Mededeling

Collapse
No announcement yet.

Command sluit automatisch af

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Command sluit automatisch af

    Hallo Nucia,

    Long time no see Ik heb een probleem met me PC. De command sluit zich automatisch af.
    Als ik naar Start > cmd zoek en deze als admin doe uitvoeren sluit het venster zich automatisch af.

    Iemand enig idee hoe dit op te lossen?

    Alvast mijn dank.

    Gretz Dolf

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 0:17:11, on 28-6-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16611)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\FamNoteborn\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578200} - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

    --
    End of file - 4326 bytes

  • #2
    Topic verplaatst.

    Comment


    • #3
      Oke, excuses voor het verkeerd plaatsen van de topic.

      Ik ben nu CC cleaner aan het draaien, eens kijken wat die kan doen voor me.

      Heeft iemand anders nog suggesties?

      Comment


      • #4
        Logs

        Log bestanden:

        Malwarebytes, tijdens scannen had die 2 bestanden gevonden, MS Security Essentails herkende deze plots ook en heeft ze volgens mij hernoemd en laten staan.

        Deze toch laten verwijderen door maleware, PC herstart en nogmaals laten scannen, vindt nu geen kwaadaardig software meer.

        Eerste Scan:

        Malwarebytes Anti-Malware 1.75.0.1300
        Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.


        Databaseversie: v2013.06.28.01

        Windows 7 Service Pack 1 x86 NTFS
        Internet Explorer 10.0.9200.16618
        FamNoteborn :: NOTEBORN-PC [administrator]

        28-6-2013 11:53:31
        mbam-log-2013-06-28 (11-53-31).txt

        Scan type: Snelle scan
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 264070
        Verstreken tijd: 6 minuut/minuten, 55 seconde(n)

        Geheugenprocessen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerwaarden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 1
        C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Geen actie ondernomen.

        Bestanden gedetecteerd: 3
        C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Geen actie ondernomen.
        C:\ProgramData\lrlco.dat (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.
        C:\ProgramData\r6zafo.dat (Trojan.FakeMS) -> Succesvol in quarantaine geplaatst en verwijderd.

        (einde)

        Scan na verwijderen en herstarten:

        Malwarebytes Anti-Malware 1.75.0.1300
        Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.


        Databaseversie: v2013.06.28.01

        Windows 7 Service Pack 1 x86 NTFS
        Internet Explorer 10.0.9200.16618
        FamNoteborn :: NOTEBORN-PC [administrator]

        28-6-2013 12:34:42
        mbam-log-2013-06-28 (12-34-42).txt

        Scan type: Snelle scan
        Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
        Uitgeschakelde scan opties: P2P
        Objecten gescand: 264336
        Verstreken tijd: 6 minuut/minuten, 32 seconde(n)

        Geheugenprocessen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Geheugenmodulen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registersleutels gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerwaarden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Registerdata gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Mappen gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        Bestanden gedetecteerd: 0
        (Geen kwaadaardige objecten gedetecteerd)

        (einde)

        Comment


        • #5
          Bestanden heetten nu:

          C:\ProgramData\oclrl.pad
          C:\ProgramData\ofaz6r.pad

          Comment


          • #6
            DDS werkt niet, programma start op en gaat scannen maar opent geen log files.
            Maakt wel een snelkoppeling aan wat cmd op start maar zoals mijn probleem is sluit deze direct af..

            GMER heb ik wel.

            GMER 2.1.19163 - http://www.gmer.net
            Rootkit scan 2013-06-28 12:27:02
            Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD251HJ rev.1AC01114 232,89GB
            Running: 1dcluo1b.exe; Driver: C:\Users\FAMNOT~1\AppData\Local\Temp\kxdcikow.sys


            ---- System - GMER 2.1 ----

            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8FA801E6]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8FA80EDA]
            SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ZwCreateThreadEx [0x90231DA0]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8FA811E2]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8FA84C2E]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8FA84C7C]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8FA84EC2]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8FA8108A]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8FA80398]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8FA80626]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8FA807E0]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8FA84DCA]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8FA84CE6]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8FA84D3A]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8FA84D82]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8FA80154]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8FA812F6]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8FA84B54]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8FA80090]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8FA7FF20]
            SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8FA7FF96]

