Ik heb nu een laptop (win 7) gekregen met het politie virus. Ik weet alleen de kenmerken 'Politievirus', 'Porno' en '100 euro'. En dat de webcam een foto heeft gemaakt die zichtbaar was in het bericht.
De computer start nadat ik hem heb gekregen alleen op met een wit scherm. Taakbeheer enzo start niet op. Als ik op de uit knop druk zie ik heel even op de achtergrond het bureaublad.
En bij het opstarten in veilige modus sluit die gewoon weer af.
Graag advies wat ik nu het beste kan doen/
2
Administrator
Administrator
Hoi,
Voer als eerste eens HitmanPro.Kickstart uit.
Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer
Klik hier om de uitgebreide handleiding te raadplegen
Voer als eerste eens HitmanPro.Kickstart uit.
Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer
Klik hier om de uitgebreide handleiding te raadplegen
- HitmanPro downloaden.(Kies hier de 32 of 64 bit versie).
- Dubbelklik op HitmanPro36.exe of HitmanPro36_64.exe om het programma op te starten.
- Klik in het beginscherm op de "Kickstartknop" zoals u kunt zien in het onderstaande rode kader.
- Indien er reeds een USB-stick is aangesloten zal HitmanPro Kickstart deze automatisch herkennen en weergeven.
- Klik deze USB-stick éénmaal aan waarna u de keuze krijgt om Kickstart te installeren op de USB-stick.
-
Voordat HitmanPro.Kickstart wordt geïnstalleerd wordt de USB-stick opnieuw geformatteerd.
Waarschuwing! Bij het opnieuw formatteren gaan alle gegevens verloren die op de USB-stick zijn opgeslagen.
- Nadat de HitmanPro Kickstart USB-stick is aangemaakt zal deze automatisch “veilig verwijderd” worden van het betreffende systeem waarop deze is aangemaakt.
- Start de geïnfecteerde computer op van de HitmanPro.Kickstart USB-stick. (Hoe u de computer van een USB-stick kunt opstarten lees u hier)
- Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
- Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
- Als de scan klaar is klik je op "volgende"
- Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
- Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
- Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
Post dit logje. - Klik nu op de knop "Herstarten".
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
3
PC Web Plus - Member
PC Web Plus - Member
Als ik de gratis licentie van HitmanPro 3.7.1 volgens de instructie wil activeren op de geïnfecteerde pc krijg ik de melding dat dit door Firewall instellingen niet mogelijk is.
Ik weet dus niet hoe ik op deze geïnfecteerde pc nu bij die firewall instellingen kom om deze melding op te lossen.
Graag advies. Alvast bedankt.
Melding:
Er heeft zich een fout voor gedaan tijdens het activatieproces (foutcode 26). Wellicht blokkeert firewall-software op uw computer het programma HitmanPro35.exe. Stel uw firewall zo in dat het deze toepassing vertrouwd (alle netwerkactiviteiten toestaan).
Ik weet dus niet hoe ik op deze geïnfecteerde pc nu bij die firewall instellingen kom om deze melding op te lossen.
Graag advies. Alvast bedankt.
Melding:
Er heeft zich een fout voor gedaan tijdens het activatieproces (foutcode 26). Wellicht blokkeert firewall-software op uw computer het programma HitmanPro35.exe. Stel uw firewall zo in dat het deze toepassing vertrouwd (alle netwerkactiviteiten toestaan).
4
Hoi jws,
Als je vaker achter elkaar probeert om HitmanPro te activeren, blijft het dan mis gaan? Soms wil het niet zo vlotjes lukken met het activeren van HitmanPro, dit hoeft niet aan de instellingen van de firewall te liggen. Zou je het nog een keer willen proberen?
Als je vaker achter elkaar probeert om HitmanPro te activeren, blijft het dan mis gaan? Soms wil het niet zo vlotjes lukken met het activeren van HitmanPro, dit hoeft niet aan de instellingen van de firewall te liggen. Zou je het nog een keer willen proberen?
5
PC Web Plus - Member
PC Web Plus - Member
Ik heb nadat die wederom de melding gaf de netwerkkabel er uit getrokken. Toen kwam dezelfde melding maar dan met code 20. Vervolgens netwerkkabel er weer in toen weer op activeren gedrukt en toen deed hij het ineens...
