Mededeling

Collapse
No announcement yet.

infectie na foute download keuze

Collapse
This topic is closed.
X
X
 
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • infectie na foute download keuze

    Hallo,

    Ik heb onlangs via een pagina een clamwin antivirus scanner willen downloaden, vandaar uit leek een infectie te zijn ontstaan.

    Ik heb vervolgens de handleiding gevolgd en heb dan ook 4 logjes om mee te sturen.

    note. De antivirus scanner clamwin heb ik ondertussen gewoon laten zitten, geen idee of ik er goed aan doe technisch gezien om dit te verwijderen.

    m.v.g. Oscar

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 30-1-2015
    Scan Time: 18:33:48
    Logfile: fuckingkudosmbam.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.30.06
    Rootkit Database: v2015.01.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Jaime

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 343859
    Time Elapsed: 1 hr, 23 min, 24 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 68
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, Quarantined, [9bb6e31431581026931171c231d2ee12],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, Quarantined, [9bb6e31431581026931171c231d2ee12],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, Quarantined, [9bb6e31431581026931171c231d2ee12],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, Quarantined, [9bb6e31431581026931171c231d2ee12],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, Quarantined, [470a599e77125cdacbdde0530df66c94],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}, Quarantined, [470a599e77125cdacbdde0530df66c94],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [470a599e77125cdacbdde0530df66c94],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, Quarantined, [470a599e77125cdacbdde0530df66c94],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}, Quarantined, [93be44b3236603331e7d64cf55aefe02],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, Quarantined, [93be44b3236603331e7d64cf55aefe02],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, Quarantined, [93be44b3236603331e7d64cf55aefe02],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}, Quarantined, [7fd218df2762de58811b6dc68f74bb45],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, Quarantined, [7fd218df2762de58811b6dc68f74bb45],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, Quarantined, [7fd218df2762de58811b6dc68f74bb45],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}, Quarantined, [ef626a8d5a2f072ff8a511228d76c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, Quarantined, [ef626a8d5a2f072ff8a511228d76c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, Quarantined, [ef626a8d5a2f072ff8a511228d76c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [262bae49a7e2db5bc4daf340996a8977],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, Quarantined, [262bae49a7e2db5bc4daf340996a8977],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [262bae49a7e2db5bc4daf340996a8977],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [262bae49a7e2db5bc4daf340996a8977],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, Quarantined, [f85909ee2b5e4fe7c3dc88ab21e2cc34],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, Quarantined, [f85909ee2b5e4fe7c3dc88ab21e2cc34],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, Quarantined, [f85909ee2b5e4fe7c3dc88ab21e2cc34],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, Quarantined, [f85909ee2b5e4fe7c3dc88ab21e2cc34],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}, Quarantined, [6be6e90e593066d0752b1122887b2cd4],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}, Quarantined, [143dd5222e5bad89920f93a060a3ce32],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [143dd5222e5bad89920f93a060a3ce32],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, Quarantined, [143dd5222e5bad89920f93a060a3ce32],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}, Quarantined, [0f42599e028755e18f139e954cb7db25],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}, Quarantined, [1a377a7d8207c2743172e94a4bb89967],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, Quarantined, [1a377a7d8207c2743172e94a4bb89967],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, Quarantined, [1a377a7d8207c2743172e94a4bb89967],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}, Quarantined, [90c138bf60290d295f46d55e2dd6e020],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, Quarantined, [90c138bf60290d295f46d55e2dd6e020],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, Quarantined, [90c138bf60290d295f46d55e2dd6e020],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}, Quarantined, [8cc5ba3d3d4c4aec1a8c86ad6d96c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8cc5ba3d3d4c4aec1a8c86ad6d96c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8cc5ba3d3d4c4aec1a8c86ad6d96c838],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [83cef8ffb6d33cfab4f3042fa65df010],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.Update3WebControl.3, Quarantined, [83cef8ffb6d33cfab4f3042fa65df010],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [83cef8ffb6d33cfab4f3042fa65df010],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [83cef8ffb6d33cfab4f3042fa65df010],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}, Quarantined, [67eab83f3554fc3ae8c17fb4f60d23dd],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, Quarantined, [67eab83f3554fc3ae8c17fb4f60d23dd],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, Quarantined, [67eab83f3554fc3ae8c17fb4f60d23dd],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}, Quarantined, [153c48af34553afccbdf78bb4ab907f9],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [153c48af34553afccbdf78bb4ab907f9],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, Quarantined, [153c48af34553afccbdf78bb4ab907f9],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}, Quarantined, [7dd49166e7a244f2cedd6dc63cc76a96],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}, Quarantined, [7ed31fd876139d99a30934ff9c679868],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [7ed31fd876139d99a30934ff9c679868],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, Quarantined, [7ed31fd876139d99a30934ff9c679868],
    PUP.Optional.Whilokii.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}, Quarantined, [55fcac4b6e1b91a551c2fcfc669ce818],
    PUP.Optional.Whilokii.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{204DF522-9A96-4A72-ABB0-60F7A216D6D2}, Quarantined, [55fcac4b6e1b91a551c2fcfc669ce818],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [034e55a23653013501acdb58a55e18e8],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FE063412-BEA4-4D76-8ED3-183BE6220D17}, Quarantined, [034e55a23653013501acdb58a55e18e8],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\BonanzaDealsLive, Quarantined, [eb66a25529602e08c9ffa93be3219868],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\BonanzaDealsLive.exe, Quarantined, [c28fcb2c8cfd20163d86737154b023dd],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [fb56e4132e5b2115f5d46c7883817789],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=3, Quarantined, [83cecd2a5732f3436664895b9470c33d],
    PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=9, Quarantined, [c98814e3b8d161d5379321c3aa5af20e],
    PUP.Optional.BonanzaDeals.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bonanzadealslive, Quarantined, [9cb50fe89cedda5ccdfeb034010311ef],
    PUP.Optional.BonanzaDeals.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bonanzadealslivem, Quarantined, [b1a0985fb9d0e254f9d2c81c0400bb45],
    PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Quarantined, [de73e0170b7e92a47254964e8e76c33d],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [b79a8770e4a5f73fae8fec9a0300ec14],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d37e13e4a1e8f442d1de15b1946f25db],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [f65b09ee3653be780bb8c01c15efe61a],

