Vraag & Antwoord

Beveiliging & privacy

startsear.ch verwijderen lukt me niet

19 antwoorden
  • Hallo, Ik had op dit fora een begeleidende oplossing gezien om startsear.ch te verwijderen. Is er misschien iemand die daarbij wil helpen - vermits er blijkbaar gewerkt wordt aan de hand van logfiles e.d.? Alvast bedankt, beste groeten
  • [b:f5fe4ebd0a]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:f5fe4ebd0a] [color=#0000FF:f5fe4ebd0a][list:f5fe4ebd0a][*:f5fe4ebd0a]Lees alle instrukties goed door. [*:f5fe4ebd0a]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:f5fe4ebd0a]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:f5fe4ebd0a]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:f5fe4ebd0a]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:f5fe4ebd0a]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:f5fe4ebd0a][/color:f5fe4ebd0a] [color=#FF0000:f5fe4ebd0a][b:f5fe4ebd0a]Stap •1•[/b:f5fe4ebd0a][/color:f5fe4ebd0a] [b:f5fe4ebd0a]Welk programma[/b:f5fe4ebd0a]: Trend Micro [b:f5fe4ebd0a]Hijack This Versie 2.0.4[/b:f5fe4ebd0a] [b:f5fe4ebd0a]Waarvoor/waarom[/b:f5fe4ebd0a]: maakt een duidelijk overzicht van Windows door middel van een scan. [b:f5fe4ebd0a]Moeilijkheidsgraad[/b:f5fe4ebd0a]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven. [b:f5fe4ebd0a]Download[/b:f5fe4ebd0a] de [url=http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi][b:f5fe4ebd0a]HijackThis Installer[/b:f5fe4ebd0a][/url] [b:f5fe4ebd0a]Installatie[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:f5fe4ebd0a] Gebruikers van [b:f5fe4ebd0a]Windows Vista[/b:f5fe4ebd0a] en [b:f5fe4ebd0a]Windows 7[/b:f5fe4ebd0a] gaan daarna naar de installatielokatie van HijackThis. [list:f5fe4ebd0a][*:f5fe4ebd0a]Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen. [*:f5fe4ebd0a]Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren". [*:f5fe4ebd0a]Als laatste wordt dan nog op [b:f5fe4ebd0a]Toepassen[/b:f5fe4ebd0a] en [b:f5fe4ebd0a]OK[/b:f5fe4ebd0a] geklikt[/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Hijack This gebruiken[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a]Sluit eerst alle openstaande programma's en de webbrowsers. [*:f5fe4ebd0a]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile' [list:f5fe4ebd0a][*:f5fe4ebd0a]Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'[/list:u:f5fe4ebd0a] [*:f5fe4ebd0a]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'. [*:f5fe4ebd0a]Kopieer en plak de inhoud van het Hijack This-logfile in je aansluitende bericht. [*:f5fe4ebd0a]Hierna mag je Hijack This weer sluiten[/list:u:f5fe4ebd0a] [color=#FF0000:f5fe4ebd0a][b:f5fe4ebd0a]Stap •2•[/b:f5fe4ebd0a][/color:f5fe4ebd0a] [b:f5fe4ebd0a]Welk programma[/b:f5fe4ebd0a]: Malwarebytes MBAM [b:f5fe4ebd0a]Waarvoor/waarom[/b:f5fe4ebd0a]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:f5fe4ebd0a]Moeilijkheidsgraad[/b:f5fe4ebd0a]: geen. [b:f5fe4ebd0a]Download Malwarebytes MBAM via één van deze locaties[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:f5fe4ebd0a]Download.com[/b:f5fe4ebd0a][/url] [*:f5fe4ebd0a][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:f5fe4ebd0a]Softpedia.com[/b:f5fe4ebd0a][/url][*:f5fe4ebd0a][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:f5fe4ebd0a]Majorgeeks.com[/b:f5fe4ebd0a][/url][/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Allereerst[/b:f5fe4ebd0a]:[list:f5fe4ebd0a][*:f5fe4ebd0a] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:f5fe4ebd0a] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'! [/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Malwarebytes MBAM opstarten[/b:f5fe4ebd0a]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:f5fe4ebd0a][*:f5fe4ebd0a][b:f5fe4ebd0a]Let op:[/b:f5fe4ebd0a] [list:f5fe4ebd0a][*:f5fe4ebd0a]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:f5fe4ebd0a]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie. [*:f5fe4ebd0a]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken. [*:f5fe4ebd0a]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:f5fe4ebd0a][/list:u:f5fe4ebd0a] [img:f5fe4ebd0a]http://img30.imageshack.us/img30/3928/mbam2.png[/img:f5fe4ebd0a] [list:f5fe4ebd0a][*:f5fe4ebd0a][b:f5fe4ebd0a]Doe ook nog het volgende:[/b:f5fe4ebd0a] [list:f5fe4ebd0a][*:f5fe4ebd0a]Zodra het programma gestart is, ga dan naar het tabblad "[b:f5fe4ebd0a]Instellingen[/b:f5fe4ebd0a]". [*:f5fe4ebd0a]Vink hier aan: "[b:f5fe4ebd0a]Sluit Internet Explorer tijdens verwijdering van malware[/b:f5fe4ebd0a]".[/list:u:f5fe4ebd0a][/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Scannen[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:f5fe4ebd0a]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:f5fe4ebd0a]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Infecties gevonden[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a]Klik nu eerst op OK om de melding weg te klikken [*:f5fe4ebd0a]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:f5fe4ebd0a]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:f5fe4ebd0a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:f5fe4ebd0a]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:f5fe4ebd0a]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]MBAM-Log[/b:f5fe4ebd0a]: [list:f5fe4ebd0a][*:f5fe4ebd0a] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:f5fe4ebd0a] [b:f5fe4ebd0a]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:f5fe4ebd0a] [color=#FF0000:f5fe4ebd0a][b:f5fe4ebd0a]Stap •3•[/b:f5fe4ebd0a][/color:f5fe4ebd0a] [b:f5fe4ebd0a]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:f5fe4ebd0a] [list:f5fe4ebd0a][*:f5fe4ebd0a] een Hijackthis-log [*:f5fe4ebd0a] MBAM scanlog[/list:u:f5fe4ebd0a]
  • Bedankt Abraham54. Heb de twee logfiles, maar had daarstraks, nog voor m'n vraag, zelf al via hjt (had dat programma al langer) de betrokken startsearch-entries gewist (echter zonder resultaat). Had zelfs de hjt-backups van deze entries ook al verwijderd. Dus van die file ga je misschien niet veel wijzer worden? Dien de entries dan over te typen van een print-screen die ik gemaakt had voor het verwijderen, tenzij ikl die wordfile bij u kan krijgen via 'n mailtje? Grts - hier de 2 files alvast Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8308 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/12/2011 17:09:13 mbam-log-2011-12-04 (17-09-13).txt Scantype: Snelle scan Objecten gescand: 168511 Verstreken tijd: 7 minuut/minuten, 1 seconde(n) Geheugenprocessen geпnfecteerd: 0 Geheugenmodulen geпnfecteerd: 0 Registersleutels geпnfecteerd: 0 Registerwaarden geпnfecteerd: 1 Registerdata geпnfecteerd: 4 Mappen geпnfecteerd: 0 Bestanden geпnfecteerd: 1 Geheugenprocessen geпnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geпnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geпnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geпnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully. Registerdata geпnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geпnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geпnfecteerd: d:\mijn documenten\downloads\Unibet.