Code: Selecteer alles
HitmanPro 3.7.1.186
www.hitmanpro.com
Computer name . . . . : BLOM-LAPTOP
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Blom-Laptop\Blom
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-01-26 20:19:37
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 47s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 6
Traces . . . . . . . : 53
Objects scanned . . . : 1.246.768
Files scanned . . . . : 28.396
Remnants scanned . . : 301.995 files / 916.377 keys
Malware _____________________________________________________________________
C:\Users\Blom\AppData\Local\Temp\CE5LES.exe -> Quarantined
Size . . . . . . . : 29.696 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:35:50)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 52DD6744E22C0487011DC428733459C170981DAF0A24EFCC7AFDBA2E672FF03D
> G Data . . . . . . : Gen:Variant.Symmi.9244 (Engine A)
> Ikarus . . . . . . : Trojan-Downloader.Win32.Karagany!IK
Fuzzy . . . . . . : 109.0
C:\Users\Blom\AppData\Local\Temp\msimg32.dll -> Quarantined
Size . . . . . . . : 163.840 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:36:20)
Entropy . . . . . : 7.4
SHA-256 . . . . . : 0FB4177CC9BCE1285C3BCF30EBE0A801D289DF759FDE6B6CB735204801628EFC
> G Data . . . . . . : Gen:Variant.Symmi.9250 (Engine A)
Fuzzy . . . . . . : 117.0
C:\Users\Blom\AppData\Local\Temp\~!#C065.tmp -> Quarantined
Size . . . . . . . : 57.344 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:36:12)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 392F4FDC75CC218FBC9140F4E6D7FFF8EDD710D5D3E605EA2D56DD710F8D4A09
> G Data . . . . . . : Gen:Variant.Symmi.9244
Fuzzy . . . . . . : 126.0
C:\Users\Blom\AppData\Local\Temp\~!#CCD4.tmp -> Quarantined
Size . . . . . . . : 163.840 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:36:15)
Entropy . . . . . : 7.4
SHA-256 . . . . . : FB8932CE347F1B2499A763BA0F4DAA42DEA497DF0E777ED64072E8DF2C98CD2F
> G Data . . . . . . : Trojan.Generic.KDZ.5228 (Engine A)
Fuzzy . . . . . . : 121.0
C:\Users\Blom\AppData\Local\Temp\~!#D59C.tmp -> Quarantined
Size . . . . . . . : 106.496 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:36:17)
Entropy . . . . . : 6.1
SHA-256 . . . . . : D60ACE042C56426CCF93F58D8DD25BB1BDCFA001C50F8436DDAD34E4710D700E
> G Data . . . . . . : Trojan.Generic.KDZ.5212 (Engine A)
Fuzzy . . . . . . : 117.0
C:\Users\Blom\AppData\Roaming\skype.dat -> Quarantined
Size . . . . . . . : 106.496 bytes
Age . . . . . . . : 3.2 days (2013-01-23 14:36:25)
Entropy . . . . . : 6.1
SHA-256 . . . . . : D60ACE042C56426CCF93F58D8DD25BB1BDCFA001C50F8436DDAD34E4710D700E
> G Data . . . . . . : Trojan.Generic.KDZ.5212 (Engine A)
Fuzzy . . . . . . : 145.0
Startup
HKU\S-1-5-21-1510659741-3091365840-695041292-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Cookies _____________________________________________________________________
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.traveladshop.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverteerdirect.nl
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:deltalloyd.adservinginternational.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:edsa.122.2o7.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:idfact.adservinginternational.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:int.sitestat.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:kiemer.adservinginternational.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:kpn.solution.weborama.fr
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:vodafonebranding.solution.weborama.fr
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\Blom\AppData\Roaming\Microsoft\Windows\Cookies\6HEU0Y2W.txt
6
Administrator
Administrator
Hoi,
Mooi dat dit is gelukt, voer nu DDS eens uit en plaats hiervan het logje.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op DDS om de tool te starten.
Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
Mooi dat dit is gelukt, voer nu DDS eens uit en plaats hiervan het logje.
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op DDS om de tool te starten.
Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
- DDS.txt
- Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
7
PC Web Plus - Member
PC Web Plus - Member
Hierbij:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Blom at 9:57:36 on 2013-01-27
.
============== Running Processes ================
.
