Ga naar inhoud

Trojan horse Patched_c.LYT in system32\services.exe

Sandra1987
 Delen

Aanbevolen berichten

Sandra1987 Leerling

Sandra1987

Geplaatst:
  • Auteur
Geplaatst:

Hoi Kape,

Gelukt, ik kreeg alleen met geen mogelijkheid de log gevonden. Ik heb de computer meermalen opnieuw opgestart en de zoekfunctie naar combofix laten zoeken, zonder resultaat. Uiteindelijk opnieuw een tekstdocumentje gemaakt (eerste was na de geslaagde scan verdwenen, dat scriptje) en de scan opnieuw uit laten voeren. Tijdens deze scan is mijn computer niet door combofix opnieuw opgestart en kon ik de log wel vinden, zie ook bijgaand. AVG even snel in de map drivers laten scannen, voordat ik combifix de 2e x liet draaien, die vond meteen de 2 trojans weer. Ook na de 2e start van combifix. Zie bijgaand voor de log.

ComboFix 13-05-05.01 - Toshiba 05-05-2013 22:06:00.3.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.3062.1746 [GMT 2:00]

Gestart vanuit: c:\users\Toshiba\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Toshiba\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\install.rdf

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome.manifest

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd

c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\install.rdf

c:\users\Toshiba\AppData\Local\Temp\ppcrlui_2764_2

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome.manifest

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content\appIcon.png

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content\browserOverlay.xul

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content\options.js

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content\options.xul

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content\utils.js

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults\preferences\predictad.js

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\install.rdf

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome.manifest

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\dealplyIcon32.png

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\DealPlyTune.dll

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\defaults.js

c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\install.rdf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-04-05 to 2013-05-05 ))))))))))))))))))))))))))))))

.

.

2013-05-05 20:23 . 2013-05-05 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-05 10:14 . 2013-05-05 10:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DDE4A0-53AC-4E0B-A495-45975289BEC9}\offreg.dll

2013-05-05 09:48 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DDE4A0-53AC-4E0B-A495-45975289BEC9}\mpengine.dll

2013-05-04 09:46 . 2013-05-04 09:46 -------- d-----w- C:\TDSSKiller_Quarantine

2013-04-28 21:32 . 2013-04-28 21:32 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-04-28 21:18 . 2013-04-28 21:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\TuneUp Software

2013-04-28 21:17 . 2013-04-28 21:17 -------- d-----w- C:\$AVG

2013-04-28 21:17 . 2013-04-28 21:19 -------- d-----w- c:\programdata\AVG2013

2013-04-28 21:14 . 2013-04-28 21:14 -------- d--h--w- c:\programdata\Common Files

2013-04-28 21:14 . 2013-05-03 12:58 -------- d-----w- c:\programdata\MFAData

2013-04-28 21:14 . 2013-04-28 22:23 -------- d-----w- c:\users\Toshiba\AppData\Local\Avg2013

2013-04-28 21:14 . 2013-04-28 21:14 -------- d-----w- c:\users\Toshiba\AppData\Local\MFAData

2013-04-28 21:13 . 2013-04-28 21:14 -------- d-----w- c:\programdata\AVG8UPG

2013-04-28 20:54 . 2013-04-28 21:03 -------- d-----w- C:\MaxAVLiveUpdate

2013-04-28 20:44 . 2013-04-13 18:20 117248 ----a-w- c:\windows\system32\MaxNative.exe

2013-04-28 20:43 . 2013-04-13 18:38 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys

2013-04-28 20:43 . 2013-04-13 18:38 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys

2013-04-28 20:43 . 2013-04-13 18:38 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys

2013-04-28 20:43 . 2013-05-03 15:04 -------- d-----w- c:\program files\Max Spyware Detector

2013-04-28 20:43 . 2013-04-13 18:38 13280 ----a-w- c:\windows\system32\drivers\004.sys

2013-04-28 20:43 . 2013-04-13 18:38 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys

2013-04-28 20:43 . 2013-04-13 18:38 72160 ----a-w- c:\windows\system32\drivers\MaxMgr.sys

2013-04-28 20:43 . 2013-04-13 18:38 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys

2013-04-28 20:39 . 2013-04-28 20:43 -------- d-----w- c:\programdata\Max Secure

2013-04-28 20:36 . 2013-04-28 20:36 -------- d-----w- c:\users\Toshiba\AppData\Local\Max Secure Software

2013-04-28 20:35 . 2013-05-03 15:04 -------- d-----w- c:\users\Toshiba\AppData\Roaming\GetRightToGo

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-04 09:47 . 2009-09-24 16:26 279552 ----a-w- c:\windows\system32\services.exe

2013-05-02 00:06 . 2009-10-03 13:52 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-04 12:50 . 2011-08-13 09:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- c:\program files\navigram_register.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]

"NDSTray.exe"="NDSTray.exe" [bU]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2013-04-28 2042208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-3 66864]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-16 18:49 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:56]

.

