Ga naar inhoud

hoe secure.bidvertiser.com verwijderen


Aanbevolen berichten

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:

DDS - Bleeping Computer download.

DDS - Bleeping Computer download.

DDS - Infospyware.

dds_scr.gif

DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:

* DDS.txt

* Attach.txt

Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.

Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord.

Link naar reactie
Delen op andere sites

  • Reacties 102
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

logfile van DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Pela at 21:41:15 on 2012-03-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1084 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre1.6.0_22\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{8CDE464C-1B4B-45A8-8B6D-CC932ED71A72} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\2626F68723D293163613 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\75966496F53353 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pela\appdata\roaming\mozilla\firefox\profiles\9ndw5now.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109985&babsrc=HP_ss&mntrId=d02d2a220000000000001c659d2da719

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719

FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-9-5 16176]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-1 81920]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-9-5 60928]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-5 2320920]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-1 41648]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-5 29472]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-5 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-1 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-1 232960]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-1 277536]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-5 134144]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-15 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-1 171520]

S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-03 20:25:36 -------- d-s---w- C:\ComboFix

2012-03-03 09:28:42 -------- d-----w- c:\users\pela\appdata\local\{369F9106-3F17-4BD2-A021-B959D40E108B}

2012-03-03 09:28:31 -------- d-----w- c:\users\pela\appdata\local\{A82FA601-16C7-46AC-988A-D6B84BC5E7AA}

2012-03-02 15:49:59 -------- d-----w- c:\windows\system32\EventProviders

2012-03-02 09:34:24 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\mpengine.dll

2012-03-02 09:03:38 -------- d-----w- c:\users\pela\appdata\local\{27A2DED4-CDE9-4129-8993-18A1DBABC47C}

2012-03-02 09:03:26 -------- d-----w- c:\users\pela\appdata\local\{4C11D2EB-E91F-4B40-B376-178ECB697649}

2012-03-01 20:50:51 -------- d-----w- c:\users\pela\appdata\local\{2DF90DAE-9CEC-4286-AF54-D5F311B261A4}

2012-03-01 20:50:39 -------- d-----w- c:\users\pela\appdata\local\{63CCFC06-6D62-43F3-BDA0-863967525DD0}

2012-03-01 16:24:53 388096 ----a-r- c:\users\pela\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-02-29 16:42:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-25 14:00:14 -------- d-----w- c:\users\pela\appdata\local\{A92B3814-6E78-41F6-B8CA-04F61BCCDFF7}

2012-02-25 13:59:48 -------- d-----w- c:\users\pela\appdata\local\{FA24F8D0-1B47-4FDA-98DF-B5A6340CF410}

2012-02-25 13:25:01 -------- d-----w- c:\users\pela\appdata\local\{559A603A-3BCF-4D1D-AAAB-16B276863741}

2012-02-24 10:21:10 -------- d-----w- c:\users\pela\appdata\local\{6BADB7A2-7FCD-4691-91FC-F36ADFD9BA99}

2012-02-24 10:20:58 -------- d-----w- c:\users\pela\appdata\local\{8B42896C-78A4-4CE6-9D91-11A31B694307}

2012-02-23 18:50:53 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-02-23 18:48:12 -------- d-----w- C:\temp

2012-02-23 18:37:02 -------- d-----w- c:\users\pela\appdata\local\Trend Micro

2012-02-23 18:26:56 -------- d-----w- c:\program files\Trend Micro

2012-02-23 16:39:46 -------- d-----w- c:\users\pela\appdata\local\{EC5D121C-268C-41B2-950D-3BEAF0B41C49}

2012-02-23 16:39:32 -------- d-----w- c:\users\pela\appdata\local\{F41ABD6C-E13E-4AF5-9B79-EC864CFCBDF9}

2012-02-22 10:16:51 -------- d-----w- c:\users\pela\appdata\local\{6B129761-0611-47FE-9BF0-D253CDE61CA0}