C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA" onclick="window.open(this.href);return false;
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Spotify Web Helper] "C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{B363817B-64C7-4080-A1F6-1189F1D0559B} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{B363817B-64C7-4080-A1F6-1189F1D0559B}\54D696E656E647 : DHCPNameServer = 192.168.0.1 212.54.35.25
TCP: Interfaces\{DF2908AA-0953-4630-97B5-719B725673F2} : DHCPNameServer = 172.16.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] D_HD.ZIP" /H
x64-Run: [SynTPEnh] H.EXE
x64-Run: [TPwrMain] .EXE
x64-Run: [TCrdMain] .EXE
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] DER.EXE
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? cjxlqscb;cjxlqscb
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? GamesAppService;GamesAppService
R? hitmanpro37;HitmanPro 3.7 Support Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Netwerkinspectie
R? RtkBtFilter;Realtek Bluetooth Filter Driver
R? SkypeUpdate;Skype Updater
R? TDEIO;TDEIO
R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies-service
R? wlcrasvc;Windows Live Mesh remote connections service
S? GFNEXSrv;GFNEX Service
S? IntcDAud;Intel(R) Display Audio
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? Intel(R) ME Service;Intel(R) ME Service
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? MpFilter;Microsoft Malware Protection Driver
S? NAUpdate;Nero Update
S? NBVol;Nero Backup Volume Filter Driver
S? NBVolUp;Nero Backup Volume Upper Filter Driver
S? PGEffect;Pangu effect driver
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? RTL8167;Realtek 8167 NT Driver
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? tos_sps64;TOSHIBA tos_sps64 Service
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
S? UNS;Intel(R) Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2013-01-27 08:57:15 49872 ----a-w- C:\windows\System32\drivers\cjxlqscb.sys
2013-01-27 08:57:09 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0216217-04FE-48D1-8CEA-B0DFF77DD7BA}\offreg.dll
2013-01-27 08:55:18 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF8E0213-B97A-4FE9-8610-8015CB10A4B1}\gapaengine.dll
2013-01-27 08:55:14 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0216217-04FE-48D1-8CEA-B0DFF77DD7BA}\mpengine.dll
2013-01-27 08:52:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-27 08:52:49 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-27 08:52:32 -------- d-----w- C:\91f30a6dbaaf10de89b9
2013-01-26 19:50:38 -------- d-----w- C:\Users\Blom\AppData\Roaming\Malwarebytes
2013-01-26 19:50:28 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-26 19:50:25 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-01-26 19:50:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 19:50:14 -------- d-----w- C:\Users\Blom\AppData\Local\Programs
2013-01-26 19:25:28 32152 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2013-01-26 17:54:01 -------- d-----w- C:\Program Files\HitmanPro
2013-01-26 17:48:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Ybfoe
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Umqyzi
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Qoakuf
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Rogyew
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Ipez
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Fenut
2013-01-09 08:26:43 750592 ----a-w- C:\windows\System32\win32spl.dll
2013-01-09 08:26:43 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-01-09 08:26:22 2002432 ----a-w- C:\windows\System32\msxml6.dll
2013-01-09 08:26:22 1882624 ----a-w- C:\windows\System32\msxml3.dll
2013-01-09 08:26:22 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-01-09 08:26:21 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-01-09 08:26:20 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-01-09 08:26:20 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-01-09 08:26:17 800768 ----a-w- C:\windows\System32\usp10.dll
2013-01-09 08:26:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2013-01-09 08:24:39 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-09 08:23:52 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-09 08:23:50 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-12-28 12:52:06 -------- d-----w- C:\Users\Blom\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
.
============= FINISH: 9:58:15,23 ===============
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Blom at 9:57:36 on 2013-01-27
.
============== Running Processes ================
.