            ---- Kernel code sections - GMER 2.1 ----

            .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C539F5 1 Byte [06]
            .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8D1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
            .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C94498 4 Bytes [E6, 01, A8, 8F] {OUT 0x1, AL; TEST AL, 0x8f}
            .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C944F4 4 Bytes [DA, 0E, A8, 8F] {FIMUL DWORD [ESI]; TEST AL, 0x8f}
            .text ntkrnlpa.exe!KeRemoveQueueEx + 1207 82C9454C 4 Bytes [A0, 1D, 23, 90]
            .text ntkrnlpa.exe!KeRemoveQueueEx + 123F 82C94584 8 Bytes [E2, 11, A8, 8F, 2E, 4C, A8, ...] {LOOP 0x13; TEST AL, 0x8f; DEC ESP; TEST AL, 0x8f}
            .text ntkrnlpa.exe!KeRemoveQueueEx + 124F 82C94594 4 Bytes JMP A84C7C82
            .text ...

            ---- User code sections - GMER 2.1 ----

            .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[948] ntdll.dll!KiUserApcDispatcher 77666F38 5 Bytes JMP 010747F0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
            .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[948] WS2_32.dll!getaddrinfo 77814296 5 Bytes JMP 71A50022
            .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[948] WS2_32.dll!gethostbyname 77827673 5 Bytes JMP 71AE0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] ntdll.dll!NtMapViewOfSection 77665C28 5 Bytes JMP 719F0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!QueueUserWorkItem 774399A9 6 Bytes PUSH 70FC0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] kernel32.dll!SetUnhandledExceptionFilter 7743F4FB 6 Bytes PUSH 71A30022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!getaddrinfo 77814296 5 Bytes JMP 71080022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!connect 77816BDD 3 Bytes JMP 710D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!connect + 4 77816BE1 1 Byte [F9]
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WS2_32.dll!GetAddrInfoExW 7781D1EA 5 Bytes JMP 71120022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] GDI32.dll!BitBlt 75D672C0 6 Bytes PUSH 71810022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!DdeInitializeW 774E5DF2 6 Bytes PUSH 71750022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!RegisterClassA 774EBC6A 6 Bytes PUSH 71890022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CreateWindowExA 774EBF40 6 Bytes JMP 7192000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!CreateWindowExW 774EEC7C 6 Bytes JMP 7196000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!RegisterClassW 774EED4A 6 Bytes PUSH 71A60022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!RegisterClassExW 774F0162 6 Bytes PUSH 71AE0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!PeekMessageW 774F634A 6 Bytes PUSH 719B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!TranslateMessage 774F64C7 6 Bytes PUSH 716B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] USER32.dll!GetClipboardData 77502BA7 6 Bytes PUSH 71710022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!CoCreateInstance 75C29D0B 6 Bytes JMP 718E000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] ole32.dll!CoCreateInstanceEx 75C29D4E 5 Bytes JMP 717D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetCloseHandle 76EA4282 6 Bytes PUSH 714B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpSendRequestW 76EA7CA6 6 Bytes PUSH 714F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpOpenRequestW 76EA83DD 6 Bytes PUSH 715F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetConnectW 76EAB214 6 Bytes PUSH 71430022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpAddRequestHeadersA 76EACE82 6 Bytes PUSH 71670022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetQueryDataAvailable 76EB92E9 6 Bytes PUSH 712F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetReadFile 76EB972B 6 Bytes PUSH 712B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetSetStatusCallback 76EBF370 6 Bytes PUSH 711F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetReadFileExW 76ECADD7 6 Bytes PUSH 71230022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetReadFileExA 76ECAE2E 6 Bytes PUSH 71270022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetGetCookieExA 76ECC4AE 6 Bytes PUSH 713B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenW 76EFCE1C 6 Bytes PUSH 71330022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetOpenA 76EFCF60 6 Bytes PUSH 71370022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpSendRequestExW 76F0CEFF 6 Bytes PUSH 71530022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetWriteFile 76F0D06F 6 Bytes PUSH 711B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetConnectA 76F4D0B3 6 Bytes PUSH 71470022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpSendRequestExA 76F73222 6 Bytes PUSH 71570022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpSendRequestA 76F732F2 6 Bytes PUSH 715B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!HttpOpenRequestA 76F73595 6 Bytes PUSH 71630022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2160] WININET.dll!InternetGetCookieA 76F74768 6 Bytes PUSH 713F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] ntdll.dll!NtMapViewOfSection 77665C28 5 Bytes JMP 719F0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] kernel32.dll!QueueUserWorkItem 774399A9 6 Bytes PUSH 70FC0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] kernel32.dll!SetUnhandledExceptionFilter 7743F4FB 6 Bytes PUSH 71A30022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WS2_32.dll!getaddrinfo 77814296 5 Bytes JMP 71080022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WS2_32.dll!connect 77816BDD 3 Bytes JMP 710D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WS2_32.dll!connect + 4 77816BE1 1 Byte [F9]
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WS2_32.dll!GetAddrInfoExW 7781D1EA 5 Bytes JMP 71120022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] GDI32.dll!BitBlt 75D672C0 6 Bytes PUSH 71810022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!DdeInitializeW 774E5DF2 6 Bytes PUSH 71750022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!RegisterClassA 774EBC6A 6 Bytes PUSH 71890022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!CreateWindowExA 774EBF40 6 Bytes JMP 7192000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!CreateWindowExW 774EEC7C 6 Bytes JMP 7196000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!RegisterClassW 774EED4A 6 Bytes PUSH 71A60022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!RegisterClassExW 774F0162 6 Bytes PUSH 71AE0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!PeekMessageW 774F634A 6 Bytes PUSH 719B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!TranslateMessage 774F64C7 6 Bytes PUSH 716B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] USER32.dll!GetClipboardData 77502BA7 6 Bytes PUSH 71710022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] ole32.dll!CoCreateInstance 75C29D0B 6 Bytes JMP 718E000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] ole32.dll!CoCreateInstanceEx 75C29D4E 5 Bytes JMP 717D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetCloseHandle 76EA4282 6 Bytes PUSH 714B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpSendRequestW 76EA7CA6 6 Bytes PUSH 714F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpOpenRequestW 76EA83DD 6 Bytes PUSH 715F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetConnectW 76EAB214 6 Bytes PUSH 71430022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpAddRequestHeadersA 76EACE82 6 Bytes PUSH 71670022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetQueryDataAvailable 76EB92E9 6 Bytes PUSH 712F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetReadFile 76EB972B 6 Bytes PUSH 712B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetSetStatusCallback 76EBF370 6 Bytes PUSH 711F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetReadFileExW 76ECADD7 6 Bytes PUSH 71230022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetReadFileExA 76ECAE2E 6 Bytes PUSH 71270022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetGetCookieExA 76ECC4AE 6 Bytes PUSH 713B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetOpenW 76EFCE1C 6 Bytes PUSH 71330022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetOpenA 76EFCF60 6 Bytes PUSH 71370022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpSendRequestExW 76F0CEFF 6 Bytes PUSH 71530022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetWriteFile 76F0D06F 6 Bytes PUSH 711B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetConnectA 76F4D0B3 6 Bytes PUSH 71470022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpSendRequestExA 76F73222 6 Bytes PUSH 71570022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpSendRequestA 76F732F2 6 Bytes PUSH 715B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!HttpOpenRequestA 76F73595 6 Bytes PUSH 71630022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2932] WININET.dll!InternetGetCookieA 76F74768 6 Bytes PUSH 713F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] ntdll.dll!NtMapViewOfSection 77665C28 5 Bytes JMP 719F0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] kernel32.dll!QueueUserWorkItem 774399A9 6 Bytes PUSH 70FC0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] kernel32.dll!SetUnhandledExceptionFilter 7743F4FB 6 Bytes PUSH 71A30022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WS2_32.dll!getaddrinfo 77814296 5 Bytes JMP 71080022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WS2_32.dll!connect 77816BDD 3 Bytes JMP 710D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WS2_32.dll!connect + 4 77816BE1 1 Byte [F9]