2012-02-22 10:16:39 -------- d-----w- c:\users\pela\appdata\local\{B0CB2EE7-00BD-4418-B7A6-523B71BF5082}

2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\roaming\ACD Systems

2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\local\ACD Systems

2012-02-21 16:22:32 -------- d-----w- c:\program files\common files\ACD Systems

2012-02-21 16:21:27 -------- d-----w- c:\users\pela\appdata\local\Downloaded Installations

2012-02-21 16:10:34 -------- d-----w- c:\users\pela\appdata\roaming\TuneUp Software

2012-02-21 16:09:53 -------- d-----w- c:\programdata\TuneUp Software

2012-02-21 16:09:41 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-02-21 16:07:35 -------- d-----w- c:\users\pela\appdata\roaming\uTorrent

2012-02-21 15:37:30 -------- d-----w- c:\users\pela\appdata\local\{1A801A0E-9CF1-48DD-A8C5-B38780EF0256}

2012-02-20 11:47:05 -------- d-----w- c:\users\pela\appdata\local\{B9BF410A-9BA7-4989-B049-726821C3FEAC}

2012-02-20 11:46:49 -------- d-----w- c:\users\pela\appdata\local\{30D83EF7-E5A7-4E47-9BB7-E2CD8E167426}

2012-02-20 10:34:54 -------- d-----w- c:\users\pela\appdata\local\{63828642-BB5D-48D1-AB0D-D44BDCE7BE50}

2012-02-20 09:04:18 -------- d-----w- c:\users\pela\appdata\local\{25A10A09-DC63-40E5-9D7A-67C4BCB39BDE}

2012-02-20 06:41:55 -------- d-----w- c:\users\pela\appdata\local\{5934AFC9-383B-47C4-B610-7DDF1895BEC4}

2012-02-19 14:13:47 -------- d-----w- c:\users\pela\appdata\local\{F40F2FB2-5DCA-4805-9879-E708F2D1A3B7}

2012-02-18 18:08:32 -------- d-----w- c:\users\pela\appdata\local\{FFADBA2C-03D4-4449-BDB3-5690865E5BEE}

2012-02-17 21:01:46 0 ----a-w- c:\windows\system32\sho8778.tmp

2012-02-17 19:43:01 -------- d-----w- c:\users\pela\appdata\local\{9816B7CF-23F5-4769-975C-D0B77FC74ACC}

2012-02-17 17:32:37 -------- d-----w- c:\users\pela\appdata\local\{B29A78DF-8B4D-4807-BBB9-23215CD33202}

2012-02-17 12:12:46 -------- d-----w- c:\users\pela\appdata\local\{C4AF6A20-1ABD-447F-A6DA-77232208D185}

2012-02-16 23:43:00 -------- d-----w- c:\users\pela\appdata\local\{5D5B1915-F0C8-4B8A-BA47-F559AD6CB533}

2012-02-16 08:13:38 -------- d-----w- c:\users\pela\appdata\local\{01247F45-4D08-4F26-81FD-F735A16B4AD5}

2012-02-16 08:11:50 -------- d-----w- c:\users\pela\appdata\local\{EB7FE929-BCA5-4F35-98FE-DB2626C57E8E}

2012-02-15 23:42:47 -------- d-----w- c:\users\pela\appdata\local\{3DCD22EB-F99C-428D-8F31-8B1013BF02AA}

2012-02-15 09:25:23 -------- d-----w- c:\users\pela\appdata\local\{FE8164A0-2267-4CDC-B55F-A8C946253D21}

2012-02-15 09:23:08 -------- d-----w- c:\users\pela\appdata\local\{E075FC58-C059-4D81-87BA-888FEC527840}

2012-02-14 22:56:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-14 22:56:01 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-14 22:56:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll

2012-02-14 22:56:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-02-14 22:56:00 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-14 22:55:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2012-02-14 22:55:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-14 21:29:53 478208 ----a-w- c:\windows\system32\timedate.cpl

