Mededeling

Collapse
No announcement yet.

politie virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • politie virus

    Hallo ,

    Ik had onlangs last met een politie virus, dat internetten onmogelijk maakte, ook op safemodus niet.

    Met mbam heb ik het denk ik kunnen verwijderen, maar vrees dat het terug gaat komen.

    Kan iemand me helpen?

    mijn mbam log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.06.15.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    ken :: PC_VAN_KEN [administrator]

    15-6-2013 13:05:43
    mbam-log-2013-06-15 (13-05-43).txt

    Scan type: Volledige scan (C:\|D:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 336442
    Verstreken tijd: 1 uur/uren, 24 minuut/minuten, 37 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon32.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~2\rundll32.exe C:\PROGRA~2\ld83.dat,XFG00 -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 1
    C:\Users\ken\AppData\Local\Temp\E_N4 (Worm.Autorun) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 5
    C:\ProgramData\ld83.dat (Trojan.FakeMS) -> Zal worden verwijderd tijdens het herstarten.
    C:\Users\ken\AppData\Local\Temp\epkncjbggcotoexmnrg.bfg (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\ken\AppData\Local\Temp\ykexvuh (Trojan.FakeAlert.ED) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2fbbd235-4d693993 (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)

  • #2
    Hallo,

    Volgens mij heeft een MBAM het wel opgeruimd hoor.

    Maak nog even een log met DDS: http://users.telenet.be/marcvn/spyware/dds.html
    Post dat logje.

    Comment


    • #3
      DDS (Ver_2012-11-20.01) - NTFS_x86
      Internet Explorer: 9.0.8112.16490
      Run by ken at 14:57:40 on 2013-06-15
      .
      ============== Running Processes ================
      .
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\agrsmsvc.exe
      C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
      C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Acer\Mobility Center\MobilityService.exe
      C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
      C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\PLFSetI.exe
      C:\Program Files\Launch Manager\LManager.exe
      C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Windows\system32\igfxext.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe
      C:\Users\ken\AppData\Local\Temp\RtkBtMnt.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
      C:\Windows\system32\wuauclt.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k rpcss
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com/
      uSearch Bar = hxxp://www.google.com/ie
      uSearch Page = hxxp://www.google.com
      mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0209&m=aspire_5735
      uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
      uURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
      mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
      BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
      BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
      BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
      BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
      BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
      BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
      TB: uTorrentBar_NL Toolbar: {87775FDB-6972-41F9-AE51-8326E38CB206} - c:\program files\utorrentbar_nl\tbuTor.dll
      TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
      TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - c:\program files\utorrentbar_nl\tbuTor.dll
      uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
      uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
      uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
      uRun: [Google Update] "c:\users\ken\appdata\local\google\update\GoogleUpdate.exe" /c
      uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
      uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
      mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
      mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
      mRun: [RtHDVCpl] RtHDVCpl.exe
      mRun: [Skytel] Skytel.exe
      mRun: [PLFSetI] c:\windows\PLFSetI.exe
      mRun: [LManager] c:\progra~1\launch~1\LManager.exe
      mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
      mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRunOnce: [InstallShieldSetup] c:\progra~1\instal~1\{7f811~1\setup.exe -rebootc:\progra~1\instal~1\{7f811~1\reboot.ini
      mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
      mPolicies-System: EnableUIADesktopToggle = dword:0
      IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
      TCP: NameServer = 195.130.130.130 195.130.131.130
      TCP: Interfaces\{251E233E-2D23-4884-B8E4-3A9F673F4D26} : DHCPNameServer = 195.130.130.130 195.130.131.130
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
      Notify: igfxcui - igfxdev.dll
      AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
      LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\6d3n3624.default\
      FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
      FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
      FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
      FF - plugin: c:\program files\microsoft\office live\npOLW.dll
      FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
      FF - plugin: c:\users\ken\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
      .
      ============= SERVICES / DRIVERS ===============
      .
      R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
      R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
      R? GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589
      R? gupdate1c9ac6d4aca86b7;Google Updateservice (gupdate1c9ac6d4aca86b7)
      R? SkypeUpdate;Skype Updater
      R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
      S? BUNAgentSvc;NTI Backup Now 5 Agent Service
      S? ETService;Empowering Technology Service
      S? FontCache;Windows Font Cache Service
      S? NTIBackupSvc;NTI Backup Now 5 Backup Service
      S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
      .
      =============== Created Last 30 ================
      .
      2013-06-15 11:28:25 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{612fc04d-7b5d-497f-a195-865c8cb84665}\mpengine.dll
      2013-06-15 11:04:57 -------- d-----w- c:\users\ken\appdata\roaming\Malwarebytes
      2013-06-15 11:04:45 -------- d-----w- c:\programdata\Malwarebytes
      2013-06-15 11:04:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-06-15 11:04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2013-06-13 01:05:59 757400 ----a-w- c:\program files\internet explorer\iexplore.exe
      2013-06-13 01:05:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
      2013-06-13 01:05:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
      2013-06-13 01:05:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
      2013-06-13 01:05:58 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
      2013-06-13 01:05:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
      2013-06-12 06:43:24 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
      2013-06-12 06:43:22 443904 ----a-w- c:\windows\system32\win32spl.dll
      2013-06-12 06:43:22 37376 ----a-w- c:\windows\system32\printcom.dll
      2013-06-12 06:43:17 985600 ----a-w- c:\windows\system32\crypt32.dll
      2013-06-12 06:43:17 812544 ----a-w- c:\windows\system32\certutil.exe
      2013-06-12 06:43:17 133120 ----a-w- c:\windows\system32\cryptsvc.dll
      2013-06-12 06:43:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
      2013-06-12 06:43:16 41984 ----a-w- c:\windows\system32\certenc.dll
      2013-06-12 06:42:41 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2013-06-12 06:42:40 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
      2013-06-12 06:42:27 24576 ----a-w- c:\windows\system32\cryptdlg.dll
      .
      ==================== Find3M ====================
      .
      2013-06-11 22:24:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-06-11 22:24:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
      2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
      2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
      2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
      2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
      2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
      2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
      .
      ============= FINISH: 14:59:43,33 ===============