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WS2_32.dll!GetAddrInfoExW 7781D1EA 5 Bytes JMP 71120022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] GDI32.dll!BitBlt 75D672C0 6 Bytes PUSH 71810022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!DdeInitializeW 774E5DF2 6 Bytes PUSH 71750022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!RegisterClassA 774EBC6A 6 Bytes PUSH 71890022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!CreateWindowExA 774EBF40 6 Bytes JMP 7192000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!CreateWindowExW 774EEC7C 6 Bytes JMP 7196000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!RegisterClassW 774EED4A 6 Bytes PUSH 71A60022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!RegisterClassExW 774F0162 6 Bytes PUSH 71AE0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!PeekMessageW 774F634A 6 Bytes PUSH 719B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!TranslateMessage 774F64C7 6 Bytes PUSH 716B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] USER32.dll!GetClipboardData 77502BA7 6 Bytes PUSH 71710022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] ole32.dll!CoCreateInstance 75C29D0B 6 Bytes JMP 718E000A
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] ole32.dll!CoCreateInstanceEx 75C29D4E 5 Bytes JMP 717D0022
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetCloseHandle 76EA4282 6 Bytes PUSH 714B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpSendRequestW 76EA7CA6 6 Bytes PUSH 714F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpOpenRequestW 76EA83DD 6 Bytes PUSH 715F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetConnectW 76EAB214 6 Bytes PUSH 71430022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpAddRequestHeadersA 76EACE82 6 Bytes PUSH 71670022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetQueryDataAvailable 76EB92E9 6 Bytes PUSH 712F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetReadFile 76EB972B 6 Bytes PUSH 712B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetSetStatusCallback 76EBF370 6 Bytes PUSH 711F0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetReadFileExW 76ECADD7 6 Bytes PUSH 71230022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetReadFileExA 76ECAE2E 6 Bytes PUSH 71270022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetGetCookieExA 76ECC4AE 6 Bytes PUSH 713B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetOpenW 76EFCE1C 6 Bytes PUSH 71330022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetOpenA 76EFCF60 6 Bytes PUSH 71370022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpSendRequestExW 76F0CEFF 6 Bytes PUSH 71530022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetWriteFile 76F0D06F 6 Bytes PUSH 711B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetConnectA 76F4D0B3 6 Bytes PUSH 71470022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpSendRequestExA 76F73222 6 Bytes PUSH 71570022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpSendRequestA 76F732F2 6 Bytes PUSH 715B0022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!HttpOpenRequestA 76F73595 6 Bytes PUSH 71630022; RET
            .text C:\Program Files\Internet Explorer\iexplore.exe[2968] WININET.dll!InternetGetCookieA 76F74768 6 Bytes PUSH 713F0022; RET
            .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3140] ntdll.dll!KiUserApcDispatcher 77666F38 5 Bytes JMP 0117CC40 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
            .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3140] USER32.dll!PostThreadMessageW + 80 774EEF7C 6 Bytes JMP 71AE001E
            .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3140] WS2_32.dll!getaddrinfo 77814296 5 Bytes JMP 71A20022
            .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3140] WS2_32.dll!gethostbyname 77827673 5 Bytes JMP 71A60022