2012-02-14 21:29:45 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-14 21:29:42 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-14 21:29:39 2340864 ----a-w- c:\windows\system32\win32k.sys

2012-02-14 21:22:38 -------- d-----w- c:\users\pela\appdata\local\{72697C93-B8F9-4935-BE70-E19CAC06E5B0}

2012-02-14 21:21:49 -------- d-----w- c:\users\pela\appdata\local\{924232E5-065E-47FA-8884-22E9053698EE}

2012-02-13 21:41:52 -------- d-----w- c:\users\pela\appdata\local\{DE45E181-96FC-460C-986D-0313B748299C}

2012-02-13 19:59:35 0 ----a-w- c:\windows\system32\shoDEDA.tmp

2012-02-13 01:14:23 0 ----a-w- c:\windows\system32\shoAAC0.tmp

2012-02-13 00:21:40 -------- d-----w- c:\users\pela\appdata\local\{F3F15DCA-E645-45C7-9F6D-F06CCE3965A6}

2012-02-13 00:21:18 -------- d-----w- c:\users\pela\appdata\local\{DF504631-0E7A-45AD-928B-341995AACF9E}

2012-02-12 22:13:11 -------- d-----w- c:\users\pela\appdata\local\{60024CBB-7790-43B6-BC25-8B942547E862}

2012-02-12 00:24:57 0 ----a-w- c:\windows\system32\shoAA27.tmp

2012-02-11 21:56:17 -------- d-----w- c:\users\pela\appdata\local\Apps

2012-02-11 21:02:17 -------- d-----w- c:\users\pela\appdata\local\{74CDC542-2DE6-406C-A06F-1CBD2991BAA6}

2012-02-11 12:41:03 -------- d-----w- c:\users\pela\appdata\local\{07DDF2FF-F13B-45F9-8DB3-1A28F51C6913}

2012-02-10 20:47:18 0 ----a-w- c:\windows\system32\sho60F3.tmp

2012-02-10 20:35:00 -------- d-----w- c:\users\pela\appdata\local\{B7606FE2-D93C-4F1C-B781-D210E75BF15F}

2012-02-10 20:09:00 -------- d-----w- c:\users\pela\appdata\local\Babylon

2012-02-10 20:08:58 -------- d-----w- c:\users\pela\appdata\roaming\Babylon

2012-02-10 20:08:58 -------- d-----w- c:\programdata\Babylon

2012-02-10 20:03:52 -------- d-----w- c:\users\pela\appdata\roaming\Systweak

2012-02-10 20:03:50 17280 ----a-w- c:\windows\system32\roboot.exe

2012-02-10 19:45:51 -------- d-----w- c:\users\pela\appdata\local\{A664D344-1D55-4E8B-84FB-1C42D98FF2A5}

2012-02-09 20:56:20 -------- d-----w- c:\users\pela\appdata\local\{44B8F20C-74AD-4BAE-BADE-8F69892A3DC9}

2012-02-09 18:32:37 -------- d-----w- c:\users\pela\appdata\local\{7E6E93F9-1B24-4671-81EB-5116CF8B44F7}

2012-02-09 16:57:36 -------- d-----w- c:\users\pela\appdata\local\{78E8D0BB-3224-443B-9AD4-6757C1C9AD50}

2012-02-07 15:46:06 -------- d-----w- c:\users\pela\appdata\local\CrashDumps

2012-02-07 15:23:42 -------- d-----w- c:\users\pela\appdata\local\{10970020-C67C-4072-A376-302DFE1ABE53}

2012-02-07 15:23:31 -------- d-----w- c:\users\pela\appdata\local\{DF72EFCE-220E-4F1A-896D-07ED756B0FEE}

2012-02-07 15:22:16 -------- d-----w- c:\users\pela\appdata\local\{E9030A75-0292-48E2-8F36-48D847971E08}

2012-02-07 00:13:26 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll

2012-02-06 19:38:20 -------- d-----w- c:\users\pela\appdata\local\{D6CCFE55-E753-4BB5-A4FD-015FCBB51C87}