    Registry Values: 1
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-1606980848-2146860463-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1O1M1K1L2X1M1G1K1U, Quarantined, [f65b09ee3653be780bb8c01c15efe61a]

    Registry Data: 0
    (No malicious items detected)

    Folders: 5
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive, Quarantined, [4a0702f5cabf092d12e005417093e917],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update, Quarantined, [4a0702f5cabf092d12e005417093e917],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update\Log, Quarantined, [4a0702f5cabf092d12e005417093e917],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\Jaime\Local Settings\Application Data\BonanzaDealsLive, Quarantined, [1e339a5dd9b0e94d8172ce780ff4a957],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\Jaime\Local Settings\Application Data\BonanzaDealsLive\CrashReports, Quarantined, [1e339a5dd9b0e94d8172ce780ff4a957],

    Files: 10
    PUP.Optional.RegCleanerPro, C:\Documents and Settings\Jaime\Local Settings\Temp\ZWF85f5g.exe.part, Quarantined, [0a4725d22e5b2c0a61a837f954add32d],
    PUP.Optional.PCFixSpeed.A, C:\Documents and Settings\Jaime\Local Settings\Temp\is1275519350\1761974_stp\DokoTB.exe, Quarantined, [9ab7f2057415c86e9f9ca9666b9ad32d],
    PUP.Optional.RegCleanerPro, C:\Documents and Settings\Jaime\Local Settings\Temp\is1275519350\1762055_stp\rcpsetup_adppi_adppi.exe, Quarantined, [331efdfab3d6d85efb0efa368c75f709],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\Jaime\Local Settings\Temp\is1275519350\1762145_stp\bd.exe, Quarantined, [371a9d5a95f4ae88b62d58efdf22619f],
    PUP.Optional.Softonic.A, C:\Documents and Settings\Jaime\Mijn documenten\Downloads\SoftonicDownloader_voor_avg-antivirus-free-2014.exe, Quarantined, [ea67d324454404328aa20b3a847d47b9],
    PUP.Optional.Softonic.A, C:\Documents and Settings\Jaime\Mijn documenten\Downloads\SoftonicDownloader_voor_cdex.exe, Quarantined, [e76a46b15f2a1c1a5ad2e06557aad030],
    PUP.Optional.Softonic.A, C:\Documents and Settings\Jaime\Mijn documenten\Downloads\SoftonicDownloader_voor_fifa-09.exe, Quarantined, [de73e215e0a953e32705ca7b837e07f9],
    PUP.Optional.BonanzaDeals.A, C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job, Quarantined, [96bba750890069cd3e845b894db705fb],
    PUP.Optional.BonanzaDeals.A, C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job, Quarantined, [a0b17681b0d949eda81a04e024e0f60a],
    PUP.Optional.BonanzaDeals.A, C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Quarantined, [4a0702f5cabf092d12e005417093e917],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    # AdwCleaner v4.109 - Rapport aangemaakt 01/02/2015 op 16:49:48
    # Laatste Update 24/01/2015 door Xplode
    # Database : 2015-01-26.1 [Live]
    # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
    # Gebruikersnaam : Jaime - D530
    # Gestart vanuit : C:\Documents and Settings\Jaime\Mijn documenten\Downloads\adwcleaner_4.109.exe
    # Optie : Verwijderen