2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:56]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\

FF - prefs.js: browser.search.selectedEngine -

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: extensions.BabylonToolbar_i.id - 76e116c1000000000000001f3b8a9c93

FF - user.js: extensions.BabylonToolbar_i.hardId - 76e116c1000000000000001f3b8a9c93

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:59

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-05-05 22:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell = Explorer.exe?

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit = c:\windows\system32\userinit.exe,?

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????A?g??????9???9?(?9?h?9???

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,

02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7

"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,

0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,

a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:cc,0b,98,46,87,b7,cd,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2013-05-05 22:24:24

ComboFix-quarantined-files.txt 2013-05-05 20:24

ComboFix2.txt 2013-05-05 09:07

.

Pre-Run: 17.677.422.592 bytes beschikbaar

Post-Run: 17.645.735.936 bytes beschikbaar

.

- - End Of File - - A285A19CE3D1AD00F20BE10CE82ABCDC

Link naar reactie
Delen op andere sites
  • Reacties 31
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dan gaan we nog wat verder kijken:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\004.sys

c:\windows\system32\MaxNative.exe

c:\windows\system32\drivers\MaxProtector64.sys

c:\windows\system32\drivers\MaxProc64.sys

c:\windows\system32\drivers\SDActMon2K.sys

c:\windows\system32\drivers\MaxProtector32.sys

c:\windows\system32\drivers\MaxMgr.sys

c:\windows\system32\drivers\SDActMon.sys

c:\programdata\Max Secure

c:\users\Toshiba\AppData\Local\Max Secure Software

Folder::

C:\TDSSKiller_Quarantine

C:\MaxAVLiveUpdate

c:\program files\Max Spyware Detector

Firefox::

FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\

FF - user.js: extensions.BabylonToolbar_i.id - 76e116c1000000000000001f3b8a9c93

FF - user.js: extensions.BabylonToolbar_i.hardId - 76e116c1000000000000001f3b8a9c93

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15403

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:59

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
Sandra1987 Leerling

Sandra1987

Geplaatst:
  • Auteur
Geplaatst:

Beste Kape,

Nadat CombiFix klaar was de laptop handmatig opnieuw opgestart; hij gaf opnieuw meldingen bij het openen van programma's met bewerking op een registerkey die gemarkeerd staat voor verwijdering. Daarnaast kwam er al een foutmelding voor CombiFix klaar was;FOUT Kan 'CEC_MAIN.exe' niet uitvoeren. installeer dit programma opnieuw.

AVG vind in de map direct weer die 2 trojans. ik heb hem niet de gehele computer laten scannen op die 28 eventueel nog aanwezige andere tracking coockies/html frame virussen.

Log ComboFix

ComboFix 13-05-06.03 - Toshiba 06-05-2013 19:47:53.4.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.3062.1782 [GMT 2:00]

Gestart vanuit: c:\users\Toshiba\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Toshiba\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\Max Secure"

"c:\users\Toshiba\AppData\Local\Max Secure Software"

"c:\windows\system32\drivers\004.sys"

"c:\windows\system32\drivers\MaxMgr.sys"

"c:\windows\system32\drivers\MaxProc64.sys"

"c:\windows\system32\drivers\MaxProtector32.sys"

"c:\windows\system32\drivers\MaxProtector64.sys"

"c:\windows\system32\drivers\SDActMon.sys"

"c:\windows\system32\drivers\SDActMon2K.sys"