C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA" onclick="window.open(this.href);return false;
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Spotify Web Helper] "C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab" onclick="window.open(this.href);return false;
TCP: NameServer = 172.16.0.1
TCP: Interfaces\{B363817B-64C7-4080-A1F6-1189F1D0559B} : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{B363817B-64C7-4080-A1F6-1189F1D0559B}\54D696E656E647 : DHCPNameServer = 192.168.0.1 212.54.35.25
TCP: Interfaces\{DF2908AA-0953-4630-97B5-719B725673F2} : DHCPNameServer = 172.16.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = userinit.exe,
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] D_HD.ZIP" /H
x64-Run: [SynTPEnh] H.EXE
x64-Run: [TPwrMain] .EXE
x64-Run: [TCrdMain] .EXE
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] DER.EXE
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? cjxlqscb;cjxlqscb
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? GamesAppService;GamesAppService
R? hitmanpro37;HitmanPro 3.7 Support Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Netwerkinspectie
R? RtkBtFilter;Realtek Bluetooth Filter Driver
R? SkypeUpdate;Skype Updater
R? TDEIO;TDEIO
R? TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO)
R? TMachInfo;TMachInfo
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies-service
R? wlcrasvc;Windows Live Mesh remote connections service
S? GFNEXSrv;GFNEX Service
S? IntcDAud;Intel(R) Display Audio
S? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
S? Intel(R) ME Service;Intel(R) ME Service
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
S? MpFilter;Microsoft Malware Protection Driver
S? NAUpdate;Nero Update
S? NBVol;Nero Backup Volume Filter Driver
S? NBVolUp;Nero Backup Volume Upper Filter Driver
S? PGEffect;Pangu effect driver
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? RTL8167;Realtek 8167 NT Driver
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? tos_sps64;TOSHIBA tos_sps64 Service
S? TOSHIBA eco Utility Service;TOSHIBA eco Utility Service
S? TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service
S? TPCHSrv;TPCH Service
S? TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver
S? UNS;Intel(R) Management and Security Application User Notification Service
.
=============== Created Last 30 ================
.
2013-01-27 08:57:15 49872 ----a-w- C:\windows\System32\drivers\cjxlqscb.sys
2013-01-27 08:57:09 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0216217-04FE-48D1-8CEA-B0DFF77DD7BA}\offreg.dll
2013-01-27 08:55:18 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF8E0213-B97A-4FE9-8610-8015CB10A4B1}\gapaengine.dll
2013-01-27 08:55:14 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0216217-04FE-48D1-8CEA-B0DFF77DD7BA}\mpengine.dll
2013-01-27 08:52:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-01-27 08:52:49 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-01-27 08:52:32 -------- d-----w- C:\91f30a6dbaaf10de89b9
2013-01-26 19:50:38 -------- d-----w- C:\Users\Blom\AppData\Roaming\Malwarebytes
2013-01-26 19:50:28 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-26 19:50:25 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-01-26 19:50:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 19:50:14 -------- d-----w- C:\Users\Blom\AppData\Local\Programs
2013-01-26 19:25:28 32152 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2013-01-26 17:54:01 -------- d-----w- C:\Program Files\HitmanPro
2013-01-26 17:48:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Ybfoe
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Umqyzi
2013-01-26 08:03:28 -------- d-----w- C:\Users\Blom\AppData\Roaming\Qoakuf
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Rogyew
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Ipez
2013-01-23 13:36:21 -------- d-----w- C:\Users\Blom\AppData\Roaming\Fenut
2013-01-09 08:26:43 750592 ----a-w- C:\windows\System32\win32spl.dll
2013-01-09 08:26:43 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-01-09 08:26:22 2002432 ----a-w- C:\windows\System32\msxml6.dll
2013-01-09 08:26:22 1882624 ----a-w- C:\windows\System32\msxml3.dll
2013-01-09 08:26:22 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2013-01-09 08:26:21 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-01-09 08:26:20 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-01-09 08:26:20 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-01-09 08:26:17 800768 ----a-w- C:\windows\System32\usp10.dll
2013-01-09 08:26:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2013-01-09 08:24:39 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-01-09 08:23:52 68608 ----a-w- C:\windows\System32\taskhost.exe
2013-01-09 08:23:50 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-12-28 12:52:06 -------- d-----w- C:\Users\Blom\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
.
============= FINISH: 9:58:15,23 ===============
8
Administrator
Administrator
Hoi,
Download zoek.exe naar het bureaublad.
Download zoek.exe naar het bureaublad.
- Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.- Dubbelklik op Zoek.exe om de tool te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Kopieer nu onderstaande code en plak die in het grote invulvenster:
- Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code: Selecteer alles
emptyclsid; cjxlqscb;s C:\windows\System32\drivers\cjxlqscb.sys;f C:\91f30a6dbaaf10de89b9;vs C:\Users\Blom\AppData\Roaming\Ybfoe;f C:\Users\Blom\AppData\Roaming\Umqyzi;f C:\Users\Blom\AppData\Roaming\Qoakuf;f C:\Users\Blom\AppData\Roaming\Rogyew;f C:\Users\Blom\AppData\Roaming\Ipez;f C:\Users\Blom\AppData\Roaming\Fenut;f startupall; filesrcm; - Klik nu op de knop "Run script".
- Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
- Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
- Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
9
PC Web Plus - Member
PC Web Plus - Member
Helaas loopt zoek.exe sinds 10.14. Ik heb het idee dat die is vastgelopen. Ik zag in een log Folders op de c schijf het volgende:
"C:\zoek\S-1-5-18$f7b5dd373ec45191a685175bb8211405"
"C:\zoek\S-1-5-21$f7b5dd373ec45191a685175bb8211405"
"C:\zoek"
Wat nu te doen? Alvast bedankt
"C:\zoek\S-1-5-18$f7b5dd373ec45191a685175bb8211405"
"C:\zoek\S-1-5-21$f7b5dd373ec45191a685175bb8211405"
"C:\zoek"
Wat nu te doen? Alvast bedankt
10
Administrator
Administrator
Hoi,
Herstart de computer en voer Zoek.exe dan even opnieuw uit met het volgende script.
Herstart de computer en voer Zoek.exe dan even opnieuw uit met het volgende script.
- Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.- Dubbelklik op Zoek.exe om de tool te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Kopieer nu onderstaande code en plak die in het grote invulvenster:
- Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code: Selecteer alles
{7DB2D5A0-7241-4E79-B68D-6309F01C5231};c cjxlqscb;s C:\windows\System32\drivers\cjxlqscb.sys;f C:\91f30a6dbaaf10de89b9;vs C:\Users\Blom\AppData\Roaming\Ybfoe;f C:\Users\Blom\AppData\Roaming\Umqyzi;f C:\Users\Blom\AppData\Roaming\Qoakuf;f C:\Users\Blom\AppData\Roaming\Rogyew;f C:\Users\Blom\AppData\Roaming\Ipez;f C:\Users\Blom\AppData\Roaming\Fenut;f startupall; filesrcm; - Klik nu op de knop "Run script".
- Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
- Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
- Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
11
PC Web Plus - Member
PC Web Plus - Member
Bedankt. Nu wel gelukt.
Zoek.exe Version 4.0.0.1 Updated 26-January-2013
Tool run by Blom on zo 27-01-2013 at 11:12:22,43.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1510659741-3091365840-695041292-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\Blom\AppData\Roaming\Ybfoe\xoke.xiy" deleted
"C:\Users\Blom\AppData\Roaming\Umqyzi\rooll.exe" deleted
"C:\Users\Blom\AppData\Roaming\Qoakuf\fiaka.wue" deleted
"C:\Users\Blom\AppData\Roaming\Rogyew\xuop.keh" deleted
"C:\Users\Blom\AppData\Roaming\Ybfoe" deleted
"C:\Users\Blom\AppData\Roaming\Umqyzi" deleted
"C:\Users\Blom\AppData\Roaming\Qoakuf" deleted
"C:\Users\Blom\AppData\Roaming\Rogyew" deleted
"C:\Users\Blom\AppData\Roaming\Ipez" deleted
"C:\Users\Blom\AppData\Roaming\Fenut" deleted
==== Files Recently Created / Modified ======================
====== C:\windows ====
2013-01-27 08:53:13 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\windows\epplauncher.mif
====== C:\Users\Blom\AppData\Local\Temp ====
2013-01-23 13:36:20 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Blom\AppData\Local\Temp\InstallFlashPlayer.exe
====== C:\windows\SysWOW64 =====
2013-01-27 09:08:07 B99AF7D8345824ECE18D77172319D540 95648 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2013-01-26 19:23:59 AA3F3417A0C999CF2B54AD37400AA055 1384 ----a-w- C:\windows\Sysnative\.crusader
====== C:\windows\Sysnative\drivers =====
2013-01-26 19:50:25 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2013-01-26 19:25:28 DD9C88B116408B30F855A76E09DD2962 32152 ----a-w- C:\windows\Sysnative\drivers\hitmanpro37.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-01-26 17:54:01 -------- d-----w- C:\Program Files\HitmanPro
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Blom\AppData\Roaming ======
2013-01-26 19:50:14 -------- d-----w- C:\users\Blom\AppData\Local\Programs
2013-01-23 13:41:25 2A796884ABDADE5378CCAB74113DF747 4 ----a-w- C:\users\Blom\AppData\Roaming\skype.ini
2013-01-23 13:35:37 -------- d-----w- C:\users\Blom\AppData\Locallow\Sun
2012-12-28 12:52:06 -------- d-----w- C:\users\Blom\AppData\Local\Microsoft Games
====== C:\Users\Blom ======
2013-01-26 17:48:48 -------- d-----w- C:\ProgramData\HitmanPro
====== C: exe-files ==
2013-01-26 19:49:49 68B59B1AEF0DFC71005836216A29BB65 700768 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.56\24.0.1312.56_24.0.1312.52_chrome_updater.exe
2013-01-26 17:54:01 4DEE41A32B565D7D315986E7D0B2486E 9710776 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-01-23 13:36:20 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Blom\AppData\Local\Temp\InstallFlashPlayer.exe
=== C: other files ==
2013-01-27 09:14:08 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Blom\AppData\Local\Temp\scripttest.vbs
2013-01-27 09:08:07 B99AF7D8345824ECE18D77172319D540 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-27 08:54:45 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Blom\Desktop\dds.com