    ***** [ Services ] *****


    ***** [ Bestanden / Mappen ] *****

    Map Verwijderd : C:\Documents and Settings\All Users\Application Data\Babylon
    Map Verwijderd : C:\Documents and Settings\Jaime\Local Settings\Application Data\Mobogenie
    Map Verwijderd : C:\Documents and Settings\Jaime\Application Data\Systweak
    Bestand Verwijderd : C:\WINDOWS\system32\roboot.exe
    Bestand Verwijderd : C:\Documents and Settings\Jaime\daemonprocess.txt

    ***** [ Taken ] *****


    ***** [ Snelkoppelingen ] *****


    ***** [ Register ] *****

    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Sleutel Verwijderd : HKCU\Software\AVG Secure Search
    Sleutel Verwijderd : HKLM\SOFTWARE\systweak
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v30.0 (nl)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [1702 octets] - [01/02/2015 16:46:19]
    AdwCleaner[S0].txt - [1650 octets] - [01/02/2015 16:49:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1710 octets] ##########

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.67.2
    Run by Jaime at 16:56:21 on 2015-02-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.278 [GMT 1:00]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [AVG-Secure-Search-Update_1213b] c:\documents and settings\jaime\application data\avg 1213b campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=ed535fe0439f47d39724d158c39e22c3-06a9c2bfbe23c58d5ebf39afd011f419f30d2726 /CMPID=1213b
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    TCP: NameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{0C6CB484-30FE-4104-BD01-E0443543FFC9} : DHCPNameServer = 8.8.8.8 8.8.4.4
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jaime\application data\mozilla\firefox\profiles\tlyg71x7.default\
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_296.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-1-30 114904]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== Created Last 30 ================
    .
    2015-02-01 15:46:15 -------- d-----w- C:\AdwCleaner
    2015-01-30 18:58:56 52440 ----a-w- c:\windows\system32\drivers\jgmx.sys
    2015-01-30 17:28:49 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-30 17:28:13 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-30 17:28:13 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-01-30 17:28:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2015-01-30 17:28:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2015-01-29 14:06:08 18126512 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2015-01-28 15:07:05 -------- d-----w- c:\documents and settings\jaime\application data\.clamwin
    2015-01-28 15:06:26 -------- d-----w- c:\program files\ClamWin
    2015-01-28 15:06:26 -------- d-----w- c:\documents and settings\jaime\.clamwin
    .
    ==================== Find3M ====================
    .
    2015-01-29 14:06:17 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-01-29 14:06:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 16:56:52,68 ===============
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2015-02-01 17:24:52
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.01 37,27GB
    Running: pd44ornd.exe; Driver: C:\DOCUME~1\Jaime\LOCALS~1\Temp\pxtdapog.sys


    ---- Kernel code sections - GMER 2.1 ----

    ? C:\DOCUME~1\Jaime\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 018BB8D0 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 018B7B07 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtQueryFullAttributesFile 7C90D7AE 5 Bytes JMP 018B7820 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 018B7A00 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtReadFileScatter 7C90D9DE 5 Bytes JMP 0210CCC0 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 018BBFE0 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!NtWriteFileGather 7C90DF8E 5 Bytes JMP 0210CC6F C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10001EAE C:\Program Files\Mozilla Firefox\mozglue.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] kernel32.dll!lstrlenW + 43 7C7D9AEC 3 Bytes JMP 020D9E88 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] kernel32.dll!lstrlenW + 47 7C7D9AF0 3 Bytes [85, EB, F9] {TEST EBX, EBP; STC }
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] kernel32.dll!MapViewOfFileEx + 6A 7C7DB9A0 7 Bytes JMP 020D9E65 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] kernel32.dll!ValidateLocale + B648 7C814EE0 7 Bytes JMP 018B8236 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] GDI32.dll!SetDIBitsToDevice + 20A 77E49E14 7 Bytes JMP 020D9DE6 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3928] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 01FE7585 C:\Program Files\Mozilla Firefox\xul.dll

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  • #2
    Je werkt met een OS dat niet meer ondersteund wordt: XP
    Dit OS behandelen op malware is hetzelfde als dweilen met de kraan open. Nutteloos dus

    Een paar mogelijkheden opgesomd:

    - Of je koopt een nieuwe pc (ik kan me niet indenken dat een pc die draait op een XP geschikt is voor W 8.1)

    - Of je zet je XP machine offline. Dus niet aan het internet (dus ook niet verbonden met andere pc's via een router die wél op het internet kunnen).

    - Of (en dat is eveneens een mogelijkheid) je zet er Linux op (desnoods met Wine = Windows omgeving).
    Last edited by Emphyrio; 02-02-15, 01:59. Reden: typo
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment

    Working...
    X