politievirus..

kape · 29 juni 2012

Heb je - nà het draaien van Combofix - direct al die problemen gehad ? Met of zonder opstarten van de PC ? Indien niet opgestart, moet je nu Combofix eens opnieuw laten scannen - doe het in "veilige modus" - en onmiddellijk erna de PC afsluiten en opnieuw opstarten. En dan de toestand eens bekijken.

carretje · 29 juni 2012

Ik heb het programma gewoon laten draaien, hij startte ook opnieuw op. En toen had ik het. Nogmaals het komt me niet onbekend voor, dit heb ik dus al eerder gehad nadat mijn computer besmet was door dit virus. Ik ga doen wat je zegt.

carretje · 29 juni 2012

Ik denk dat het gelukt is... computer opnieuw opgestart, alles deed het nog.

Hier me logje (ik hoop dat ik het goed gedaan heb).

ComboFix 12-06-28.03 - Carla 29-06-2012 21:41:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3919.2584 [GMT 2:00]

Gestart vanuit: c:\users\Carla\Downloads\ComboFix.exe

AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Ziggo internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\UNWISE.EXE

C:\start.bat

c:\users\Carla\AppData\Local\Temp\{A6242102-6BCE-4620-B15C-83914ED34620}\fpb.tmp

c:\windows\fspscprereqmsiinst.log

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-29 ))))))))))))))))))))))))))))))

.

2012-06-29 19:44 . 2012-06-29 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\users\Carla\AppData\Roaming\Malwarebytes

2012-06-29 16:43 . 2012-06-29 16:43 -------- d-----w- c:\programdata\Malwarebytes

2012-06-29 16:43 . 2012-06-29 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-29 11:20 . 2012-06-29 11:20 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-26 06:33 . 2012-06-29 19:20 -------- d-----w- c:\users\Gast

2012-06-25 18:12 . 2012-06-25 18:12 -------- d-----w- c:\users\Carla\AppData\Roaming\Epson

2012-06-25 17:59 . 2012-06-25 17:59 -------- d-----w- c:\program files\Common Files\EPSON

2012-06-25 17:52 . 2012-06-25 17:52 -------- d-----w- c:\users\Carla\AppData\Local\ABBYY

2012-06-25 17:50 . 2012-06-25 17:52 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint

2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\programdata\ABBYY

2012-06-25 17:50 . 2012-06-25 17:50 -------- d-----w- c:\program files (x86)\Common Files\ABBYY

2012-06-25 17:48 . 2012-06-25 17:48 -------- d-----w- c:\programdata\UDL

2012-06-25 17:47 . 2012-06-25 17:47 -------- d-----w- c:\program files\Epson Software

2012-06-25 17:45 . 2012-06-25 17:47 -------- d-----w- c:\program files (x86)\Epson Software

2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\ensppui.dll

2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enspres.dll

2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files\EpsonNet

2012-06-25 17:44 . 2011-08-30 11:40 535040 ----a-w- c:\windows\system32\enppui.dll

2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\ensppmon.dll

2012-06-25 17:44 . 2011-08-30 11:38 558080 ----a-w- c:\windows\system32\enppmon.dll

2012-06-25 17:44 . 2011-08-01 16:24 250880 ----a-w- c:\windows\system32\enpres.dll

2012-06-25 17:44 . 2012-06-25 17:44 -------- d-----w- c:\program files (x86)\Common Files\EPSON

2012-06-25 17:44 . 2007-04-10 01:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL

2012-06-25 17:43 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMHLE.DLL

2012-06-25 17:43 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBHLE.DLL

2012-06-25 17:43 . 2012-06-25 18:00 -------- d-----w- c:\programdata\EPSON

2012-06-25 17:43 . 2012-06-25 17:45 -------- d-----w- c:\program files (x86)\epson

2012-06-25 17:43 . 2011-08-09 22:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll

2012-06-25 17:43 . 2009-10-15 22:00 13824 ----a-w- c:\windows\system32\esxcdev.dll

2012-06-25 17:43 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-06-25 14:24 . 2010-12-01 07:31 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe

2012-06-25 07:58 . 2012-06-25 07:58 -------- d-----w- c:\users\Carla\AppData\Local\Adobe

2012-06-24 17:38 . 2012-06-24 17:38 -------- d-----w- c:\programdata\Intel

2012-06-24 17:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-24 17:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-24 15:44 . 2012-06-24 15:44 55960 ----a-w- c:\windows\system32\drivers\fsbts.sys

2012-06-24 15:38 . 2012-06-24 15:54 45624 ----a-w- c:\windows\system32\drivers\fses.sys

2012-06-24 15:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 15:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 15:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 15:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 15:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 15:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 15:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 15:31 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 15:31 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 08:21 . 2012-06-24 08:21 -------- d-----w- c:\users\Carla\AppData\Local\Diagnostics

2012-06-24 08:20 . 2012-06-29 19:20 -------- d-----w- c:\users\Carla\AppData\Local\VirtualStore