2013-01-26 19:50:25 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-26 19:25:28 DD9C88B116408B30F855A76E09DD2962 32152 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-01-23 13:36:27 0849CFE65B98BA5FCD9A9EC61A671D09 75 ----a-w- C:\Users\Blom\AppData\Local\Temp\abcd.bat
2013-01-23 13:36:22 D2E053738EAFCC3590CF82AA50B877DC 190 ----a-w- C:\Users\Blom\AppData\Local\Temp\tmpb299831d.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1510659741-3091365840-695041292-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==== Startup Folders ======================
2012-06-21 22:39:37 1262 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-06-21 22:39:37 1262 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-05-10 21:18:55 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
==== Task Scheduler Jobs ======================
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-05-2012 22:25]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-05-2012 22:30]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-05-2012 22:30]
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
After Reboot
Zoek.exe Version 4.0.0.1 Updated 26-January-2013
Tool run by Blom on zo 27-01-2013 at 11:12:22,43.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1510659741-3091365840-695041292-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\Blom\AppData\Roaming\Ybfoe\xoke.xiy" deleted
"C:\Users\Blom\AppData\Roaming\Umqyzi\rooll.exe" deleted
"C:\Users\Blom\AppData\Roaming\Qoakuf\fiaka.wue" deleted
"C:\Users\Blom\AppData\Roaming\Rogyew\xuop.keh" deleted
"C:\Users\Blom\AppData\Roaming\Ybfoe" deleted
"C:\Users\Blom\AppData\Roaming\Umqyzi" deleted
"C:\Users\Blom\AppData\Roaming\Qoakuf" deleted
"C:\Users\Blom\AppData\Roaming\Rogyew" deleted
"C:\Users\Blom\AppData\Roaming\Ipez" deleted
"C:\Users\Blom\AppData\Roaming\Fenut" deleted
==== Files Recently Created / Modified ======================
====== C:\windows ====
2013-01-27 08:53:13 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\windows\epplauncher.mif
====== C:\Users\Blom\AppData\Local\Temp ====
2013-01-23 13:36:20 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Blom\AppData\Local\Temp\InstallFlashPlayer.exe
====== C:\windows\SysWOW64 =====
2013-01-27 09:08:07 B99AF7D8345824ECE18D77172319D540 95648 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2013-01-26 19:23:59 AA3F3417A0C999CF2B54AD37400AA055 1384 ----a-w- C:\windows\Sysnative\.crusader
====== C:\windows\Sysnative\drivers =====
2013-01-26 19:50:25 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2013-01-26 19:25:28 DD9C88B116408B30F855A76E09DD2962 32152 ----a-w- C:\windows\Sysnative\drivers\hitmanpro37.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2013-01-26 17:54:01 -------- d-----w- C:\Program Files\HitmanPro
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Blom\AppData\Roaming ======
2013-01-26 19:50:14 -------- d-----w- C:\users\Blom\AppData\Local\Programs
2013-01-23 13:41:25 2A796884ABDADE5378CCAB74113DF747 4 ----a-w- C:\users\Blom\AppData\Roaming\skype.ini
2013-01-23 13:35:37 -------- d-----w- C:\users\Blom\AppData\Locallow\Sun
2012-12-28 12:52:06 -------- d-----w- C:\users\Blom\AppData\Local\Microsoft Games
====== C:\Users\Blom ======
2013-01-26 17:48:48 -------- d-----w- C:\ProgramData\HitmanPro
====== C: exe-files ==
2013-01-26 19:49:49 68B59B1AEF0DFC71005836216A29BB65 700768 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\24.0.1312.56\24.0.1312.56_24.0.1312.52_chrome_updater.exe
2013-01-26 17:54:01 4DEE41A32B565D7D315986E7D0B2486E 9710776 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-01-23 13:36:20 2FF9B590342C62748885D459D082295F 89248 --sha-w- C:\Users\Blom\AppData\Local\Temp\InstallFlashPlayer.exe
=== C: other files ==
2013-01-27 09:14:08 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Blom\AppData\Local\Temp\scripttest.vbs
2013-01-27 09:08:07 B99AF7D8345824ECE18D77172319D540 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-27 08:54:45 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Blom\Desktop\dds.com
2013-01-26 19:50:25 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-26 19:25:28 DD9C88B116408B30F855A76E09DD2962 32152 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-01-23 13:36:27 0849CFE65B98BA5FCD9A9EC61A671D09 75 ----a-w- C:\Users\Blom\AppData\Local\Temp\abcd.bat
2013-01-23 13:36:22 D2E053738EAFCC3590CF82AA50B877DC 190 ----a-w- C:\Users\Blom\AppData\Local\Temp\tmpb299831d.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1510659741-3091365840-695041292-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Blom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==== Startup Folders ======================