      Comment


      • #4
        Hi,

        Logje ziet er goed uit.
        Wel zou ik de uTorrentBar_NL Toolbar deïnstalleren.
        Als je dit doet, even alle browservensters sluiten.

        Zijn er verder nog problemen?

        Comment


        • #5
          ik kan de toolbar niet handmatig verwijderen.
          Ook krijg ik na het opnieuw starten van pc , een box rundll " er is een fout opgetreden tijdens het laden van programma c:\progra;2\Id83.dat"

          Comment


          • #6
            Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
            ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
            Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
            Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
            Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
            Krijg je deze melding dan meld je dit.
            Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
            Post de inhoud van dit bestandje.

            Comment


            • #7
              ComboFix 13-06-13.01 - ken 15-06-2013 16:43:51.1.2 - x86
              Gestart vanuit: c:\users\ken\Downloads\ComboFix.exe
              .
              .
              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\programdata\31514360
              c:\programdata\38dl.pad
              c:\users\ken\AppData\Roaming\.#
              c:\users\ken\AppData\Roaming\.#\[email protected]@1E12990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1E129C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1E129F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@16F2990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@16F29C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@16F29F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1BF2990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1BF29C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1BF29F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1982990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@19829C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@19829F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1EA2990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1EA29C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1EA29F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1AD2990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1AD29C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1AD29F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1752990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@17529C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@17529F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@AD2990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@AD29C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@AD29F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1C42990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1C429C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@1C429F0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@362990.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@3629C0.###
              c:\users\ken\AppData\Roaming\.#\[email protected]@3629F0.###
              .
              .
              (((((((((((((((((((( Bestanden Gemaakt van 2013-05-15 to 2013-06-15 ))))))))))))))))))))))))))))))
              .
              .
              2013-06-15 13:12 . 2013-06-15 13:12 -------- d-----w- c:\users\ken\AppData\Local\Macromedia
              2013-06-15 13:12 . 2013-06-15 13:12 -------- d-----w- c:\program files\Common Files\Adobe
              2013-06-15 12:49 . 2013-06-15 12:49 -------- d-----w- c:\users\ken\AppData\Local\Mozilla
              2013-06-15 12:49 . 2013-06-15 12:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
              2013-06-15 11:28 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{612FC04D-7B5D-497F-A195-865C8CB84665}\mpengine.dll
              2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\users\ken\AppData\Roaming\Malwarebytes
              2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\programdata\Malwarebytes
              2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
              2013-06-15 11:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
              2013-06-13 01:05 . 2013-05-16 23:34 757400 ----a-w- c:\program files\Internet Explorer\iexplore.exe
              2013-06-13 01:05 . 2013-05-16 22:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
              2013-06-13 01:05 . 2013-05-16 22:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
              2013-06-13 01:05 . 2013-05-16 22:29 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
              2013-06-13 01:05 . 2013-05-16 22:29 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
              2013-06-13 01:05 . 2013-05-16 22:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
              2013-06-12 21:55 . 2013-06-12 21:55 2619 ----a-w- c:\programdata\38dl.js
              2013-06-12 06:43 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
              2013-06-12 06:43 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
              2013-06-12 06:43 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
              2013-06-12 06:43 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
              2013-06-12 06:43 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
              2013-06-12 06:43 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
              2013-06-12 06:43 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
              2013-06-12 06:43 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
              2013-06-12 06:42 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
              2013-06-12 06:42 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
              2013-06-12 06:42 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2013-06-15 13:08 . 2012-06-12 12:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
              2013-06-15 13:08 . 2012-06-12 12:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
              2013-05-02 00:06 . 2009-12-14 08:50 238872 ------w- c:\windows\system32\MpSigStub.exe
              2013-04-15 14:20 . 2013-05-15 08:49 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
              2013-04-13 10:56 . 2013-05-15 08:49 37376 ----a-w- c:\windows\system32\cdd.dll
              2013-04-09 01:36 . 2013-05-15 08:49 2049024 ----a-w- c:\windows\system32\win32k.sys
              .
              .
              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
              REGEDIT4
              .
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
              "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\tbuTor.dll" [2010-12-09 3911776]
              .
              [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
              2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar_NL\tbuTor.dll
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\tbuTor.dll" [2010-12-09 3911776]
              .
              [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
              .
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
              "{87775FDB-6972-41F9-AE51-8326E38CB206}"= "c:\program files\uTorrentBar_NL\tbuTor.dll" [2010-12-09 3911776]
              .
              [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
              @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
              [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
              2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
              "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
              "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
              "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-22 802136]
              "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