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:58:14, on 4/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\G Data\GDScan\GDScan.exe C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe D:\Program Files\UberIcon\UberIcon Manager.exe D:\Program Files\ResizeEnable\ResizeEnableRunner.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\Integrator.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Ad-Aware WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O3 - Toolbar: Ad-Aware WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [UberIcon Manager.exe] "D:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [ResizeEnableRunner.exe] "D:\Program Files\ResizeEnable\ResizeEnableRunner.exe" O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277494496484 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieen - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ad-Aware Total Security Proxy (AVKProxy) - Lavasoft AB - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: Ad-Aware Scheduler (AVKService) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe O23 - Service: Ad-Aware Bestandssysteembewaker (AVKWCtl) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Ad-Aware Backup Service (GDBackupSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe O23 - Service: Ad-Aware Persoonlijke Firewall (GDFwSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe O23 - Service: Ad-Aware Scanner (GDScan) - Lavasoft AB - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe O23 - Service: Ad-Aware Tuner Service (GDTunerSvc) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ToolTipFixer - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 11071 bytes
  • Je mag het volgende gaan doen: [color=#FF0000:e623fcbf10][b:e623fcbf10]Stap •1•[/b:e623fcbf10][/color:e623fcbf10] Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:e623fcbf10]Fix checked[/b:e623fcbf10] klikt! Start nu HijackThis en klik op de knop [b:e623fcbf10]Do a Scan only, O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll O4 - HKLM\..\Run: [ResizeEnableRunner.exe] "D:\Program Files\ResizeEnable\ResizeEnableRunner.exe" [/b:e623fcbf10] [list:e623fcbf10][*:e623fcbf10] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:e623fcbf10] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:e623fcbf10]Fix checked[/b:e623fcbf10] [*:e623fcbf10] Klik hierna HijackThis op uit.[/list:u:e623fcbf10] [b:e623fcbf10] Start de computer na de fix opnieuw op[/b:e623fcbf10] [color=#FF0000:e623fcbf10][b:e623fcbf10]Stap •2•[/b:e623fcbf10][/color:e623fcbf10] [[b:e623fcbf10]Welk programma[/b:e623fcbf10]: Kaspersky [b:e623fcbf10]TDSSKiller[/b:e623fcbf10] [b:e623fcbf10]Waarvoor/waarom[/b:e623fcbf10]: Rootkitscanner [b:e623fcbf10]Moeilijkheidsgraad[/b:e623fcbf10]: geen [b:e623fcbf10]Downloadlokatie[/b:e623fcbf10]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:e623fcbf10]Download[/b:e623fcbf10] [b:e623fcbf10]TDSSKiller[/b:e623fcbf10] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:e623fcbf10]hier[/b:e623fcbf10][/url]. [b:e623fcbf10]Installatie[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10] pak het bestand uit op je bureaublad.[/list:u:e623fcbf10] [b:e623fcbf10]TDSSKiller gebruiken[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:e623fcbf10]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:e623fcbf10]Als Administrator uitvoeren[/b:e623fcbf10]. [*:e623fcbf10]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit.[/list:u:e623fcbf10] [img:e623fcbf10]http://www.imgdumper.nl/uploads4/4dc1d6438f791/4dc1d6438d897-TDSSKiller_2011-05-05_00-26-21.jpg[/img:e623fcbf10] [list:e623fcbf10][*:e623fcbf10]Klik vervolgens op de knop [b:e623fcbf10]"Start Scan"[/b:e623fcbf10] en volg de instructies. [*:e623fcbf10] Nadat de scan klaar is klik je op de knop [b:e623fcbf10]"Report"[/b:e623fcbf10]. [*:e623fcbf10]Er opent een kladblokbestand. Post de inhoud van dit bestand. [list:e623fcbf10][*:e623fcbf10][b:e623fcbf10]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:e623fcbf10] [*:e623fcbf10]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:e623fcbf10]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:e623fcbf10][/list:u:e623fcbf10][/list:u:e623fcbf10] [color=#FF0000:e623fcbf10][b:e623fcbf10]Stap •3•[/b:e623fcbf10][/color:e623fcbf10] [b:e623fcbf10]Welk programma[/b:e623fcbf10]: ComboFix [b:e623fcbf10]Waarvoor/waarom[/b:e623fcbf10]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:e623fcbf10]Moeilijkheidsgraad[/b:e623fcbf10]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:e623fcbf10]Downloadlokatie[/b:e623fcbf10]: Dit programma absoluut naar het bureaublad downloaden! [b:e623fcbf10]Download ComboFix via één van deze locaties[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:e623fcbf10]Bleepingcomputer[/b:e623fcbf10][/url] [*:e623fcbf10][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:e623fcbf10]ForoSpyware[/b:e623fcbf10][/url] [*:e623fcbf10][url=http://subs.geekstogo.com/ComboFix.exe][b:e623fcbf10]Geekstogo[/b:e623fcbf10][/url][/list:u:e623fcbf10] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:e623fcbf10]Hier[/b:e623fcbf10][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:e623fcbf10]Hier[/b:e623fcbf10][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:e623fcbf10]hier[/b:e623fcbf10][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:e623fcbf10]Voor alle duidelijkheid nogmaals[/b:e623fcbf10]: ComboFix dient vanaf het bureaublad gestart te worden. [b:e623fcbf10]Opmerkingen[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:e623fcbf10]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:e623fcbf10]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:e623fcbf10] [b:e623fcbf10]ComboFix is opgestart[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:e623fcbf10]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:e623fcbf10]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:e623fcbf10]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:e623fcbf10]Post de inhoud van dit logbestand in je volgende bericht. [*:e623fcbf10]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:e623fcbf10] [b:e623fcbf10]Belangrijke opmerking[/b:e623fcbf10]: [list:e623fcbf10][*:e623fcbf10][b:e623fcbf10][color=Red:e623fcbf10]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:e623fcbf10][/b:e623fcbf10] [*:e623fcbf10][b:e623fcbf10][color=blue:e623fcbf10]Illegal operation attempted on a registery key that has been marked for deletion.[/color:e623fcbf10][/b:e623fcbf10] [*:e623fcbf10][b:e623fcbf10][color=Red:e623fcbf10]Start dan de computer opnieuw op.[/color:e623fcbf10][/b:e623fcbf10][/list:u:e623fcbf10] [color=#FF0000:e623fcbf10][b:e623fcbf10]Stap •4•[/b:e623fcbf10][/color:e623fcbf10] [b:e623fcbf10]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:e623fcbf10] [list:e623fcbf10][*:e623fcbf10] TDSSKiller-log [*:e623fcbf10] ComboFix.txt-log [/list:u:e623fcbf10]