"c:\windows\system32\MaxNative.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\MaxAVLiveUpdate

c:\maxavliveupdate\Data\HeurWhiteDb.db

c:\maxavliveupdate\Data\SD1.DB

c:\maxavliveupdate\Data\SD10.DB

c:\maxavliveupdate\Data\SD11.DB

c:\maxavliveupdate\Data\SD14.DB

c:\maxavliveupdate\Data\SD2.DB

c:\maxavliveupdate\Data\SD20.DB

c:\maxavliveupdate\Data\SD23.DB

c:\maxavliveupdate\Data\SD24.DB

c:\maxavliveupdate\Data\SD25.DB

c:\maxavliveupdate\Data\SD26.DB

c:\maxavliveupdate\Data\SD32.DB

c:\maxavliveupdate\Data\SD40.CT

c:\maxavliveupdate\Data\SD40.DB

c:\maxavliveupdate\Data\SD40.ID

c:\maxavliveupdate\Data\SD40.NM

c:\maxavliveupdate\Data\SD42.DB

c:\maxavliveupdate\Data\SD43.DB

c:\maxavliveupdate\Data\SD44.DB

c:\maxavliveupdate\Data\SD45.DB

c:\maxavliveupdate\Data\SD46.DB

c:\maxavliveupdate\Data\SDR1.DB

c:\maxavliveupdate\Data\SDV1.DB

c:\maxavliveupdate\Data\SDV10.DB

c:\maxavliveupdate\Data\SDV11.DB

c:\maxavliveupdate\Data\SDV12.DB

c:\maxavliveupdate\Data\SDV2.DB

c:\maxavliveupdate\Data\SDV3.DB

c:\maxavliveupdate\Data\SDV4.DB

c:\maxavliveupdate\Data\SDV5.DB

c:\maxavliveupdate\Data\SDV6.DB

c:\maxavliveupdate\Data\SDV7.DB

c:\maxavliveupdate\Data\SDV8.DB

c:\maxavliveupdate\Data\SDV9.DB

c:\maxavliveupdate\Data\SDWK.db

c:\maxavliveupdate\ServerVersion.txt

c:\program files\Max Spyware Detector

c:\program files\Max Spyware Detector\ActiveProtection.dll

c:\program files\Max Spyware Detector\ActiveProtection2K.dll

c:\program files\Max Spyware Detector\AntiRootKitDLL.dll

c:\program files\Max Spyware Detector\CheckDll.dll

c:\program files\Max Spyware Detector\Data\16.0.9.101\HeurWhiteDb.db

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD1.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD10.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD11.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD14.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD2.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD20.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD23.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD24.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD25.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD26.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD32.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD40.CT

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD40.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD40.ID

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD40.NM

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD42.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD43.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD44.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD45.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SD46.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDR1.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV1.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV10.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV11.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV12.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV2.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV3.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV4.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV5.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV6.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV7.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV8.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDV9.DB