2012-02-06 19:38:09 -------- d-----w- c:\users\pela\appdata\local\{449C9149-D600-456F-B718-F0BAF9572D47}

2012-02-06 10:04:10 -------- d-----w- c:\users\pela\appdata\local\{3D9E2B14-4E8A-4EF6-ACCD-70E15F9ECE50}

2012-02-05 20:38:30 -------- d-----w- c:\users\pela\appdata\local\{422CB62B-4C61-4B2A-8823-A308BDE8E042}

2012-02-05 20:17:05 -------- d-----w- C:\Recovery - 20110919150711

2012-02-05 20:07:13 -------- d-----w- c:\users\pela\appdata\local\{CE17D68C-B780-4D5F-A423-CD2C257FD210}

2012-02-04 13:13:43 -------- d-----w- c:\users\pela\appdata\local\{B4EF8D2C-31CC-48F3-B429-9E02E0B5499C}

2012-02-04 13:13:32 -------- d-----w- c:\users\pela\appdata\local\{0E1B5114-469E-4C47-B797-FBCE11F0AB7C}

2012-02-04 08:47:22 -------- d-----w- c:\users\pela\appdata\local\{76A207D0-B59C-4A5C-82C4-AA6AF8BC5CA7}

2012-02-03 19:06:42 -------- d-----w- c:\users\pela\appdata\local\{1995B91C-FF30-4953-B690-7C7E834B6DD1}

2012-02-03 19:06:24 -------- d-----w- c:\users\pela\appdata\local\{62F78D6A-A0AE-4851-9749-B3BDB23C4475}

.

==================== Find3M ====================

.

2012-03-03 19:58:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87A44FA9]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x87a4cd34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }

1 ntkrnlpa!IofCallDriver[0x82C42458] -> \Device\Harddisk0\DR0[0x87A2DAC8]

3 CLASSPNP[0x88DA859E] -> ntkrnlpa!IofCallDriver[0x82C42458] -> [0x87A2C350]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat.

sectors 488397151 (+0): user != kernel

.

============= FINISH: 21:47:19,91 ===============

logfile van Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 30/09/2010 12:26:37

System Uptime: 3/03/2012 21:20:25 (0 hours ago)

.

Motherboard: Dell Inc. | | 0G2R51

Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2261/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 164,512 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP192: 21/02/2012 16:42:14 - Windows Update

RP193: 21/02/2012 17:09:59 - TuneUp Utilities 2012 is geïnstalleerd

RP194: 21/02/2012 17:22:13 - Installed ACDSee Pro 3.

RP195: 22/02/2012 11:20:13 - Windows Update

RP196: 23/02/2012 19:56:06 - Removed Java 6 Update 29

RP197: 23/02/2012 21:01:25 - TuneUp Utilities 2012 is verwijderd

RP198: 23/02/2012 21:02:24 - TuneUp Utilities Language Pack (nl-NL) is verwijderd

RP199: 23/02/2012 21:03:45 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

RP200: 23/02/2012 21:04:26 - Microsoft Visual C++ 2005 Redistributable is verwijderd

RP201: 23/02/2012 21:04:58 - Removed Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

RP202: 23/02/2012 21:05:24 - Removed Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

RP203: 23/02/2012 21:05:53 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

RP204: 23/02/2012 22:59:36 - Removed ACDSee Pro 3.

RP205: 24/02/2012 0:39:17 - Windows Update

RP206: 24/02/2012 14:52:18 - Windows Update

RP207: 24/02/2012 18:58:04 - Removed Adobe Reader 9.5.0 - Nederlands.

RP208: 27/02/2012 18:27:44 - Installed Adobe Reader X (10.1.0) - Nederlands.

RP209: 28/02/2012 10:18:48 - Windows Update

RP210: 1/03/2012 17:24:25 - Installed HiJackThis

RP211: 2/03/2012 10:33:57 - Windows Update

RP212: 2/03/2012 23:40:12 - Removed Adobe Reader X (10.1.2) - Nederlands.