  • okidoki - thanks again 20:29:36.0515 4596 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 20:29:36.0796 4596 ============================================================ 20:29:36.0796 4596 Current date / time: 2011/12/04 20:29:36.0796 20:29:36.0796 4596 SystemInfo: 20:29:36.0796 4596 20:29:36.0796 4596 OS Version: 5.1.2600 ServicePack: 3.0 20:29:36.0796 4596 Product type: Workstation 20:29:36.0796 4596 ComputerName: LACASA-0F273AC4 20:29:36.0796 4596 UserName: Lacasa 20:29:36.0796 4596 Windows directory: C:\WINDOWS 20:29:36.0796 4596 System windows directory: C:\WINDOWS 20:29:36.0796 4596 Processor architecture: Intel x86 20:29:36.0796 4596 Number of processors: 2 20:29:36.0796 4596 Page size: 0x1000 20:29:36.0796 4596 Boot type: Normal boot 20:29:36.0796 4596 ============================================================ 20:29:37.0046 4596 Initialize success 20:29:40.0000 5464 ============================================================ 20:29:40.0000 5464 Scan started 20:29:40.0000 5464 Mode: Manual; 20:29:40.0000 5464 ============================================================ 20:29:40.0625 5464 Abiosdsk - ok 20:29:40.0640 5464 abp480n5 - ok 20:29:40.0718 5464 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:29:40.0718 5464 ACPI - ok 20:29:40.0812 5464 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:29:40.0812 5464 ACPIEC - ok 20:29:40.0828 5464 adpu160m - ok 20:29:40.0875 5464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:29:40.0875 5464 aec - ok 20:29:40.0968 5464 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 20:29:40.0984 5464 AFD - ok 20:29:40.0984 5464 Aha154x - ok 20:29:41.0000 5464 aic78u2 - ok 20:29:41.0000 5464 aic78xx - ok 20:29:41.0031 5464 AliIde - ok 20:29:41.0031 5464 amsint - ok 20:29:41.0046 5464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:29:41.0062 5464 Arp1394 - ok 20:29:41.0062 5464 asc - ok 20:29:41.0078 5464 asc3350p - ok 20:29:41.0078 5464 asc3550 - ok 20:29:41.0140 5464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:29:41.0140 5464 AsyncMac - ok 20:29:41.0156 5464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:29:41.0156 5464 atapi - ok 20:29:41.0171 5464 Atdisk - ok 20:29:41.0187 5464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:29:41.0187 5464 Atmarpc - ok 20:29:41.0250 5464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:29:41.0250 5464 audstub - ok 20:29:41.0328 5464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:29:41.0328 5464 Beep - ok 20:29:41.0359 5464 Bulk (94723797133972cc73d0bb622b258088) C:\WINDOWS\system32\Drivers\HDJBulk.sys 20:29:41.0359 5464 Bulk - ok 20:29:41.0421 5464 catchme - ok 20:29:41.0468 5464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:29:41.0468 5464 cbidf2k - ok 20:29:41.0484 5464 cd20xrnt - ok 20:29:41.0515 5464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:29:41.0515 5464 Cdaudio - ok 20:29:41.0562 5464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:29:41.0562 5464 Cdfs - ok 20:29:41.0593 5464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:29:41.0593 5464 Cdrom - ok 20:29:41.0625 5464 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 20:29:41.0625 5464 cercsr6 - ok 20:29:41.0656 5464 Changer - ok 20:29:41.0687 5464 CmdIde - ok 20:29:41.0703 5464 Cpqarray - ok 20:29:41.0765 5464 ctac32k (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys 20:29:41.0765 5464 ctac32k - ok 20:29:41.0796 5464 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys 20:29:41.0796 5464 ctaud2k - ok 20:29:41.0843 5464 ctdvda2k (5a0eeb00b02fc78605aa9d3590b24978) C:\WINDOWS\system32\drivers\ctdvda2k.sys 20:29:41.0843 5464 ctdvda2k - ok 20:29:41.0859 5464 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys 20:29:41.0859 5464 ctprxy2k - ok 20:29:41.0890 5464 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys 20:29:41.0890 5464 ctsfm2k - ok 20:29:41.0906 5464 dac2w2k - ok 20:29:41.0906 5464 dac960nt - ok 20:29:41.0953 5464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:29:41.0953 5464 Disk - ok 20:29:42.0015 5464 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 20:29:42.0031 5464 dmboot - ok 20:29:42.0062 5464 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 20:29:42.0078 5464 dmio - ok 20:29:42.0078 5464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:29:42.0078 5464 dmload - ok 20:29:42.0109 5464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:29:42.0109 5464 DMusic - ok 20:29:42.0125 5464 dpti2o - ok 20:29:42.0140 5464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:29:42.0140 5464 drmkaud - ok 20:29:42.0187 5464 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 20:29:42.0187 5464 e1express - ok 20:29:42.0234 5464 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys 20:29:42.0234 5464 emupia - ok 20:29:42.0296 5464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:29:42.0296 5464 Fastfat - ok 20:29:42.0312 5464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 20:29:42.0328 5464 Fdc - ok 20:29:42.0343 5464 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 20:29:42.0343 5464 Fips - ok 20:29:42.0375 5464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 20:29:42.0375 5464 Flpydisk - ok 20:29:42.0390 5464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:29:42.0390 5464 FltMgr - ok 20:29:42.0421 5464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:29:42.0421 5464 Fs_Rec - ok 20:29:42.0437 5464 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:29:42.0437 5464 Ftdisk - ok 20:29:42.0468 5464 GDBehave (f074fc0594e6e0bf1f6dd197c7c1e141) C:\WINDOWS\system32\drivers\GDBehave.sys 20:29:42.0468 5464 GDBehave - ok 20:29:42.0484 5464 GDMnIcpt (ce8deffa86465d6acb61c0952c9a524a) C:\WINDOWS\system32\drivers\MiniIcpt.sys 20:29:42.0484 5464 GDMnIcpt - ok 20:29:42.0484 5464 GDNdisIc (d5dc02aa98917f8e5ee8777f82fc7148) C:\WINDOWS\system32\drivers\GDNdisIc.sys 20:29:42.0500 5464 GDNdisIc - ok 20:29:42.0515 5464 GDTdiInterceptor (051f27f0aa00612407b58eb22d35fd5c) C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 20:29:42.0531 5464 GDTdiInterceptor - ok 20:29:42.0578 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20:29:42.0578 5464 GEARAspiWDM - ok 20:29:42.0625 5464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:29:42.0625 5464 Gpc - ok 20:29:42.0640 5464 GRD (9a912682d2f1990ff9cffcf9a3fff506) C:\WINDOWS\system32\drivers\GRD.sys 20:29:42.0640 5464 GRD - ok 20:29:42.0703 5464 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys 20:29:42.0703 5464 ha20x2k - ok 20:29:42.0750 5464 HDJAsioK (f341ff91ef043ab9a0e5ff8e29732026) C:\WINDOWS\system32\Drivers\HDJAsioK.sys 20:29:42.0750 5464 HDJAsioK - ok 20:29:42.0781 5464 HDJMidi (f90be5d5d6c26b8a5caa9712273631cd) C:\WINDOWS\system32\DRIVERS\HDJMidi.sys 20:29:42.0781 5464 HDJMidi - ok 20:29:42.0796 5464 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:29:42.0812 5464 hidusb - ok 20:29:42.0859 5464 HookCentre (cb44a699b8d2a494ffd19dbd9bedfe84) C:\WINDOWS\system32\drivers\HookCentre.sys 20:29:42.0859 5464 HookCentre - ok 20:29:42.0875 5464 hpn - ok 20:29:42.0906 5464 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 20:29:42.0906 5464 HPZid412 - ok 20:29:42.0937 5464 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 20:29:42.0937 5464 HPZipr12 - ok 20:29:42.0953 5464 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 20:29:42.0953 5464 HPZius12 - ok 20:29:42.0984 