              "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
              "Skytel"="Skytel.exe" [2007-11-21 1826816]
              "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
              "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
              "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
              "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
              "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
              "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
              "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
              "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
              .
              c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              OneNote-inhoudsopgave.onetoc2 [2009-2-22 3656]
              regmonstd.lnk - c:\windows\System32\rundll32.exe c:\progra~2\ld83.dat,XFG00 [2006-11-2 44544]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "EnableUIADesktopToggle"= 0 (0x0)
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
              "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
              @="Service"
              .
              [HKLM\~\startupfolder\C:^Users^ken^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
              path=c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
              backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
              backupExtension=.Startup
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
              2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
              2008-11-04 10:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
              2009-12-14 08:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
              2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
              2008-09-19 08:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
              2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
              2013-05-22 21:44 802136 ----a-w- c:\program files\uTorrent\uTorrent.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
              2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
              "DisableMonitoring"=dword:00000001
              .
              --- Andere Services/Drivers In Geheugen ---
              .
              *NewlyCreated* - WS2IFSL
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
              .
              Inhoud van de 'Gedeelde Taken' map
              .
              2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
              - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 13:08]
              .
              2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 10:42]
              .
              2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 10:42]
              .
              2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2486906247-2665262388-1446635363-1000Core.job
              - c:\users\ken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 09:11]
              .
              2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2486906247-2665262388-1446635363-1000UA.job
              - c:\users\ken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 09:11]
              .
              2013-06-11 c:\windows\Tasks\Norton Security Scan for ken.job
              - c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-07 00:45]
              .
              2013-06-12 c:\windows\Tasks\OGADaily.job
              - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
              .
              2013-06-15 c:\windows\Tasks\OGALogon.job
              - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
              .
              .
              ------- Bijkomende Scan -------
              .
              uStart Page = hxxp://www.google.com/
              mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0209&m=aspire_5735
              uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
              IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
              TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
              FF - ProfilePath - c:\users\ken\AppData\Roaming\Mozilla\Firefox\Profiles\6d3n3624.default\
              .
              - - - - ORPHANS VERWIJDERD - - - -
              .
              Toolbar-10 - (no file)
              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Norton Security Scan.lnk - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe
              SafeBoot-WudfPf
              SafeBoot-WudfRd
              MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
              MSConfigStartUp-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
              MSConfigStartUp-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
              MSConfigStartUp-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
              MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
              MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\Update\realsched.exe
              .
              .
              .
              **************************************************************************
              .
              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2013-06-15 17:51
              Windows 6.0.6002 Service Pack 2 NTFS
              .
              scannen van verborgen processen ...
              .
              scannen van verborgen autostart items ...
              .
              scannen van verborgen bestanden ...
              .
              .
              c:\users\ken\AppData\Local\Temp\catchme.dll 53248 bytes executable
              .
              Scan succesvol afgerond
              verborgen bestanden: 1
              .
              **************************************************************************
              .
              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              "MSCurrentCountry"=dword:000000b5
              .
              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              .
              --------------------- DLLs Geladen Onder Lopende Processen ---------------------
              .
              - - - - - - - > 'Explorer.exe'(3552)
              c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
              c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
              .
              ------------------------ Andere Aktieve Processen ------------------------
              .
              c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
              c:\windows\system32\agrsmsvc.exe
              c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
              c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
              c:\program files\Acer\Empowering Technology\Service\ETService.exe
              c:\program files\Common Files\LightScribe\LSSrvc.exe
              c:\acer\Mobility Center\MobilityService.exe
              c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
              c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
              c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
              c:\windows\system32\wbem\unsecapp.exe
              c:\windows\system32\conime.exe
              c:\windows\system32\igfxsrvc.exe
              c:\windows\system32\wbem\unsecapp.exe
              c:\program files\Windows Media Player\wmpnetwk.exe
              .
              **************************************************************************
              .
              Voltooingstijd: 2013-06-15 17:54:44 - machine werd herstart
              ComboFix-quarantined-files.txt 2013-06-15 15:54
              .
              Pre-Run: 4.043.718.656 bytes beschikbaar
              Post-Run: 4.053.913.600 bytes beschikbaar
              .
              - - End Of File - - 34B2D016E3254C0AA6E4F02D014DAF36
              6FC6F9186C07BCA94E140F63BFE6E9B4