2012-06-21 22:39:37 1262 ----a-w- C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-06-21 22:39:37 1262 ----a-w- C:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-05-10 21:18:55 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk
==== Task Scheduler Jobs ======================
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-05-2012 22:25]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-05-2012 22:30]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-05-2012 22:30]
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
After Reboot
12
Administrator
Administrator
Hoi,
Start Zoek.exe nogmaals om de laatste restanten te verwijderen.
Start Zoek.exe nogmaals om de laatste restanten te verwijderen.
- Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.- Dubbelklik op Zoek.exe om de tool te starten.
- Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
- Kopieer nu onderstaande code en plak die in het grote invulvenster:
- Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Code: Selecteer alles
C:\users\Blom\AppData\Roaming\skype.ini;f autoclean; - Klik nu op de knop "Run script".
- Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
- Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
- Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
13
PC Web Plus - Member
PC Web Plus - Member
Hierbij:
Zoek.exe Version 4.0.0.1 Updated 26-January-2013
Tool run by Blom on zo 27-01-2013 at 11:31:42,11.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\users\Blom\AppData\Roaming\skype.ini" deleted
"C:\Users\Blom\AppData\Roaming\skype.ini" deleted
"C:\ProgramData\Partner" deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TEUA"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6EE3D744-8374-45D8-9203-9908E4E4EB79}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EE3D744-8374-45D8-9203-9908E4E4EB79}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Blom\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
Zoek.exe Version 4.0.0.1 Updated 26-January-2013
Tool run by Blom on zo 27-01-2013 at 11:31:42,11.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\users\Blom\AppData\Roaming\skype.ini" deleted
"C:\Users\Blom\AppData\Roaming\skype.ini" deleted
"C:\ProgramData\Partner" deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TEUA"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6EE3D744-8374-45D8-9203-9908E4E4EB79}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EE3D744-8374-45D8-9203-9908E4E4EB79}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\Blom\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Blom\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Blom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
14
Administrator
Administrator
Hoi,
Dit ziet er prima uit, voer nu nog eens een scan uit met Malwarebytes Anti-Malware.
Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Bij problemen!!! (Lees de onderstaande instructies)
Dit ziet er prima uit, voer nu nog eens een scan uit met Malwarebytes Anti-Malware.
Download MalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
- Update MalwareBytes' Anti-Malware
- Start MalwareBytes' Anti-Malware
- Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Bij problemen!!! (Lees de onderstaande instructies)
- Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
- Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
- Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
- Druk vervolgens op "Scannen" om de scan te starten.
- Het scannen kan een tijdje duren, dus wees geduldig.
- Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
- Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
- Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
15
PC Web Plus - Member
PC Web Plus - Member
Na de snelle scan ook de volledige scan gedaan niks gevonden.
Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: v2013.01.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blom :: BLOM-LAPTOP [administrator]
27-1-2013 12:06:57
mbam-log-2013-01-27 (12-06-57).txt
Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 366103
Verstreken tijd: 42 minuut/minuten, 30 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: v2013.01.26.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blom :: BLOM-LAPTOP [administrator]
27-1-2013 12:06:57
mbam-log-2013-01-27 (12-06-57).txt
Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 366103
Verstreken tijd: 42 minuut/minuten, 30 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)