5464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:29:43.0000 5464 HTTP - ok 20:29:43.0015 5464 i2omgmt - ok 20:29:43.0015 5464 i2omp - ok 20:29:43.0062 5464 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\drivers\i8042prt.sys 20:29:43.0062 5464 i8042prt - ok 20:29:43.0093 5464 iastor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\iaStor.sys 20:29:43.0109 5464 iastor - ok 20:29:43.0125 5464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:29:43.0125 5464 Imapi - ok 20:29:43.0156 5464 ini910u - ok 20:29:43.0171 5464 IntelIde - ok 20:29:43.0218 5464 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:29:43.0218 5464 intelppm - ok 20:29:43.0250 5464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:29:43.0250 5464 Ip6Fw - ok 20:29:43.0281 5464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:29:43.0281 5464 IpFilterDriver - ok 20:29:43.0312 5464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:29:43.0312 5464 IpInIp - ok 20:29:43.0343 5464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:29:43.0343 5464 IpNat - ok 20:29:43.0375 5464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:29:43.0375 5464 IPSec - ok 20:29:43.0406 5464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:29:43.0406 5464 IRENUM - ok 20:29:43.0437 5464 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:29:43.0437 5464 isapnp - ok 20:29:43.0468 5464 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:29:43.0468 5464 Kbdclass - ok 20:29:43.0500 5464 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:29:43.0515 5464 kbdhid - ok 20:29:43.0531 5464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:29:43.0531 5464 kmixer - ok 20:29:43.0562 5464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:29:43.0562 5464 KSecDD - ok 20:29:43.0578 5464 lbrtfdc - ok 20:29:43.0593 5464 MBAMSwissArmy - ok 20:29:43.0625 5464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:29:43.0625 5464 mnmdd - ok 20:29:43.0656 5464 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 20:29:43.0656 5464 Modem - ok 20:29:43.0671 5464 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:29:43.0671 5464 Mouclass - ok 20:29:43.0703 5464 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:29:43.0703 5464 mouhid - ok 20:29:43.0703 5464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:29:43.0718 5464 MountMgr - ok 20:29:43.0750 5464 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys 20:29:43.0750 5464 MQAC - ok 20:29:43.0765 5464 mraid35x - ok 20:29:43.0796 5464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:29:43.0796 5464 MRxDAV - ok 20:29:43.0890 5464 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:29:43.0890 5464 MRxSmb - ok 20:29:43.0906 5464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:29:43.0906 5464 Msfs - ok 20:29:43.0953 5464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:29:43.0953 5464 MSKSSRV - ok 20:29:44.0015 5464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:29:44.0015 5464 MSPCLOCK - ok 20:29:44.0031 5464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:29:44.0046 5464 MSPQM - ok 20:29:44.0078 5464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:29:44.0078 5464 mssmbios - ok 20:29:44.0078 5464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 20:29:44.0093 5464 Mup - ok 20:29:44.0125 5464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:29:44.0125 5464 NDIS - ok 20:29:44.0140 5464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:29:44.0140 5464 NdisTapi - ok 20:29:44.0187 5464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:29:44.0187 5464 Ndisuio - ok 20:29:44.0203 5464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:29:44.0218 5464 NdisWan - ok 20:29:44.0234 5464 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 20:29:44.0234 5464 NDProxy - ok 20:29:44.0234 5464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:29:44.0234 5464 NetBIOS - ok 20:29:44.0265 5464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:29:44.0265 5464 NetBT - ok 20:29:44.0328 5464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:29:44.0328 5464 NIC1394 - ok 20:29:44.0390 5464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:29:44.0390 5464 Npfs - ok 20:29:44.0468 5464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:29:44.0468 5464 Ntfs - ok 20:29:44.0484 5464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:29:44.0500 5464 Null - ok 20:29:44.0671 5464 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 20:29:44.0718 5464 nv - ok 20:29:44.0796 5464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:29:44.0796 5464 NwlnkFlt - ok 20:29:44.0812 5464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:29:44.0812 5464 NwlnkFwd - ok 20:29:44.0843 5464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:29:44.0859 5464 ohci1394 - ok 20:29:44.0890 5464 ossrv (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys 20:29:44.0890 5464 ossrv - ok 20:29:44.0921 5464 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 20:29:44.0921 5464 Parport - ok 20:29:44.0937 5464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:29:44.0937 5464 PartMgr - ok 20:29:44.0968 5464 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 20:29:44.0984 5464 ParVdm - ok 20:29:44.0984 5464 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 20:29:44.0984 5464 PCI - ok 20:29:45.0000 5464 PCIDump - ok 20:29:45.0031 5464 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:29:45.0031 5464 PCIIde - ok 20:29:45.0046 5464 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:29:45.0046 5464 Pcmcia - ok 20:29:45.0062 5464 PDCOMP - ok 20:29:45.0062 5464 PDFRAME - ok 20:29:45.0078 5464 PDRELI - ok 20:29:45.0093 5464 PDRFRAME - ok 20:29:45.0093 5464 perc2 - ok 20:29:45.0109 5464 perc2hib - ok 20:29:45.0140 5464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:29:45.0140 5464 PptpMiniport - ok 20:29:45.0171 5464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:29:45.0171 5464 PSched - ok 20:29:45.0203 5464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:29:45.0203 5464 Ptilink - ok 20:29:45.0234 5464 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:29:45.0234 5464 PxHelp20 - ok 20:29:45.0359 5464 ql1080 - ok 20:29:45.0375 5464 Ql10wnt - ok 20:29:45.0390 5464 ql12160 - ok 20:29:45.0406 5464 ql1240 - ok 20:29:45.0406 5464 ql1280 - ok 20:29:45.0437 5464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:29:45.0437 5464 RasAcd - ok 20:29:45.0468 5464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:29:45.0468 5464 Rasl2tp - ok 20:29:45.0484 5464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:29:45.0484 5464 RasPppoe - ok 20:29:45.0500 5464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:29:45.0500 5464 Raspti - ok 20:29:45.0531 5464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:29:45.0531 5464 Rdbss - ok 20:29:45.0546 5464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:29:45.0546 5464 RDPCDD - ok 20:29:45.0562 5464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:29:45.0562 5464 rdpdr - ok 20:29:45.0593 5464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 20:29:45.0593 5464 RDPWD - ok 20:29:45.0625 