.

==== Installed Programs ======================

.

Accelerometer

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2) - Nederlands

Advanced Audio FX Engine

Canon MP Navigator EX 3.0

Canon MP550 series MP Drivers

Cisco LEAP Module

Cisco PEAP Module

CyberLink PowerDVD 9.5

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Dell Touchpad

Dell Webcam Central

Download Updater (AOL LLC)

DW WLAN Card Utility

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

HiJackThis

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware versie 1.60.1.1000

Martindale (Single-user Version)

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Klik-en-Klaar 2010

Microsoft Office Starter 2010 - Nederlands

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 7.0.1 (x86 nl)

MSVCRT

OpenOffice.org 3.3

QuickSet32

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Link naar reactie
Delen op andere sites

Verwijder manueel volgende bestanden en mappen

c:\windows\system32\sho8778.tmp

c:\windows\system32\shoDEDA.tmp

c:\windows\system32\shoAAC0.tmp

c:\windows\system32\shoAA27.tmp

c:\windows\system32\sho60F3.tmp

c:\users\pela\appdata\local\Babylon

c:\users\pela\appdata\roaming\Babylon

c:\programdata\Babylon

Alle mappen van dit type

c:\users\pela\appdata\local\{369F9106-3F17-4BD2-A021-B959D40E108B}

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

in

c:\users\pela\appdata\local

c:\programdata

Heb je in Firefox een addon van Babylon Toolbar, verwijder die dan volledig.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 7u3.

  • Scroll omlaag naar : "Java Platform Standard Edition".


  • Klik op de "Download JRE" knop aan de rechterkant.

  • Vink aan: "Accept License Agreement" onder “Java SE Runtime Environment 7u3”.

  • Klik op de jre-7u3-windows-i586.exe link ONDER Download en bewaar het naar je Bureaublad.
  • Sluit alle programma's die eventueel open zijn - Zeker je webbrowser!
  • Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-7u3-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Link naar reactie
Delen op andere sites

- Bedoelt u met "Alle mappen van dit type" alle mappen met accolades met cijfers in of enkel de specifieke cijfers.

- Na het installeren van java kreeg ik volgende foutmelding: Error melding Wrapper. CreateFile failed with errors: Toegang geweigerd. Is Java nu OK, of dient dit nogmaals geïnstalleerd te worden?

Link naar reactie
Delen op andere sites

Bedoelt u met "Alle mappen van dit type" alle mappen met accolades met cijfers in of enkel de specifieke cijfers.
Inderdaad, alle gelijkaardige mappen met cijfers in, ongeacht welke cijfers zich daarin bevinden.
Na het installeren van java kreeg ik volgende foutmelding: Error melding Wrapper. CreateFile failed with errors: Toegang geweigerd. Is Java nu OK, of dient dit nogmaals geïnstalleerd te worden?
Kan je controleren bij Software. Daar kan je de huidige versie van Java vinden : moet de 7 update 3 zijn ! Mocht het je daar niet duidelijk zijn, dan mag je het volgende uitvoeren :

Download Security Check en sla dit op je bureaublad op.

Start Security Check

Volg de instructies op het scherm.

Aan het eind verschijnt een log (checkup.txt). Plaats de inhoud ervan in je volgende antwoord. Sluit kladblok.