c:\program files\Max Spyware Detector\Data\16.0.9.101\SDWK.db

c:\program files\Max Spyware Detector\dbghelp.dll

c:\program files\Max Spyware Detector\DisasmEngineDll.dll

c:\program files\Max Spyware Detector\English_Tips.txt

c:\program files\Max Spyware Detector\FIC.db

c:\program files\Max Spyware Detector\FileData.zip

c:\program files\Max Spyware Detector\FileData\Data01.exe

c:\program files\Max Spyware Detector\FileData\Data02.exe

c:\program files\Max Spyware Detector\FileData\Data03.com

c:\program files\Max Spyware Detector\FileData\Data04.sys

c:\program files\Max Spyware Detector\FileData\Data05.dll

c:\program files\Max Spyware Detector\FileData\Data06.dll

c:\program files\Max Spyware Detector\FileData\Data07.asp

c:\program files\Max Spyware Detector\FileData\Data08.htm

c:\program files\Max Spyware Detector\FileData\Data09.html

c:\program files\Max Spyware Detector\FileData\Data10.bat

c:\program files\Max Spyware Detector\FileData\Data11.vbs

c:\program files\Max Spyware Detector\FileData\Data12.js

c:\program files\Max Spyware Detector\FileData\Data13.exe

c:\program files\Max Spyware Detector\FileData\Data14.exe

c:\program files\Max Spyware Detector\FileData\Data15.exe

c:\program files\Max Spyware Detector\FileData\FileData.ini

c:\program files\Max Spyware Detector\FirewallSetup.exe

c:\program files\Max Spyware Detector\French_Tips.txt

c:\program files\Max Spyware Detector\GeneralPurpose.dll

c:\program files\Max Spyware Detector\German_Tips.txt

c:\program files\Max Spyware Detector\hosts.backup

c:\program files\Max Spyware Detector\images\award.jpg

c:\program files\Max Spyware Detector\images\bg_bullet_right.gif

c:\program files\Max Spyware Detector\images\buy-now02.png

c:\program files\Max Spyware Detector\images\checkG.gif

c:\program files\Max Spyware Detector\images\intel_partner_program.png

c:\program files\Max Spyware Detector\images\logo_new_SpywareDetector.gif

c:\program files\Max Spyware Detector\images\mcafeeSecure-chat.gif

c:\program files\Max Spyware Detector\images\microsoft_partner.gif

c:\program files\Max Spyware Detector\images\new-box.jpg

c:\program files\Max Spyware Detector\images\order-now.jpg

c:\program files\Max Spyware Detector\images\ProductBox_purchase.jpg

c:\program files\Max Spyware Detector\images\rating50.gif

c:\program files\Max Spyware Detector\images\reponline.gif

c:\program files\Max Spyware Detector\InfoLSP.dll

c:\program files\Max Spyware Detector\Japanese_Tips.txt

c:\program files\Max Spyware Detector\KeyLoggerHandler.dll

c:\program files\Max Spyware Detector\KeyLoggerLog.txt

c:\program files\Max Spyware Detector\KeyLoggerScanner.exe

c:\program files\Max Spyware Detector\KeyLoggerScannerDll.dll

c:\program files\Max Spyware Detector\LaptopTracker.dll

c:\program files\Max Spyware Detector\LiveUpdate.exe

c:\program files\Max Spyware Detector\Log.htm

c:\program files\Max Spyware Detector\Log\Export.txt

c:\program files\Max Spyware Detector\Log\HeurSDLog.txt

c:\program files\Max Spyware Detector\Log\KeyLoggerHandler.txt

c:\program files\Max Spyware Detector\Log\MaxActMon.txt

c:\program files\Max Spyware Detector\Log\MaxAVDBScan.log

c:\program files\Max Spyware Detector\Log\MaxDBServer32.txt

c:\program files\Max Spyware Detector\Log\MaxLiveUpdate.txt

c:\program files\Max Spyware Detector\Log\MaxMemScn.Log

c:\program files\Max Spyware Detector\Log\MaxMerger.txt

c:\program files\Max Spyware Detector\Log\MaxRootkitScanner32.txt

c:\program files\Max Spyware Detector\Log\MaxScanner.txt

c:\program files\Max Spyware Detector\Log\MaxSDTray.txt

c:\program files\Max Spyware Detector\Log\MaxSDUI.txt

c:\program files\Max Spyware Detector\Log\MaxSecure.txt

c:\program files\Max Spyware Detector\Log\RootKitLog32.txt

c:\program files\Max Spyware Detector\Log\SDLiveupdateLog32.txt

c:\program files\Max Spyware Detector\Log\SDLog32.txt

c:\program files\Max Spyware Detector\Log\SplSpyLog32.txt

c:\program files\Max Spyware Detector\Log\SystemLog.txt

c:\program files\Max Spyware Detector\Log\USBLog.txt

c:\program files\Max Spyware Detector\Log\VersionInformation.txt

c:\program files\Max Spyware Detector\Log\VirusSDLog32.txt

c:\program files\Max Spyware Detector\Log\VoucherLog.txt

c:\program files\Max Spyware Detector\Log\WatchDog.txt