              Comment


              • #8
                Open een kladblokbestand.
                Kopieer de onderstaande code, en plak deze in het kladblokbestand.
                Sla het kladblokbestand op als CFScript.txt
                Code:
                FILE::
                c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
                C:\PROGRA~2\ld83.dat
                
                FOLDER::
                c:\program files\uTorrentBar_NL
                
                REGISTRY::
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
                "{87775fdb-6972-41f9-ae51-8326e38cb206}"=-
                [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                "{87775fdb-6972-41f9-ae51-8326e38cb206}"=-
                [-HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
                [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
                "{87775FDB-6972-41F9-AE51-8326E38CB206}"=-
                Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                ComboFix zal opnieuw starten.
                Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                Post de inhoud van de logfile.

                Comment


                • #9
                  ComboFix 13-06-15.01 - ken 15-06-2013 18:37:06.2.2 - x86
                  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1976.1058 [GMT 2:00]
                  Gestart vanuit: c:\users\ken\Desktop\ComboFix.exe
                  gebruikte Opdracht switches :: c:\users\ken\Desktop\CFScript.txt
                  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  FILE ::
                  "c:\progra~2\ld83.dat"
                  "c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk"
                  .
                  .
                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\program files\uTorrentBar_NL
                  c:\program files\uTorrentBar_NL\tbuTor.dll
                  c:\program files\uTorrentBar_NL\toolbar.cfg
                  c:\program files\uTorrentBar_NL\UNWISE.EXE
                  c:\program files\uTorrentBar_NL\uTorrentBar_NLToolbarHelper.exe
                  .
                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2013-05-15 to 2013-06-15 ))))))))))))))))))))))))))))))
                  .
                  .
                  2013-06-15 16:45 . 2013-06-15 16:46 -------- d-----w- c:\users\ken\AppData\Local\temp
                  2013-06-15 16:45 . 2013-06-15 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
                  2013-06-15 13:12 . 2013-06-15 13:12 -------- d-----w- c:\users\ken\AppData\Local\Macromedia
                  2013-06-15 13:12 . 2013-06-15 13:12 -------- d-----w- c:\program files\Common Files\Adobe
                  2013-06-15 12:49 . 2013-06-15 12:49 -------- d-----w- c:\users\ken\AppData\Local\Mozilla
                  2013-06-15 12:49 . 2013-06-15 12:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
                  2013-06-15 11:28 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{612FC04D-7B5D-497F-A195-865C8CB84665}\mpengine.dll
                  2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\users\ken\AppData\Roaming\Malwarebytes
                  2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\programdata\Malwarebytes
                  2013-06-15 11:04 . 2013-06-15 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                  2013-06-15 11:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2013-06-13 01:05 . 2013-05-16 23:34 757400 ----a-w- c:\program files\Internet Explorer\iexplore.exe
                  2013-06-13 01:05 . 2013-05-16 22:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
                  2013-06-13 01:05 . 2013-05-16 22:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
                  2013-06-13 01:05 . 2013-05-16 22:29 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
                  2013-06-13 01:05 . 2013-05-16 22:29 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
                  2013-06-13 01:05 . 2013-05-16 22:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
                  2013-06-12 21:55 . 2013-06-12 21:55 2619 ----a-w- c:\programdata\38dl.js
                  2013-06-12 06:43 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
                  2013-06-12 06:43 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
                  2013-06-12 06:43 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
                  2013-06-12 06:43 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
                  2013-06-12 06:43 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
                  2013-06-12 06:43 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
                  2013-06-12 06:43 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
                  2013-06-12 06:43 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
                  2013-06-12 06:42 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
                  2013-06-12 06:42 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
                  2013-06-12 06:42 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2013-06-15 13:08 . 2012-06-12 12:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                  2013-06-15 13:08 . 2012-06-12 12:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                  2013-05-02 00:06 . 2009-12-14 08:50 238872 ------w- c:\windows\system32\MpSigStub.exe
                  2013-04-15 14:20 . 2013-05-15 08:49 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
                  2013-04-13 10:56 . 2013-05-15 08:49 37376 ----a-w- c:\windows\system32\cdd.dll
                  2013-04-09 01:36 . 2013-05-15 08:49 2049024 ----a-w- c:\windows\system32\win32k.sys
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                  REGEDIT4
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
                  @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
                  [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
                  2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
                  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
                  "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
                  "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-05-22 802136]
                  "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
                  "RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
                  "Skytel"="Skytel.exe" [2007-11-21 1826816]
                  "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
                  "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 809480]
                  "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
                  "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
                  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
                  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
                  "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
                  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
                  .
                  c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  OneNote-inhoudsopgave.onetoc2 [2009-2-22 3656]