            ---- Registry - GMER 2.1 ----

            Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
            Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)

            ---- EOF - GMER 2.1 ----

            Comment


            • #7
              Hallo,

              Maak even een log met DDS: http://users.telenet.be/marcvn/spyware/dds.html
              Post het logje DDS.txt dat opent. Attach.txt moet je niet posten en niet als bijlage toevoegen.

              Comment


              • #8
                Hey Marckie,

                Ik heb al een aantal keren geprobeerd met DDS maar maakt geen log file aan.

                Programma start op, gaat scannen en sluit erna automatisch af zonder logfile...

                Comment


                • #9
                  Dan proberen we wat anders.

                  Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
                  ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
                  Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
                  Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
                  Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
                  Krijg je deze melding dan meld je dit.
                  Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                  Post de inhoud van dit bestandje.

                  Comment


                  • #10
                    ComboFix 13-06-28.01 - FamNoteborn 28-06-2013 17:24:44.1.2 - x86
                    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3055.1686 [GMT 2:00]
                    Gestart vanuit: c:\users\FamNoteborn\Desktop\ComboFix.exe
                    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
                    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
                    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                    .
                    .
                    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    c:\programdata\oclrl.pad
                    c:\programdata\ofaz6r.pad
                    c:\programdata\windows
                    c:\users\FamNoteborn\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
                    c:\windows\PixArt\PAC207\Monitor.exe
                    E:\Autorun.inf
                    .
                    .
                    (((((((((((((((((((( Bestanden Gemaakt van 2013-05-28 to 2013-06-28 ))))))))))))))))))))))))))))))
                    .
                    .
                    2013-06-28 15:29 . 2013-06-28 15:30 -------- d-----w- c:\users\FamNoteborn\AppData\Local\temp
                    2013-06-28 15:29 . 2013-06-28 15:29 -------- d-----w- c:\users\test\AppData\Local\temp
                    2013-06-28 15:20 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{482D38A9-A8AD-4690-9E1F-5E0C67A4CBC2}\mpengine.dll
                    2013-06-28 15:19 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                    2013-06-28 09:52 . 2013-06-28 09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                    2013-06-28 09:52 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                    2013-06-27 22:25 . 2013-06-27 22:25 -------- d-----w- c:\program files\CCleaner
                    2013-06-22 21:29 . 2013-06-22 21:29 -------- d-----w- c:\users\FamNoteborn\AppData\Local\MediaMonkey
                    2013-06-22 21:29 . 2013-06-22 21:59 -------- d-----w- c:\users\FamNoteborn\AppData\Roaming\MediaMonkey
                    2013-06-22 21:29 . 2013-06-22 21:29 -------- d-----w- c:\programdata\MediaMonkey
                    2013-06-22 21:29 . 2013-06-23 06:10 -------- d-----w- c:\program files\MediaMonkey
                    2013-06-22 20:48 . 2013-06-22 21:05 -------- d-----w- c:\users\FamNoteborn\AppData\Roaming\Apple Computer
                    2013-06-22 20:48 . 2013-06-22 20:48 -------- d-----w- c:\users\FamNoteborn\AppData\Local\Apple Computer
                    2013-06-22 20:48 . 2013-06-23 06:08 -------- dc----w- c:\windows\system32\DRVSTORE
                    2013-06-22 20:48 . 2013-06-23 06:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
                    2013-06-22 20:48 . 2013-06-22 20:48 -------- d-----w- c:\programdata\Apple Computer
                    2013-06-22 20:47 . 2013-06-22 20:47 -------- d-----w- c:\users\FamNoteborn\AppData\Local\Apple
                    2013-06-22 20:46 . 2013-06-23 06:09 -------- d-----w- c:\program files\Common Files\Apple
                    2013-06-22 20:46 . 2013-06-22 20:47 -------- d-----w- c:\programdata\Apple
                    2013-06-21 16:17 . 2013-06-21 16:17 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B7F9F4F-2889-49B0-819A-3A54B9B15B2D}\gapaengine.dll
                    2013-06-18 19:03 . 2013-06-18 19:03 -------- d-----w- c:\program files\Spotnet
                    2013-06-18 19:00 . 2013-06-18 19:00 -------- d-----w- c:\program files\GrabIt
                    2013-06-12 05:53 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
                    2013-06-12 05:53 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
                    2013-06-12 04:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
                    2013-06-12 04:34 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
                    2013-06-12 04:34 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
                    2013-06-12 04:34 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
                    2013-06-12 04:34 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
                    2013-06-12 04:34 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
                    2013-06-12 04:34 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
                    2013-06-12 04:34 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
                    2013-06-12 04:33 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
                    2013-06-12 04:33 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
                    2013-06-12 04:33 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
                    2013-06-12 04:33 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
                    .
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    2013-06-12 16:46 . 2012-05-06 05:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                    2013-06-12 16:46 . 2011-09-08 20:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                    2013-05-29 04:11 . 2013-05-29 04:11 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 185344 ----a-w- c:\windows\system32\elshyph.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 523264 ----a-w- c:\windows\system32\vbscript.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 38400 ----a-w- c:\windows\system32\imgutil.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 158720 ----a-w- c:\windows\system32\msls31.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 150528 ----a-w- c:\windows\system32\iexpress.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 138752 ----a-w- c:\windows\system32\wextract.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 137216 ----a-w- c:\windows\system32\ieUnatt.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 12800 ----a-w- c:\windows\system32\mshta.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
                    2013-05-29 04:11 . 2013-05-29 04:11 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 61952 ----a-w- c:\windows\system32\tdc.ocx
                    2013-05-29 04:11 . 2013-05-29 04:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 361984 ----a-w- c:\windows\system32\html.iec
                    2013-05-29 04:11 . 2013-05-29 04:11 23040 ----a-w- c:\windows\system32\licmgr10.dll
                    2013-05-29 04:11 . 2013-05-29 04:11 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
                    2013-05-22 04:21 . 2012-10-03 04:35 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
                    2013-05-09 05:54 . 2013-05-09 05:54 43600 ----a-w- c:\windows\system32\drivers\lkdnnhra.sys