5464 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:29:45.0625 5464 redbook - ok 20:29:45.0671 5464 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 20:29:45.0671 5464 RMCAST - ok 20:29:45.0734 5464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:29:45.0734 5464 Secdrv - ok 20:29:45.0765 5464 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 20:29:45.0781 5464 Serial - ok 20:29:45.0843 5464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:29:45.0843 5464 Sfloppy - ok 20:29:45.0859 5464 Simbad - ok 20:29:45.0875 5464 Sparrow - ok 20:29:45.0906 5464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:29:45.0906 5464 splitter - ok 20:29:45.0921 5464 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 20:29:45.0937 5464 sr - ok 20:29:45.0968 5464 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 20:29:45.0968 5464 Srv - ok 20:29:45.0984 5464 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 20:29:45.0984 5464 StarOpen - ok 20:29:46.0015 5464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:29:46.0015 5464 swenum - ok 20:29:46.0031 5464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:29:46.0031 5464 swmidi - ok 20:29:46.0046 5464 symc810 - ok 20:29:46.0062 5464 symc8xx - ok 20:29:46.0062 5464 sym_hi - ok 20:29:46.0078 5464 sym_u3 - ok 20:29:46.0093 5464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:29:46.0093 5464 sysaudio - ok 20:29:46.0156 5464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:29:46.0156 5464 Tcpip - ok 20:29:46.0171 5464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:29:46.0187 5464 TDPIPE - ok 20:29:46.0250 5464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:29:46.0250 5464 TDTCP - ok 20:29:46.0265 5464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:29:46.0281 5464 TermDD - ok 20:29:46.0296 5464 TosIde - ok 20:29:46.0343 5464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:29:46.0343 5464 Udfs - ok 20:29:46.0359 5464 ultra - ok 20:29:46.0406 5464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:29:46.0406 5464 Update - ok 20:29:46.0468 5464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:29:46.0468 5464 USBAAPL - ok 20:29:46.0500 5464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 20:29:46.0515 5464 usbaudio - ok 20:29:46.0531 5464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:29:46.0531 5464 usbccgp - ok 20:29:46.0562 5464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:29:46.0562 5464 usbehci - ok 20:29:46.0578 5464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:29:46.0593 5464 usbhub - ok 20:29:46.0640 5464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:29:46.0640 5464 usbprint - ok 20:29:46.0671 5464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:29:46.0687 5464 usbscan - ok 20:29:46.0687 5464 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:29:46.0687 5464 usbstor - ok 20:29:46.0703 5464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:29:46.0703 5464 usbuhci - ok 20:29:46.0734 5464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:29:46.0734 5464 VgaSave - ok 20:29:46.0750 5464 ViaIde - ok 20:29:46.0796 5464 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 20:29:46.0796 5464 VolSnap - ok 20:29:46.0828 5464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:29:46.0828 5464 Wanarp - ok 20:29:46.0828 5464 WDICA - ok 20:29:46.0875 5464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:29:46.0875 5464 wdmaud - ok 20:29:46.0968 5464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:29:46.0984 5464 WudfPf - ok 20:29:46.0984 5464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:29:46.0984 5464 WudfRd - ok 20:29:47.0031 5464 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0 20:29:47.0125 5464 \Device\Harddisk0\DR0 - ok 20:29:47.0125 5464 Boot (0x1200) (8ba678d147c37147297ab2ed5385e00e) \Device\Harddisk0\DR0\Partition0 20:29:47.0125 5464 \Device\Harddisk0\DR0\Partition0 - ok 20:29:47.0156 5464 Boot (0x1200) (f852c439068ac92afd191105269a5c99) \Device\Harddisk0\DR0\Partition1 20:29:47.0156 5464 \Device\Harddisk0\DR0\Partition1 - ok 20:29:47.0171 5464 ============================================================ 20:29:47.0171 5464 Scan finished 20:29:47.0171 5464 ============================================================ 20:29:47.0171 0844 Detected object count: 0 20:29:47.0171 0844 Actual detected object count: 0 ComboFix 11-12-04.03 - Lacasa 04/12/2011 20:16:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2558 [GMT 1:00] Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Lacasa\Application Data\dach100.dll c:\documents and settings\Lacasa\Application Data\Local c:\documents and settings\Lacasa\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr c:\documents and settings\Lacasa\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx c:\program files\StartSearch plugin c:\program files\StartSearch plugin\vshareplg.crx c:\windows\system32\Cache c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))) . . 2011-12-04 18:57 . 2011-12-04 18:57 -------- d--h--r- c:\documents and settings\Lacasa\Onlangs geopend 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\Lacasa\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-04 15:26 . 2011-12-04 15:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-11-24 09:57 . 2011-11-24 09:57 -------- d-----w- c:\program files\iPod 2011-11-24 09:57 . 2011-11-24 09:58 -------- d-----w- c:\program files\iTunes 2011-11-24 09:53 . 2011-11-24 09:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-11-24 09:52 . 2011-11-24 09:52 -------- d-----w- c:\program files\Bonjour . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 07:46 . 2011-05-17 16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-20 20:42 . 2011-09-20 20:42 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-20 20:31 . 2011-09-20 20:31 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys 2011-09-20 20:31 . 2011-09-20 20:31 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-09-20 20:31 . 2011-09-20 20:31 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-20 20:29 . 2011-09-20 20:32 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-24 14:35 . 2011-05-08 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744] "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504] "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] . c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 74 (0x4a) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiSpyWareDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480] R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640] R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024] R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976] R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600] R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384] R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944] R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400] R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952] R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136] R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432] R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064] R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104] R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016] S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976] S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 09197175 *Deregistered* - 09197175 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2011-12-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54] . 2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57] . 2011-12-04 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14] . 2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02] . 2011-12-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 20:24 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2011-12-04 20:27:54 ComboFix-quarantined-files.txt 2011-12-04 19:27 . Pre-Run: 42.247.659.520 bytes beschikbaar Post-Run: 42.419.101.696 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - D655115AAB7D4CD15A78E2E7EE4D25C9