Link naar reactie
Delen op andere sites

log van checkup.txt

Results of screen317's Security Check version 0.99.31

Windows 7 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 7 Update 3

Adobe Reader X (10.1.2)

Mozilla Firefox (7.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link naar reactie
Delen op andere sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0

Run by Pela at 13:25:29 on 2012-03-04

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.976 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB: {87775FDB-6972-41F9-AE51-8326E38CB206} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe

mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\users\pela\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{8CDE464C-1B4B-45A8-8B6D-CC932ED71A72} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C} : DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\2626F68723D293163613 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B71C7A36-ADC6-4C23-A10B-61F1FEB2305C}\75966496F53353 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pela\appdata\roaming\mozilla\firefox\profiles\9ndw5now.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://google.be

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre1.6.0_22\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - d02d2a220000000000001c659d2da719

FF - user.js: extensions.BabylonToolbar_i.hardId - d02d2a220000000000001c659d2da719

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:09:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109985

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-9-5 16176]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-1 81920]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-9-5 60928]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-9-5 2320920]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-1 41648]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-5 29472]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-5 143968]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-1 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-1 232960]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-1 277536]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-29 652360]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-5 134144]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-15 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-6 136176]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-1 171520]

S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-04 10:01:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\offreg.dll

2012-03-03 22:36:34 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-03 20:25:36 -------- d-s---w- C:\ComboFix

2012-03-02 15:49:59 -------- d-----w- c:\windows\system32\EventProviders

2012-03-02 09:34:24 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f846235-1e18-4ad9-9606-27428de2e78f}\mpengine.dll

2012-03-01 16:24:53 388096 ----a-r- c:\users\pela\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-02-29 16:42:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-23 18:48:12 -------- d-----w- C:\temp

2012-02-23 18:37:02 -------- d-----w- c:\users\pela\appdata\local\Trend Micro

2012-02-23 18:26:56 -------- d-----w- c:\program files\Trend Micro

2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\roaming\ACD Systems

2012-02-21 16:24:29 -------- d-----w- c:\users\pela\appdata\local\ACD Systems

2012-02-21 16:22:32 -------- d-----w- c:\program files\common files\ACD Systems

2012-02-21 16:21:27 -------- d-----w- c:\users\pela\appdata\local\Downloaded Installations

2012-02-21 16:10:34 -------- d-----w- c:\users\pela\appdata\roaming\TuneUp Software

2012-02-21 16:09:53 -------- d-----w- c:\programdata\TuneUp Software

2012-02-21 16:09:41 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-02-21 16:07:35 -------- d-----w- c:\users\pela\appdata\roaming\uTorrent

2012-02-14 22:56:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-14 22:56:01 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-14 22:56:01 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll

2012-02-14 22:56:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2012-02-14 22:56:00 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-14 22:55:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2012-02-14 22:55:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-14 21:29:53 478208 ----a-w- c:\windows\system32\timedate.cpl

2012-02-14 21:29:45 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-14 21:29:42 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-14 21:29:39 2340864 ----a-w- c:\windows\system32\win32k.sys

2012-02-11 21:56:17 -------- d-----w- c:\users\pela\appdata\local\Apps

2012-02-10 20:03:52 -------- d-----w- c:\users\pela\appdata\roaming\Systweak

2012-02-10 20:03:50 17280 ----a-w- c:\windows\system32\roboot.exe

2012-02-07 15:46:06 -------- d-----w- c:\users\pela\appdata\local\CrashDumps

2012-02-07 00:13:26 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll

2012-02-05 20:17:05 -------- d-----w- C:\Recovery - 20110919150711

.

==================== Find3M ====================

.

2012-03-03 22:36:15 567696 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 19:58:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87A44FA9]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; XOR EDX, EDX; CMP [0x87a4cd34], EDX; PUSH EDI; MOV EDI, [EBX+0x60]; JZ 0x187; MOV EAX, [EBP+0x8]; }

1 ntkrnlpa!IofCallDriver[0x82C48458] -> \Device\Harddisk0\DR0[0x87A297F0]

3 CLASSPNP[0x88BAA59E] -> ntkrnlpa!IofCallDriver[0x82C48458] -> [0x87A29020]

\Driver\stdflt[0x879E93D0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x87A44FA9

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat.

sectors 488397151 (+0): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 13:32:04,15 ===============

Link naar reactie
Delen op andere sites

Heb je in Firefox een addon van Babylon Toolbar, verwijder die dan volledig.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.