                    2013-05-02 15:28 . 2011-09-08 18:26 238872 ------w- c:\windows\system32\MpSigStub.exe
                    2013-04-13 04:45 . 2013-05-18 05:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
                    2013-04-13 04:45 . 2013-05-18 05:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
                    2013-04-12 13:45 . 2013-04-24 15:00 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
                    2013-04-10 05:18 . 2013-05-18 05:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
                    2013-04-10 05:18 . 2013-05-18 05:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
                    2013-04-10 03:14 . 2013-05-18 05:40 2347520 ----a-w- c:\windows\system32\win32k.sys
                    2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
                    2006-11-20 07:01 . 2006-11-20 07:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe
                    .
                    .
                    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                    .
                    .
                    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                    REGEDIT4
                    .
                    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
                    .
                    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                    "ConsentPromptBehaviorAdmin"= 5 (0x5)
                    "ConsentPromptBehaviorUser"= 3 (0x3)
                    "EnableUIADesktopToggle"= 0 (0x0)
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                    "aux"=wdmaud.drv
                    .
                    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                    @="Service"
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
                    2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
                    2013-01-27 10:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
                    .
                    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                    2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
                    .
                    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
                    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
                    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
                    R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2012-04-15 1068216]
                    R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2012-03-02 21504]
                    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
                    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
                    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
                    R3 PAC207;PC [email protected];c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
                    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
                    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
                    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1343400]
                    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-02-13 102008]
                    S1 MpKsla765c955;MpKsla765c955;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{482D38A9-A8AD-4690-9E1F-5E0C67A4CBC2}\MpKsla765c955.sys [2013-06-28 29904]
                    S1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus32_50414.sys [2013-04-14 316984]
                    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-02-13 102680]
                    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-02-13 173880]
                    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-02-13 1124184]
                    S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
                    S3 DVxplore;NVTV;c:\windows\system32\DRIVERS\DVxplore.sys [2004-09-07 75776]
                    S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
                    .
                    .
                    --- Andere Services/Drivers In Geheugen ---
                    .
                    *NewlyCreated* - MPKSLA765C955
                    *NewlyCreated* - MPKSLE33EC81D
                    *Deregistered* - MpKsle33ec81d
                    .
                    Inhoud van de 'Gedeelde Taken' map
                    .
                    2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
                    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:46]
                    .
                    2013-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147581597-659134247-2006733693-1001Core.job
                    - c:\users\noteborn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:52]
                    .
                    2013-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147581597-659134247-2006733693-1001UA.job
                    - c:\users\noteborn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 15:52]
                    .
                    .
                    ------- Bijkomende Scan -------
                    .
                    uStart Page = hxxp://www.google.nl/
                    uDefault_Search_URL = hxxp://www.google.com/ie
                    uSearchAssistant = hxxp://www.google.com/ie
                    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
                    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                    .
                    - - - - ORPHANS VERWIJDERD - - - -
                    .
                    HKLM-Run-Monitor - c:\windows\PixArt\PAC207\Monitor.exe
                    HKLM-Run-PAC207_Monitor - c:\windows\PixArt\PAC207\Monitor.exe
                    .
                    .
                    .
                    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                    .
                    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
                    @Denied: (2) (LocalSystem)
                    "Progid"="FotoManager10Deluxe.8.alb"
                    .
                    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                    @Denied: (Full) (Everyone)
                    .
                    Voltooingstijd: 2013-06-28 17:31:08
                    ComboFix-quarantined-files.txt 2013-06-28 15:31
                    .
                    Pre-Run: 15.812.743.168 bytes beschikbaar
                    Post-Run: 15.472.934.912 bytes beschikbaar
                    .
                    - - End Of File - - 164FD2CC01E9DE3A880CC6836CC552F5
                    A36C5E4F47E84449FF07ED3517B43A31

                    Comment


                    • #11
                      Mooi zo.
                      Zijn er nog problemen?

                      Comment


                      • #12
                        OW haha ja cmd doet t weer! Bedankt voor de snelle reactie!
                        Enig idee wat het probleem was?

                        Comment


                        • #13
                          Ik vermoed dat de malware verhinderde dat bat files uitgevoerd konden worden.
                          Combofix / MBAM hebben dit opgeruimd.

                          Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                          (Let op de spatie tussen Combofix en /Uninstall)
                          Druk daarna op Enter.
                          Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                          Voer de instructies uit die hier gegeven worden: De computer is malware-vrij, wat nu te doen?

                          Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
                          Lees ook dit artikel even door: Niets voor niets.

                          De status van deze thread zet ik op opgelost.
                          Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                          Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                          Happy surfing again.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X