c:\program files\Max Spyware Detector\LogFolder\SpyFound.DB

c:\program files\Max Spyware Detector\MainIconNew.ico

c:\program files\Max Spyware Detector\Max Secure Firewall.msi

c:\program files\Max Spyware Detector\MaxActMon.exe

c:\program files\Max Spyware Detector\MaxAVDBScan.dll

c:\program files\Max Spyware Detector\MaxAVPMScan.dll

c:\program files\Max Spyware Detector\MaxAVRepair.dll

c:\program files\Max Spyware Detector\MaxCMDScanner.exe

c:\program files\Max Spyware Detector\MaxDBServer.exe

c:\program files\Max Spyware Detector\MaxLiveUpdate.dll

c:\program files\Max Spyware Detector\MaxMemScan.dll

c:\program files\Max Spyware Detector\MaxMerger.exe

c:\program files\Max Spyware Detector\MaxProcScn.exe

c:\program files\Max Spyware Detector\MaxRegistryBackUp.exe

c:\program files\Max Spyware Detector\MaxRootkitScanner.exe

c:\program files\Max Spyware Detector\MaxRootKitScannerUI.exe

c:\program files\Max Spyware Detector\MaxScanner.exe

c:\program files\Max Spyware Detector\MaxSDNews.txt

c:\program files\Max Spyware Detector\MaxSDResourceDll.dll

c:\program files\Max Spyware Detector\MaxSDScanner.dll

c:\program files\Max Spyware Detector\MaxSDShellExt.dll

c:\program files\Max Spyware Detector\MaxSDTray.chm

c:\program files\Max Spyware Detector\MaxSDTray.exe

c:\program files\Max Spyware Detector\MaxSDUI.chm

c:\program files\Max Spyware Detector\MaxSDUI.exe

c:\program files\Max Spyware Detector\MaxSecure.dll

c:\program files\Max Spyware Detector\MaxSecureReports.exe

c:\program files\Max Spyware Detector\MaxUninstaller.exe

c:\program files\Max Spyware Detector\MaxUnpacker.dll

c:\program files\Max Spyware Detector\MaxUPXUnpacker.dll

c:\program files\Max Spyware Detector\MaxUSB.exe

c:\program files\Max Spyware Detector\MaxUSBProc.exe

c:\program files\Max Spyware Detector\MaxWatchDogService.exe

c:\program files\Max Spyware Detector\MigrateSD.exe

c:\program files\Max Spyware Detector\Notifications.exe

c:\program files\Max Spyware Detector\Option.dll

c:\program files\Max Spyware Detector\PDFDecrypt.dll

c:\program files\Max Spyware Detector\pec2codec_aplib.dll

c:\program files\Max Spyware Detector\pec2codec_ffce.dll

c:\program files\Max Spyware Detector\PEC2CODEC_JCALG1.dll

c:\program files\Max Spyware Detector\pec2codec_lzma.dll

c:\program files\Max Spyware Detector\pec2codec_lzma2.dll

c:\program files\Max Spyware Detector\Quarantine.wav

c:\program files\Max Spyware Detector\Recovery_Disk.pdf

c:\program files\Max Spyware Detector\Russian_Tips.txt

c:\program files\Max Spyware Detector\Scan.wav

c:\program files\Max Spyware Detector\SDAntiRtKt.sys

c:\program files\Max Spyware Detector\SDLiveupdate\Data\FIC.db

c:\program files\Max Spyware Detector\SDLiveupdate\FIC.db

c:\program files\Max Spyware Detector\SendReport.exe

c:\program files\Max Spyware Detector\Setting\AntiSpamSetting.ini

c:\program files\Max Spyware Detector\Setting\blockActivex.reg

c:\program files\Max Spyware Detector\Setting\BlockTrojan.ini

c:\program files\Max Spyware Detector\Setting\CurrentSettings.ini

c:\program files\Max Spyware Detector\Setting\English_Strings.ini

c:\program files\Max Spyware Detector\Setting\exe.dat

c:\program files\Max Spyware Detector\Setting\exefile.dat

c:\program files\Max Spyware Detector\Setting\Export.ini

c:\program files\Max Spyware Detector\Setting\French_Strings.ini

c:\program files\Max Spyware Detector\Setting\German_Strings.ini

c:\program files\Max Spyware Detector\Setting\hostInsert.ini

c:\program files\Max Spyware Detector\Setting\HostListSD.ini

c:\program files\Max Spyware Detector\Setting\InstantScan.ini

c:\program files\Max Spyware Detector\Setting\Japanese_Strings.ini

c:\program files\Max Spyware Detector\Setting\Restricted.reg

c:\program files\Max Spyware Detector\Setting\RootKitWhiteDB.ini

c:\program files\Max Spyware Detector\Setting\Russian_Strings.ini

c:\program files\Max Spyware Detector\Setting\SocketSettings.ini

c:\program files\Max Spyware Detector\Setting\Spanish_Strings.ini

c:\program files\Max Spyware Detector\Setting\UnReg.reg

c:\program files\Max Spyware Detector\Setting\Voucher_English_Strings.ini

c:\program files\Max Spyware Detector\Setting\Voucher_French_Strings.ini

c:\program files\Max Spyware Detector\Setting\Voucher_German_Strings.ini