2012-06-22 15:55 . 2012-06-24 15:54 94280 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-06-22 15:55 . 2012-06-24 15:55 -------- d-----w- c:\program files (x86)\Internetbeveiliging

2012-06-22 15:54 . 2012-06-24 15:37 -------- d-----w- c:\programdata\fssg

2012-06-22 15:31 . 2012-06-24 15:34 -------- d-----w- c:\programdata\f-secure

2012-06-22 12:03 . 2012-06-22 14:16 -------- d-----w- c:\programdata\thvfqcmurxyklqp

2012-06-20 14:36 . 2012-06-20 14:36 -------- d-----w- c:\programdata\CanonBJ

2012-06-16 10:22 . 2012-06-16 10:22 -------- d-----w- C:\Games

2012-06-14 07:50 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 07:50 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart File Advisor

2012-06-11 15:23 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Smart Projects

2012-06-11 08:59 . 2012-06-24 15:27 -------- d-----w- c:\program files (x86)\Microsoft Works

2012-06-09 10:25 . 2012-06-24 15:25 -------- d-----w- c:\users\Carla\AppData\Roaming\SMIGames

2012-06-05 09:18 . 2012-06-05 09:18 -------- d-----w- c:\users\Carla\AppData\Roaming\Chayowo Games

2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\users\Carla\AppData\Roaming\SulusGames

2012-06-05 07:23 . 2012-06-05 07:23 -------- d-----w- c:\programdata\SulusGames

2012-06-04 10:06 . 2012-06-04 10:06 -------- d-----w- c:\programdata\Particles

2012-06-04 10:05 . 2012-06-04 10:05 -------- d-----w- c:\programdata\Far Mills

2012-06-04 08:16 . 2012-06-04 08:16 -------- d-----w- c:\users\Carla\AppData\Roaming\DailyMagic

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 12:26 . 2012-03-31 10:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 12:26 . 2011-06-07 18:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 12:26 . 2012-04-14 08:26 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2010-12-01 19:27 . 2011-01-02 20:28 2735200 ----a-w- c:\program files (x86)\tbZyng.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200]

"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192]

"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

.

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}]

2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\PHPNukeDU\tbPHP0.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

2010-12-01 19:27 2735200 ----a-w- c:\program files (x86)\Zynga\tbZyn0.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\tbZyn0.dll" [2010-12-01 2735200]

"{46735dee-f862-49d1-876d-6382794dc625}"= "c:\program files (x86)\PHPNukeDU\tbPHP0.dll" [2010-10-18 3908192]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin.dll" [2010-10-18 3908192]

"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]

.

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

.

[HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-30 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" [bU]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]

"F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]

"F-Secure TNB"="c:\program files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTL8192cu;ICIDU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-30 1255736]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-06-24 55960]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 57920]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-24 45624]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-24 94280]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2012-06-24 199848]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2012-06-24 61088]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:26]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 00:59]

.

2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000Core.job

- c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40]

.

2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4249457388-3559699745-3184078399-1000UA.job

- c:\users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25 09:40]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]

"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{a44990b3-9dda-4653-bd75-bc3cee5c2934} - (no file)

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

WebBrowser-{A44990B3-9DDA-4653-BD75-BC3CEE5C2934} - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe

c:\program files (x86)\Internetbeveiliging\Common\FSMA32.EXE

c:\program files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Internetbeveiliging\Common\FSHDLL32.EXE

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe

c:\program files (x86)\Internetbeveiliging\Anti-Virus\fsav32.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-29 21:49:41 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-29 19:49

ComboFix2.txt 2012-06-29 19:11

.

Pre-Run: 77.042.253.824 bytes beschikbaar

Post-Run: 77.286.490.112 bytes beschikbaar

.

- - End Of File - - EBCFD8097F349912B273A666B95D5470

---------- Post toegevoegd om 22:17 ---------- Vorige post was om 22:04 ----------

Mag ik jouw overigens nog even zeer bedanken voor al je hulp tot nu toe, helemaal geweldig.

Het enige wat ik nu kreeg is een security melding bij al mijn favouriten pagina's van internet.

Het ding doet echt raar.

kape · 30 juni 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\programdata\thvfqcmurxyklqp

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[-HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_CLASSES_ROOT\clsid\{46735dee-f862-49d1-876d-6382794dc625}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

DDS::

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

carretje · 30 juni 2012

Gedaan en hier het nieuwe logje

ComboFix 12-06-28.03 - Carla 30-06-2012 21:56:48.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3919.2867 [GMT 2:00]

Gestart vanuit: c:\users\Carla\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Carla\Desktop\CFScript - Snelkoppeling.lnk

AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Ziggo internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-28 to 2012-06-30 ))))))))))))))))))))))))))))))

.

2012-06-30 20:00 . 2012-06-30 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-30 06:17 . 2012-06-30 06:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\offreg.dll

2012-06-29 19:54 . 2012-06-29 19:54 -------- d-----w- c:\users\Carla\AppData\Local\ElevatedDiagnostics

2012-06-29 19:25 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8628346B-1ACF-4896-A168-6131E667D5E4}\mpengine.dll