,ProxyOverride = *.local

IE: Download alles met Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download met Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Download selectie met Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video met Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Jasmine\Application Data\Mozilla\Firefox\Profiles\b0kaa9md.default\

FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/result.htm?SearchMashine=true&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.standaard.be/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-08-30 08:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600 Disk: Hitachi_HTS541080G9AT00 rev.MB4OA61A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86343439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863497d0]; MOV EAX, [0x8634984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x863CAAB8]

3 CLASSPNP[0xF75C7FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8637BB60]

\Driver\atapi[0x86371548] -> IRP_MJ_CREATE -> 0x86343439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHitachi_HTS541080G9AT00_________________MB4OA61A#5&2c7c2be&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x8634327F

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2140)

c:\documents and settings\Jasmine\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\AVG\AVG10\avgcsrvx.exe

c:\program files\AVG\AVG10\avgmfapx.exe

.

**************************************************************************

.

Voltooingstijd: 2011-08-30 08:36:19 - machine werd herstart

ComboFix-quarantined-files.txt 2011-08-30 06:36

.

Pre-Run: 12.063.916.032 bytes beschikbaar

Post-Run: 12.860.088.320 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - F5E575F846EE1E3640663ED6436194BE

HijackThis logje

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:46:36, on 30-8-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Jasmine\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = De Standaard Online

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jasmine\Application Data\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download alles met Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download met Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download selectie met Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video met Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Jasmine\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 8753 bytes

Alvast bedankt :)

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Vreesde ik al, ja ... andere poging dan :

Open een kladblokbestand.

Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF

IF EXIST log.txt DEL log.txt

ECHO Deleting files>>log.txt

FOR %%g in (

C:\WINDOWS\TEMP\conhost.exe) DO (

DEL /Q %%gHJTNL

IF EXIST %%g (

ATTRIB -r -s -h %%g

DEL %%g

REN %%g *HJTNL

IF EXIST %%gHJTNL (

ECHO renamed to %%gHJTNL>>log.txt)

IF EXIST %%g (

ECHO %%g not deleted>>log.txt

) ELSE (

ECHO %%g deleted>>log.txt)

) ELSE (

ECHO %%g not found>>log.txt))

START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: Bureaublad

Bij "Bestandsnaam" zet je: del.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Link naar reactie
Delen op andere sites
Yasmien Nieuweling

Yasmien

Geplaatst:
  • Auteur
Geplaatst:

log del.bat

Deleting files

C:\WINDOWS\TEMP\conhost.exe not found

en log TDSSKiller

2011/08/30 14:49:55.0593 3592 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/30 14:49:56.0140 3592 ================================================================================

2011/08/30 14:49:56.0140 3592 SystemInfo:

2011/08/30 14:49:56.0140 3592

2011/08/30 14:49:56.0140 3592 OS Version: 5.1.2600 ServicePack: 3.0

2011/08/30 14:49:56.0140 3592 Product type: Workstation

2011/08/30 14:49:56.0140 3592 ComputerName: INSPIRON1300

2011/08/30 14:49:56.0140 3592 UserName: Jasmine

2011/08/30 14:49:56.0140 3592 Windows directory: C:\WINDOWS

2011/08/30 14:49:56.0140 3592 System windows directory: C:\WINDOWS

2011/08/30 14:49:56.0140 3592 Processor architecture: Intel x86

2011/08/30 14:49:56.0140 3592 Number of processors: 1

2011/08/30 14:49:56.0140 3592 Page size: 0x1000

2011/08/30 14:49:56.0140 3592 Boot type: Normal boot

2011/08/30 14:49:56.0140 3592 ================================================================================

2011/08/30 14:50:01.0078 3592 Initialize success

2011/08/30 14:50:11.0828 0728 ================================================================================

2011/08/30 14:50:11.0828 0728 Scan started

2011/08/30 14:50:11.0828 0728 Mode: Manual;

2011/08/30 14:50:11.0828 0728 ================================================================================

2011/08/30 14:50:14.0375 0728 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/30 14:50:14.0734 0728 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/30 14:50:15.0406 0728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/08/30 14:50:15.0890 0728 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/08/30 14:50:16.0703 0728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/30 14:50:17.0234 0728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/30 14:50:17.0750 0728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/30 14:50:18.0296 0728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/30 14:50:18.0515 0728 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/08/30 14:50:18.0875 0728 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/08/30 14:50:19.0359 0728 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/08/30 14:50:19.0968 0728 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/08/30 14:50:20.0562 0728 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/08/30 14:50:21.0125 0728 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/08/30 14:50:21.0656 0728 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/08/30 14:50:22.0234 0728 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/08/30 14:50:22.0796 0728 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/08/30 14:50:23.0921 0728 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/08/30 14:50:24.0468 0728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/30 14:50:25.0015 0728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/30 14:50:25.0578 0728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/30 14:50:26.0078 0728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/30 14:50:26.0609 0728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/30 14:50:27.0265 0728 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/30 14:50:28.0562 0728 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/30 14:50:29.0187 0728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/30 14:50:29.0734 0728 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/30 14:50:30.0312 0728 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/30 14:50:30.0859 0728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/30 14:50:31.0343 0728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/30 14:50:32.0156 0728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/30 14:50:32.0437 0728 ethxpysl (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\drivers\ethxpysl.sys