c:\program files\Max Spyware Detector\Setting\Voucher_Japanese_Strings.ini

c:\program files\Max Spyware Detector\Setting\Voucher_Russian_Strings.ini

c:\program files\Max Spyware Detector\Setting\Voucher_Spanish_Strings.ini

c:\program files\Max Spyware Detector\Setting\WinsockBkp-Win2K.reg

c:\program files\Max Spyware Detector\Setting\WinsockBkp-Win98.reg

c:\program files\Max Spyware Detector\Setting\WinsockBkp-WinME.reg

c:\program files\Max Spyware Detector\Setting\WinsockBkp-WinVista.reg

c:\program files\Max Spyware Detector\Setting\WinsockBkp-WinXP.reg

c:\program files\Max Spyware Detector\Setting\WinsockBkp-WinXPHE.reg

c:\program files\Max Spyware Detector\Setting\wormcounts.ini

c:\program files\Max Spyware Detector\SMTPDll.dll

c:\program files\Max Spyware Detector\Spanish_Tips.txt

c:\program files\Max Spyware Detector\SpecialSpyHandler.dll

c:\program files\Max Spyware Detector\StartUpTipsDll.dll

c:\program files\Max Spyware Detector\SubmitSamples.exe

c:\program files\Max Spyware Detector\TeamViewerQS.exe

c:\program files\Max Spyware Detector\ThreatCommunity.dll

c:\program files\Max Spyware Detector\Tools\Backup.zip

c:\program files\Max Spyware Detector\Tools\BackupRestoreUtility.exe

c:\program files\Max Spyware Detector\Tools\CmdRegistration.exe

c:\program files\Max Spyware Detector\Tools\file_assoc_Vista.reg

c:\program files\Max Spyware Detector\Tools\file_assoc_win7.reg

c:\program files\Max Spyware Detector\Tools\file_assoc_XP.reg

c:\program files\Max Spyware Detector\Tools\Iexplore.com

c:\program files\Max Spyware Detector\Tools\Iexplore.exe

c:\program files\Max Spyware Detector\Tools\KnownServices.ini

c:\program files\Max Spyware Detector\Tools\MaxCleanSysVolume.exe

c:\program files\Max Spyware Detector\Tools\MaxFixExec.reg

c:\program files\Max Spyware Detector\Tools\MaxGenProcHost.exe

c:\program files\Max Spyware Detector\Tools\MaxKidoFix.exe

c:\program files\Max Spyware Detector\Tools\MaxKidoFix.txt

c:\program files\Max Spyware Detector\Tools\MaxNetCfg.exe

c:\program files\Max Spyware Detector\Tools\MaxRegistryFix.exe

c:\program files\Max Spyware Detector\Tools\maxsalcln.exe

c:\program files\Max Spyware Detector\Tools\MaxServicesList.exe

c:\program files\Max Spyware Detector\Tools\MaxTrjScn.exe

c:\program files\Max Spyware Detector\Tools\MaxUnhide.exe

c:\program files\Max Spyware Detector\Tools\MaxUpdateFix.exe

c:\program files\Max Spyware Detector\Tools\SetDacl.exe

c:\program files\Max Spyware Detector\Tools4.ico

c:\program files\Max Spyware Detector\unrar.dll

c:\program files\Max Spyware Detector\USBLog.htm

c:\program files\Max Spyware Detector\VchReg.dll

c:\program files\Max Spyware Detector\welcome.htm

C:\TDSSKiller_Quarantine

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\file0000\object.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\file0000\tsk0000.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\object.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0000.dta

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0000.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0001.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0002.dta

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0002.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0003.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0004.dta

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0004.ini

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0005.dta

c:\tdsskiller_quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0005.ini

c:\users\Toshiba\AppData\Local\Temp\ppcrlui_1788_2

c:\windows\system32\drivers\004.sys

c:\windows\system32\drivers\MaxMgr.sys

c:\windows\system32\drivers\MaxProc64.sys

c:\windows\system32\drivers\MaxProtector32.sys

c:\windows\system32\drivers\MaxProtector64.sys

c:\windows\system32\drivers\SDActMon.sys

c:\windows\system32\drivers\SDActMon2K.sys

c:\windows\system32\MaxNative.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MaxMgr

-------\Legacy_MaxProtector32

-------\Legacy_SDActMon

-------\Service_MaxMgr

-------\Service_MaxProtector32

-------\Service_SDActMon

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-04-06 to 2013-05-06 ))))))))))))))))))))))))))))))

.