  • We gaan nu ComboFix middels een script gebruiken. Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:88eb821d76]Kladblok (of Notepad)[/b:88eb821d76]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:88eb821d76][color=Blue:88eb821d76]KILLALL:: Firefox:: FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= [/color:88eb821d76][/b:88eb821d76] Sla dit kladblokbestand op je bureaublad op als [b:88eb821d76]CFScript.txt[/b:88eb821d76]. [b:88eb821d76][color=Red:88eb821d76]Nu eerst de antivirus deaktiveren![/color:88eb821d76][/b:88eb821d76] Sleep CFScript.txt in ComboFix.exe [img:88eb821d76]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:88eb821d76] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:88eb821d76]Belangrijke opmerking[/b:88eb821d76]: [list:88eb821d76][*:88eb821d76][b:88eb821d76][color=Red:88eb821d76]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:88eb821d76][/b:88eb821d76] [*:88eb821d76][b:88eb821d76][color=blue:88eb821d76]Illegal operation attempted on a registery key that has been marked for deletion.[/color:88eb821d76][/b:88eb821d76] [*:88eb821d76][b:88eb821d76][color=Red:88eb821d76]Start dan de computer opnieuw op.[/color:88eb821d76][/b:88eb821d76][/list:u:88eb821d76]
  • Here it is: ComboFix 11-12-04.03 - Lacasa 04/12/2011 21:24:35.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2737 [GMT 1:00] Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Lacasa\Application Data\dach100.dll c:\windows\EventSystem.log c:\windows\system32\Branded.scr c:\windows\system32\Branded.scr.manifest c:\windows\system32\usmt\migwiz_a.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))) . . 2011-12-04 18:57 . 2011-12-04 18:57 -------- d--h--r- c:\documents and settings\Lacasa\Onlangs geopend 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\Lacasa\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-04 15:26 . 2011-12-04 15:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-11-24 09:57 . 2011-11-24 09:57 -------- d-----w- c:\program files\iPod 2011-11-24 09:57 . 2011-11-24 09:58 -------- d-----w- c:\program files\iTunes 2011-11-24 09:53 . 2011-11-24 09:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-11-24 09:52 . 2011-11-24 09:52 -------- d-----w- c:\program files\Bonjour . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 07:46 . 2011-05-17 16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-20 20:42 . 2011-09-20 20:42 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-20 20:31 . 2011-09-20 20:31 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys 2011-09-20 20:31 . 2011-09-20 20:31 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-09-20 20:31 . 2011-09-20 20:31 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-20 20:29 . 2011-09-20 20:32 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-24 14:35 . 2011-05-08 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-04_19.24.19 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-04 20:32 . 2011-12-04 20:32 16384 c:\windows\temp\Perflib_Perfdata_b24.dat + 2011-12-04 20:32 . 2011-12-04 20:32 16384 c:\windows\temp\Perflib_Perfdata_780.dat + 2011-12-01 17:29 . 2011-12-04 20:32 227712 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744] "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504] "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] . c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 74 (0x4a) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiSpyWareDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480] R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640] R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024] R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976] R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600] R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384] R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944] R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400] R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952] R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136] R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432] R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064] R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104] R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016] S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976] S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2011-12-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54] . 2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57] . 2011-12-04 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14] . 2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02] . 2011-12-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 21:32 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3892) c:\program files\VisualTaskTips\VttHooks.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\snmp.exe c:\windows\Integrator.exe c:\windows\System32\TUProgSt.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2011-12-04 21:40:14 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-04 20:40 ComboFix2.txt 2011-12-04 19:27 . Pre-Run: 42.421.551.104 bytes beschikbaar Post-Run: 42.391.523.328 bytes beschikbaar . - - End Of File - - 921935EF580B04C97A7E8552E70A38F8
  • Volgende ronde: Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:5bf946c6b0]Kladblok (of Notepad)[/b:5bf946c6b0]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:5bf946c6b0][color=Blue:5bf946c6b0]KILLALL:: File:: c:\windows\temp\Perflib_Perfdata_b24.dat c:\windows\temp\Perflib_Perfdata_780.dat c:\windows\system32\inetsrv\MetaBase.bin Firefox:: FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= [/color:5bf946c6b0][/b:5bf946c6b0] Sla dit kladblokbestand op je bureaublad op als [b:5bf946c6b0]CFScript.txt[/b:5bf946c6b0]. [b:5bf946c6b0][color=Red:5bf946c6b0]Nu eerst de antivirus deaktiveren![/color:5bf946c6b0][/b:5bf946c6b0] Sleep CFScript.txt in ComboFix.exe [img:5bf946c6b0]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:5bf946c6b0] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:5bf946c6b0]Belangrijke opmerking[/b:5bf946c6b0]: [list:5bf946c6b0][*:5bf946c6b0][b:5bf946c6b0][color=Red:5bf946c6b0]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:5bf946c6b0][/b:5bf946c6b0] [*:5bf946c6b0][b:5bf946c6b0][color=blue:5bf946c6b0]Illegal operation attempted on a registery key that has been marked for deletion.[/color:5bf946c6b0][/b:5bf946c6b0] [*:5bf946c6b0][b:5bf946c6b0][color=Red:5bf946c6b0]Start dan de computer opnieuw op.[/color:5bf946c6b0][/b:5bf946c6b0][/list:u:5bf946c6b0]