                  regmonstd.lnk - c:\windows\System32\rundll32.exe c:\progra~2\ld83.dat,XFG00 [2006-11-2 44544]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
                  "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                  @="Service"
                  .
                  [HKLM\~\startupfolder\C:^Users^ken^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
                  path=c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
                  backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
                  backupExtension=.Startup
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
                  2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
                  2008-11-04 10:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
                  2009-12-14 08:57 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
                  2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
                  2008-09-19 08:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                  2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
                  2013-05-22 21:44 802136 ----a-w- c:\program files\uTorrent\uTorrent.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
                  2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
                  "DisableMonitoring"=dword:00000001
                  .
                  --- Andere Services/Drivers In Geheugen ---
                  .
                  *NewlyCreated* - WS2IFSL
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  .
                  2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 13:08]
                  .
                  2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 10:42]
                  .
                  2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 10:42]
                  .
                  2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2486906247-2665262388-1446635363-1000Core.job
                  - c:\users\ken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 09:11]
                  .
                  2013-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2486906247-2665262388-1446635363-1000UA.job
                  - c:\users\ken\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 09:11]
                  .
                  2013-06-11 c:\windows\Tasks\Norton Security Scan for ken.job
                  - c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-07 00:45]
                  .
                  2013-06-12 c:\windows\Tasks\OGADaily.job
                  - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
                  .
                  2013-06-15 c:\windows\Tasks\OGALogon.job
                  - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
                  .
                  .
                  ------- Bijkomende Scan -------
                  .
                  uStart Page = hxxp://www.google.com/
                  mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0209&m=aspire_5735
                  uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
                  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
                  TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
                  FF - ProfilePath - c:\users\ken\AppData\Roaming\Mozilla\Firefox\Profiles\6d3n3624.default\
                  .
                  - - - - ORPHANS VERWIJDERD - - - -
                  .
                  AddRemove-uTorrentBar_NL Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE
                  .
                  .
                  .
                  **************************************************************************
                  .
                  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2013-06-15 18:46
                  Windows 6.0.6002 Service Pack 2 NTFS
                  .
                  scannen van verborgen processen ...
                  .
                  scannen van verborgen autostart items ...
                  .
                  scannen van verborgen bestanden ...
                  .
                  Scan succesvol afgerond
                  verborgen bestanden: 0
                  .
                  **************************************************************************
                  .
                  --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  "MSCurrentCountry"=dword:000000b5
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  Voltooingstijd: 2013-06-15 18:48:14
                  ComboFix-quarantined-files.txt 2013-06-15 16:48
                  ComboFix2.txt 2013-06-15 15:54
                  .
                  Pre-Run: 4.087.328.768 bytes beschikbaar
                  Post-Run: 4.062.973.952 bytes beschikbaar
                  .
                  - - End Of File - - 8920A6C4021EE84A53E4E4CE5F2CD89A
                  6FC6F9186C07BCA94E140F63BFE6E9B4

                  Comment


                  • #10
                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.


                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    ECHO Deleting Files>>log.txt
                    FOR %%g in (
                    "c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk"
                    "C:\PROGRA~2\ld83.dat") DO (
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted successfully>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt
                    DEL %0

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.
                    Rechtsklik op del.bat en kies voor "Uitvoeren als Administrator".
                    Krijg je een melding van Gebruikersaccountbeheer dan sta je dit toe.
                    Post de inhoud van de logfile die opent.

                    Comment


                    • #11
                      Deleting Files
                      "c:\users\ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk" deleted successfully
                      "C:\PROGRA~2\ld83.dat" not found

                      Comment


                      • #12
                        Herstart de computer en meldt of er nog problemen zijn.

                        Comment


                        • #13
                          Geen enkel probleem meer...bedankt!

                          Comment


                          • #14
                            Mooi zo.

                            Graag gedaan hoor.

                            Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                            (Let op de spatie tussen Combofix en /Uninstall)
                            Druk daarna op Enter.
                            Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                            Voer de instructies uit die hier gegeven worden: De computer is malware-vrij, wat nu te doen?

                            Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
                            Lees ook dit artikel even door: Niets voor niets.

                            De status van deze thread zet ik op opgelost.
                            Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                            Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                            Happy surfing again.

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X