.

2013-05-06 17:57 . 2013-05-06 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-05 20:46 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-05-05 20:45 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-05-05 20:45 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-05-05 20:45 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-05-05 20:45 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-05-05 20:45 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-05-05 20:45 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-05-05 20:45 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll

2013-05-05 20:45 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-05-05 20:45 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-05-05 20:45 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-05-05 20:39 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-05-05 20:39 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll

2013-05-05 10:14 . 2013-05-05 10:14 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DDE4A0-53AC-4E0B-A495-45975289BEC9}\offreg.dll

2013-05-05 09:48 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45DDE4A0-53AC-4E0B-A495-45975289BEC9}\mpengine.dll

2013-05-05 09:41 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-05-05 09:41 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll

2013-05-05 09:33 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll

2013-05-05 09:33 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2013-05-05 09:33 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-05 09:32 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-05 09:32 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-05-05 09:32 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe

2013-05-05 09:32 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll

2013-05-05 09:32 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2013-05-05 09:32 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2013-05-05 09:32 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-05-05 09:32 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-05-05 09:31 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2013-05-05 09:31 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-05 09:31 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-05 09:31 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll

2013-05-05 09:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

2013-05-05 09:25 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-05 09:25 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-05-05 09:25 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-05-05 09:25 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-05-05 09:25 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-05-05 09:25 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-04-28 21:32 . 2013-04-28 21:32 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2013-04-28 21:18 . 2013-04-28 21:18 -------- d-----w- c:\users\Toshiba\AppData\Roaming\TuneUp Software

2013-04-28 21:17 . 2013-04-28 21:17 -------- d-----w- C:\$AVG

2013-04-28 21:17 . 2013-04-28 21:19 -------- d-----w- c:\programdata\AVG2013

2013-04-28 21:14 . 2013-04-28 21:14 -------- d--h--w- c:\programdata\Common Files

2013-04-28 21:14 . 2013-05-03 12:58 -------- d-----w- c:\programdata\MFAData

2013-04-28 21:14 . 2013-04-28 22:23 -------- d-----w- c:\users\Toshiba\AppData\Local\Avg2013

2013-04-28 21:14 . 2013-04-28 21:14 -------- d-----w- c:\users\Toshiba\AppData\Local\MFAData

2013-04-28 21:13 . 2013-04-28 21:14 -------- d-----w- c:\programdata\AVG8UPG

2013-04-28 20:39 . 2013-04-28 20:43 -------- d-----w- c:\programdata\Max Secure

2013-04-28 20:36 . 2013-04-28 20:36 -------- d-----w- c:\users\Toshiba\AppData\Local\Max Secure Software

2013-04-28 20:35 . 2013-05-03 15:04 -------- d-----w- c:\users\Toshiba\AppData\Roaming\GetRightToGo

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-04 09:47 . 2009-09-24 16:26 279552 ----a-w- c:\windows\system32\services.exe

2013-05-02 00:06 . 2009-10-03 13:52 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-04 12:50 . 2011-08-13 09:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2007-03-12 17:59 . 2007-03-12 17:59 299008 ----a-w- c:\program files\navigram_register.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-12-29 430080]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]

"NDSTray.exe"="NDSTray.exe" [bU]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2013-04-28 2042208]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-1-25 2938184]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-5-3 66864]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-16 18:49 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:56]

.

2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 11:56]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\03jh1t15.default\

FF - prefs.js: browser.search.selectedEngine -

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Max Spyware Detector 2013 - c:\program files\Max Spyware Detector\MaxUninstaller.exe

.

.

.

**************************************************************************

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????A?g??????9???9?(?9?h?9???

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden:

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,

02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7

"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,

0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,38,12,49,4c,04,

a2,cd,51,b8,a4,d6,29,f9,08,a8,03,90,5c

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:cc,0b,98,46,87,b7,cd,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1372)

c:\program files\IDM\Desktop SMS\oehook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\progra~1\AVG\AVG8\avgwdsvc.exe

c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\KPN\Mobiel Internet Software\LoggerServer.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe

c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\Toshiba\Power Saver\TosCoSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

c:\users\Toshiba\AppData\Local\TVersity\Media Server\MediaServer.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\Apoint2K\HidFind.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Mail\WinMail.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2013-05-06 20:06:26 - machine werd herstart

ComboFix-quarantined-files.txt 2013-05-06 18:06

ComboFix2.txt 2013-05-05 20:24

ComboFix3.txt 2013-05-05 09:07

.