  • amai - hopelijk gaat dat ding k.o binnen een paar ronden ComboFix 11-12-04.03 - Lacasa 04/12/2011 22:19:11.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2779 [GMT 1:00] Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt.txt AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} . FILE :: "c:\windows\system32\inetsrv\MetaBase.bin" "c:\windows\temp\Perflib_Perfdata_780.dat" "c:\windows\temp\Perflib_Perfdata_b24.dat" . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))) . . 2011-12-04 21:30 . 2011-12-04 21:30 64512 ---ha-w- c:\documents and settings\Lacasa\Application Data\dach100.dll 2011-12-04 21:29 . 2011-12-04 21:29 -------- d--h--r- c:\documents and settings\Lacasa\Onlangs geopend 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\Lacasa\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-04 15:26 . 2011-12-04 15:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-11-24 09:57 . 2011-11-24 09:57 -------- d-----w- c:\program files\iPod 2011-11-24 09:57 . 2011-11-24 09:58 -------- d-----w- c:\program files\iTunes 2011-11-24 09:53 . 2011-11-24 09:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-11-24 09:52 . 2011-11-24 09:52 -------- d-----w- c:\program files\Bonjour . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 07:46 . 2011-05-17 16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-20 20:42 . 2011-09-20 20:42 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-20 20:31 . 2011-09-20 20:31 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys 2011-09-20 20:31 . 2011-09-20 20:31 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-09-20 20:31 . 2011-09-20 20:31 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-20 20:29 . 2011-09-20 20:32 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-24 14:35 . 2011-05-08 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-04_19.24.19 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-04 21:30 . 2011-12-04 21:30 16384 c:\windows\temp\Perflib_Perfdata_a2c.dat + 2011-12-04 21:30 . 2011-12-04 21:30 16384 c:\windows\temp\Perflib_Perfdata_458.dat + 2011-12-01 17:29 . 2011-12-04 21:30 227713 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744] "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504] "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] . c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 74 (0x4a) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiSpyWareDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480] R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640] R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024] R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976] R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600] R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384] R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944] R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400] R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952] R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136] R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432] R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064] R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104] R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016] S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976] S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2011-12-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54] . 2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57] . 2011-12-04 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14] . 2011-11-14 c:\windows\Tasks\GlaryOneClickOptimizer.job - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02] . 2011-12-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-04 22:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(5488) c:\program files\VisualTaskTips\VttHooks.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\snmp.exe c:\windows\System32\TUProgSt.exe c:\windows\Integrator.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwAdmin.exe . ************************************************************************** . Voltooingstijd: 2011-12-04 22:34:37 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-04 21:34 ComboFix2.txt 2011-12-04 20:40 ComboFix3.txt 2011-12-04 19:27 . Pre-Run: 42.474.004.480 bytes beschikbaar Post-Run: 42.449.457.152 bytes beschikbaar . - - End Of File - - CCB224F1BCE82F3772BF6F2617A9FD4B :x :x
  • Hmm, ComboFix schijnt de twee searchearls in Firefox niet te kunnen verwijderen. Dus dat proberen we nogmaals: Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:14f9609bd6]Kladblok (of Notepad)[/b:14f9609bd6]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:14f9609bd6][color=Blue:14f9609bd6]KILLALL:: Firefox:: FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= [/color:14f9609bd6][/b:14f9609bd6] Sla dit kladblokbestand op je bureaublad op als [b:14f9609bd6]CFScript.txt[/b:14f9609bd6]. [b:14f9609bd6][color=Red:14f9609bd6]Nu eerst de antivirus deaktiveren![/color:14f9609bd6][/b:14f9609bd6] Sleep CFScript.txt in ComboFix.exe [img:14f9609bd6]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:14f9609bd6] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:14f9609bd6]Belangrijke opmerking[/b:14f9609bd6]: [list:14f9609bd6][*:14f9609bd6][b:14f9609bd6][color=Red:14f9609bd6]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:14f9609bd6][/b:14f9609bd6] [*:14f9609bd6][b:14f9609bd6][color=blue:14f9609bd6]Illegal operation attempted on a registery key that has been marked for deletion.[/color:14f9609bd6][/b:14f9609bd6] [*:14f9609bd6][b:14f9609bd6][color=Red:14f9609bd6]Start dan de computer opnieuw op.[/color:14f9609bd6][/b:14f9609bd6][/list:u:14f9609bd6]