2011/08/30 14:50:33.0015 0728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/30 14:50:33.0531 0728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/08/30 14:50:34.0046 0728 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/30 14:50:35.0984 0728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/30 14:50:36.0671 0728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/30 14:50:37.0312 0728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/30 14:50:37.0859 0728 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/30 14:50:38.0343 0728 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/08/30 14:50:38.0921 0728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/30 14:50:39.0406 0728 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/30 14:50:39.0937 0728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/08/30 14:50:40.0484 0728 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/08/30 14:50:42.0093 0728 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/08/30 14:50:42.0734 0728 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/30 14:50:43.0390 0728 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/30 14:50:44.0015 0728 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/08/30 14:50:44.0593 0728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/30 14:50:45.0171 0728 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/30 14:50:45.0671 0728 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/30 14:50:46.0171 0728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/30 14:50:46.0687 0728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/30 14:50:47.0312 0728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/30 14:50:47.0828 0728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/30 14:50:48.0328 0728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/30 14:50:49.0296 0728 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/30 14:50:50.0593 0728 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/30 14:50:51.0234 0728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/30 14:50:52.0343 0728 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/30 14:50:53.0078 0728 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/08/30 14:50:53.0421 0728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/30 14:50:54.0015 0728 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/30 14:50:54.0484 0728 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/30 14:50:55.0031 0728 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/08/30 14:50:55.0531 0728 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/30 14:50:56.0046 0728 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/30 14:50:56.0531 0728 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/30 14:50:57.0609 0728 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/30 14:50:58.0109 0728 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/30 14:50:58.0593 0728 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/30 14:50:59.0093 0728 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/30 14:50:59.0593 0728 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/30 14:51:00.0250 0728 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/30 14:51:00.0812 0728 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/30 14:51:01.0281 0728 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/30 14:51:01.0843 0728 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/30 14:51:02.0437 0728 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/30 14:51:03.0015 0728 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/30 14:51:03.0562 0728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/30 14:51:04.0156 0728 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/30 14:51:04.0750 0728 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/30 14:51:05.0312 0728 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/30 14:51:05.0875 0728 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys

2011/08/30 14:51:06.0343 0728 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/30 14:51:06.0406 0728 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/30 14:51:06.0921 0728 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/30 14:51:07.0953 0728 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/30 14:51:08.0406 0728 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/30 14:51:09.0687 0728 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/30 14:51:10.0078 0728 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/08/30 14:51:10.0593 0728 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/30 14:51:11.0093 0728 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/30 14:51:19.0093 0728 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/30 14:51:19.0765 0728 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/30 14:51:20.0406 0728 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/30 14:51:21.0015 0728 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/30 14:51:21.0531 0728 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/30 14:51:22.0109 0728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/30 14:51:22.0750 0728 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/30 14:51:23.0328 0728 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/30 14:51:24.0046 0728 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/30 14:51:24.0593 0728 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys

2011/08/30 14:51:25.0140 0728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/30 14:51:26.0375 0728 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/30 14:51:26.0765 0728 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/30 14:51:27.0328 0728 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/30 14:51:28.0015 0728 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2011/08/30 14:51:28.0578 0728 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/30 14:51:29.0125 0728 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/30 14:51:30.0796 0728 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/30 14:51:31.0312 0728 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/30 14:51:31.0906 0728 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/30 14:51:32.0421 0728 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/30 14:51:33.0062 0728 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/30 14:51:34.0015 0728 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/30 14:51:34.0640 0728 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/30 14:51:35.0156 0728 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/30 14:51:35.0640 0728 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/30 14:51:36.0156 0728 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/30 14:51:36.0703 0728 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/30 14:51:37.0203 0728 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/30 14:51:37.0796 0728 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/08/30 14:51:38.0328 0728 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/30 14:51:38.0859 0728 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys

2011/08/30 14:51:39.0359 0728 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/30 14:51:40.0125 0728 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/30 14:51:40.0437 0728 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/08/30 14:51:41.0031 0728 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/08/30 14:51:41.0609 0728 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/30 14:51:42.0125 0728 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/30 14:51:42.0234 0728 MBR (0x1B8) (1697c108e3da1941fd3795c70782c3ac) \Device\Harddisk0\DR0

2011/08/30 14:51:42.0250 0728 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/08/30 14:51:42.0265 0728 Boot (0x1200) (440a079350d33b4abc1a0c34838fcce7) \Device\Harddisk0\DR0\Partition0

2011/08/30 14:51:42.0265 0728 ================================================================================

2011/08/30 14:51:42.0265 0728 Scan finished

2011/08/30 14:51:42.0265 0728 ================================================================================

2011/08/30 14:51:42.0296 1108 Detected object count: 1

2011/08/30 14:51:42.0296 1108 Actual detected object count: 1

2011/08/30 14:51:57.0546 1108 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/08/30 14:51:57.0546 1108 \Device\Harddisk0\DR0 - ok

2011/08/30 14:51:57.0546 1108 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/08/30 14:52:16.0765 3952 Deinitialize success

Voorlopig blijft AVG nu zwijgen, maar dat kan nog komen ook...

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:
Voorlopig blijft AVG nu zwijgen, maar dat kan nog komen ook...
Dat zou me sterk verbazen ... Als je na je laatste bewerkingen je PC opnieuw opgestart hebt, zou dit wel eens de definitieve oplossing kunnen zijn. We wachten nog even af. Maar wil je zeker nog even laten weten of AVG nu permanent zwijgt ... zodat we aan de opruiming van de gebruikte tools, e.d. kunnen beginnen ?
Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder TDSS-killer, del.bat en HijackThis.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Als dit allemaal probleemloos is verlopen, mag je hieronder op "opgelost" tokkelen ;-)

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.