Pre-Run: 19.049.623.552 bytes beschikbaar

Post-Run: 17.860.993.024 bytes beschikbaar

.

- - End Of File - - 9074060E7C5CB6182D4CE42C23DE1C09

Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:19:29, on 6-5-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Windows Mail\WinMail.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Toshiba\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files\KPN\Mobiel Internet Software\BecHelperService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\Toshiba\AppData\Local\TVersity\Media Server\MediaServer.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10718 bytes

Link naar reactie
Delen op andere sites
Sandra1987 Leerling

Sandra1987

Geplaatst:
  • Auteur
Geplaatst:

Hoi Kape,

Hij vind er twee, ik laat hem dan enkel zoeken in c:\Toshiba\drivers\ValueAddedPackage. Hij vindt dan file c:\Toshiba\drivers\ValueAddedPackage\Data1.cab en c:\Toshiba\drivers\ValueAddedPackage\Data1.cab:\_EB8958FF590ACA8DD1588E3641D9844C beide infecties noemt hij Trojan horse Generic30.HEH result infected.

Link naar reactie
Delen op andere sites
Sandra1987 Leerling

Sandra1987

Geplaatst:
  • Auteur
Geplaatst:

Hi,

Hij doet niets. In Chrome tweemaal geupload, beide keren kreeg ik al resultaat geen bestand ingezonden na circa 4 minuten wachten. Laptop opnieuw opgestart, in IE geupload, zelfde resultaat. Ik kan overigens alleen data1 vinden, niet het andere bestand. Het heeft wel een ZIP icoontje, eerst even uitpakken?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    4f8d1a3bd3fbd-EmsisoftEK11.jpg
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    4f8d1a4d61ffa-EmsisoftEK2.jpg
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

Link naar reactie
Delen op andere sites
Sandra1987 Leerling

Sandra1987

Geplaatst:
  • Auteur
Geplaatst:

Hierbij het logje, AVG heeft inmiddels heel veel threats gedetecteerd, allen in C:\windows\system32\config\systemprofile\appdata\local\windows\temporary internet files\content.IE5\0NNGR65M\(variabel,bijv 120x600[1].htm) zijn er een stuk of 30, infection: Virus found HTML/framer. Dit is een pop-up dat tijdens het scannen is gekomen, ik heb AVG niet handmatig laten scannen.

Emsisoft Emergency Kit - Versie 3.0

Laatste Update: 8-5-2013 18:03:45

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, D:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 8-5-2013 18:05:15

C:\Program Files\PlayFirst Ontdekt: Trace.File.Believe in Santa (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\ Ontdekt: Trace.File.MaxSpywareDetector (A)

C:\Users\Public\Desktop\Max Spyware Detector.lnk Ontdekt: Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Max Spyware Detector.lnk Ontdekt: Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Max Spyware Detector Help.lnk Ontdekt: Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Uninstall Max Spyware Detector.lnk Ontdekt: Trace.File.MaxSpywareDetector (A)

C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0002.dta.vir Ontdekt: Trojan.Sirefef.RG (B)

C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0005.dta.vir Ontdekt: Trojan.Sirefef.RG (B)

Gescand 513211

Gevonden 8

Scan geëindigd: 8-5-2013 20:11:38

Scantijd: 2:06:23

C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0002.dta.vir Verwijderd Trojan.Sirefef.RG (B)

C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\04.05.2013_11.45.07\zasubsys0000\zafs0000\tsk0005.dta.vir Verwijderd Trojan.Sirefef.RG (B)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\ Verwijderd Trace.File.MaxSpywareDetector (A)

C:\Users\Public\Desktop\Max Spyware Detector.lnk Verwijderd Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Max Spyware Detector.lnk Verwijderd Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Max Spyware Detector Help.lnk Verwijderd Trace.File.MaxSpywareDetector (A)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector\Uninstall Max Spyware Detector.lnk Verwijderd Trace.File.MaxSpywareDetector (A)

C:\Program Files\PlayFirst Verwijderd Trace.File.Believe in Santa (A)

Verwijderd 8

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • Firefox Look
    • Chrome Look
    • Firefox Defaults
    • Reset Chrome
    • IE Defaults
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.