  • Ok bedankt - ik had je bericht nog niet gezien, geen waarschuwing meer ontvangen via mail, vreemd. Heb in m'n AdAware alles uitgeschakeld en 'n combofix-update gedaan. Wel is het zo dat ik, nog voor ik op dit forum terechtkwam, via hjt zelf de startsear.ch entries heb verwijderd - hopelijk ligt het hier niet aan... ComboFix 11-12-06.01 - Lacasa 07/12/2011 9:19.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3326.2702 [GMT 1:00] Gestart vanuit: c:\documents and settings\Lacasa\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Lacasa\Bureaublad\CFScript.txt AV: Ad-Aware Total Security *Disabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3} FW: Ad-Aware Persoonlijke Firewall *Disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Lacasa\Application Data\dach100.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))) . . 2011-12-06 23:42 . 2011-12-06 23:42 -------- d--h--r- c:\documents and settings\Lacasa\Onlangs geopend 2011-12-06 17:25 . 2001-09-06 20:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-12-06 17:25 . 2008-04-14 18:02 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\Lacasa\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-12-04 15:40 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-04 15:40 . 2011-12-04 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-04 15:26 . 2011-12-04 15:26 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-11-24 09:57 . 2011-11-24 09:57 -------- d-----w- c:\program files\iPod 2011-11-24 09:57 . 2011-11-24 09:58 -------- d-----w- c:\program files\iTunes 2011-11-24 09:53 . 2011-11-24 09:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2011-11-24 09:52 . 2011-11-24 09:52 -------- d-----w- c:\program files\Bonjour . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-15 07:46 . 2011-05-17 16:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-20 20:42 . 2011-09-20 20:42 68976 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-20 20:31 . 2011-09-20 20:31 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys 2011-09-20 20:31 . 2011-09-20 20:31 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-20 20:31 . 2011-09-20 20:31 38600 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-09-20 20:31 . 2011-09-20 20:31 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-20 20:29 . 2011-09-20 20:32 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-24 14:35 . 2011-05-08 07:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA1.dll" [2010-06-26 2515552] . [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "UberIcon Manager.exe"="d:\program files\UberIcon\UberIcon Manager.exe" [2007-08-17 159744] "DJ Console Mk2"="c:\program files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "G Data AntiVirus Tray Application"="c:\program files\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-29 981504] "GDFirewallTray"="c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-29 1550576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] . c:\documents and settings\Lacasa\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-9-21 1874381] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-9-21 1446302] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 74 (0x4a) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiSpyWareDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [20/09/2011 21:31 33480] R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [20/09/2011 21:31 29640] R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [20/09/2011 21:31 62024] R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [20/09/2011 21:42 68976] R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [20/09/2011 21:31 38600] R2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [29/06/2010 16:22 1081384] R2 AVKService;Ad-Aware Scheduler;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [29/06/2010 16:22 412944] R2 AVKWCtl;Ad-Aware Bestandssysteembewaker;c:\program files\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtl.exe [23/06/2010 11:35 1635672] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [20/09/2011 21:31 51400] R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [14/10/2008 18:33 61952] R3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [7/07/2010 21:56 43136] R3 GDFwSvc;Ad-Aware Persoonlijke Firewall;c:\program files\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvc.exe [15/06/2010 10:14 1834432] R3 GDScan;Ad-Aware Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [29/06/2010 16:16 624064] R3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJASIOK.sys [7/07/2010 21:56 127104] R3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\hdjmidi.sys [7/07/2010 21:56 39424] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [6/05/2009 08:08 104272] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe [26/06/2010 09:46 406016] S3 GDBackupSvc;Ad-Aware Backup Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [29/06/2010 16:15 911976] S3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [29/06/2010 16:15 1234896] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 13:51 135664] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2011-12-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:54] . 2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57] . 2011-12-07 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2010-06-21 09:14] . 2011-12-05 c:\windows\Tasks\GlaryOneClickOptimizer.job - d:\program files\Glary Utilities\oneclickoptimizer.exe [2010-06-21 09:14] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 12:51] . 2011-10-01 c:\windows\Tasks\Lavasoft Registry Tuner.job - c:\program files\Lavasoft\Lavasoft Registry Tuner\Lavasoft Registry Tuner.exe [2011-04-13 17:02] . 2011-12-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 FF - ProfilePath - c:\documents and settings\Lacasa\Application Data\Mozilla\Firefox\Profiles\r40n3ric.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=2&cf=32217d96-1e7e-11e1-a604-00123f7d9a42 FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=32217d96-1e7e-11e1-a604-00123f7d9a42&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-07 09:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(5260) c:\program files\VisualTaskTips\VttHooks.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\snmp.exe c:\windows\Integrator.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2011-12-07 09:33:53 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-07 08:33 ComboFix2.txt 2011-12-04 21:34 ComboFix3.txt 2011-12-04 20:40 ComboFix4.txt 2011-12-04 19:27 . Pre-Run: 42.098.487.296 bytes beschikbaar Post-Run: 42.199.265.280 bytes beschikbaar . - - End Of File - - 26007C032196F8882FB2490B092F6083
  • ComboFix blijft misgaan als het om het verwijderen van Startsearch gaat in Firefox. Gebruik jij Firefox wel? Welke versie is het dan?
  • Ik gebruik bijna enkel Firefox - soms IE (ik krijg bv geen radioplayer open in Firefox) maar dat is zelden. Zal ik anders Firefox eens her-installeren?
  • Sla dan eerst je bookmarks op als HTML-bestand en deïnstalleer Firefox vervolgens. Herstart je PC en installeer Firefox vervolgens opnieuw en importeer dan je favorieten opnieuw. Je wil radio horen via jouw PC? En wil je zelfs de mogelijkheid hebben om muziek als MP3 te kunnen opnemen? Kijk dan eens naar "ScreamerRadio" http://www.screamer-radio.com/features/
  • thanks a bunch
  • Blij nu?
  • Net terug heropgestart maar helaas, no joy (wat me wel opvalt is dat m'n bookmarks niet verdwenen zijn maar dat leek me een keuzemogelijkheid bij de-installatie..)
  • Jammer, had dan alles laten verwijderen, dan was je dat Startsearch nu kwijt geweest! En ScreamerRadio, heb je die al en ook uitgeprobeert?
  • Voilà, Startsear.ch is weg! Al kan ik google.be niet meer als startpagina krijgen - hij komt altijd op 'n mozillapage met link naar google terecht - lijkt heel hard op google maar is het niet. Kan je me zeggen, Abraham54, wat die combofix en die scripts dan eigenlijk hebben gedaan tijdens deze procedure, is dat iets ingewikkeld? Alvast bedankt.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.