Forumoverzicht Malware en virusinfectie problemen Hulp bij malware en virusinfectie problemen (HijackThis / RSIT / DDS logs) Opgeloste problemen / logs

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.

Buma Stemra Virus Verwijderen

Berichtdoor ro010 » di 29 mei, 2012 17:05:05

Hallo iedereen kan iemand mij helpen dit virus te verwijderen. Ik kan het .exe bestandje niet vinden met de Kaspersky CD. Dit zijn de logbestanden van Malwarebytes en DDS gevoerd in de veilige modus.. Alvast bedankt.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514
Run by Paula at 16:57:10 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.3043 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
mStart Page = hxxp://www.bigseekpro.com/easywebcamrecording2/{3EA1D25B-03D6-4F6D-8A3E-0B421B020916}
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbhelper.dll
mWinlogon: Userinit=userinit.exe
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120526193522.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: DealBulldog Toolbar Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\DealBulldog Toolbar Toolbar\tbcore3.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [WeatherBugAlert] "C:\Program Files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe" /st
uRun: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\K8H0PP~1.LNK - C:\Users\Paula\AppData\Local\Temp\k8h0pp.exe
StartupFolder: C:\Users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2E38DC49-EF71-43BE-A9E2-C84D040A2E4A} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{00cbb66b-1d3b-46d3-9577-323a336acb50}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{336D0C35-8A85-403a-B9D2-65C292C39087}
{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{963B125B-8B21-49A2-A3A8-E37092276531}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{F9639E4A-801B-4843-AEE3-03D9DA199E77}
{338B4DFE-2E2C-4338-9E41-E176D497299E}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=ibgfbdggapddbjjbopabhlhianklajie
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun-x64: [(standaard)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-2-24 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-2-24 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-2-24 199272]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-23 2656536]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\system32\DRIVERS\wcmvcam64.sys --> C:\Windows\system32\DRIVERS\wcmvcam64.sys [?]
S2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-5-13 185856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-24 136176]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
.
=============== Created Last 30 ================
.
2012-05-29 15:21:31 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-29 14:15:57 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{83FBCBA5-3020-4E20-9D2D-766FF534C2DB}\mpengine.dll
2012-05-29 14:13:32 -------- d-----w- C:\Users\Paula\AppData\Local\{6CE8E0DE-75A2-4E41-B575-5392E060EB0D}
2012-05-29 14:12:41 -------- d-----w- C:\Users\Paula\AppData\Local\{9EB89AD9-1ABF-4FF2-BD0F-FF6DF4614198}
2012-05-28 18:13:35 -------- d-----w- C:\Users\Paula\AppData\Local\{D1347343-553C-4FF0-A781-28CEF7B6E9B3}
2012-05-28 18:13:24 -------- d-----w- C:\Users\Paula\AppData\Local\{4871D538-8683-410A-A36E-F9BF24237720}
2012-05-28 16:58:12 -------- d-----w- C:\Users\Paula\AppData\Local\{2C3C2AAF-B7D5-4918-AB20-CDD65E7DD06A}
2012-05-28 16:58:01 -------- d-----w- C:\Users\Paula\AppData\Local\{C8994502-ED3F-438B-B216-61E4B679D8F7}
2012-05-28 11:19:47 -------- d-----w- C:\Users\Paula\AppData\Local\{51BE55AA-8469-4B2E-B2E9-E3033D99AE6E}
2012-05-28 11:19:34 -------- d-----w- C:\Users\Paula\AppData\Local\{8A7E6BE0-1A09-4669-820A-833B62C26AFE}
2012-05-27 23:12:04 -------- d-----w- C:\Users\Paula\AppData\Local\{B80C18BE-E36C-4712-8EB9-1D2C34D9A91D}
2012-05-27 23:11:51 -------- d-----w- C:\Users\Paula\AppData\Local\{46A163A8-A510-41FD-9D68-4153170EB090}
2012-05-27 18:02:42 -------- d-----w- C:\Users\Paula\AppData\Local\{95E1621E-3AF8-4F4A-ADC8-6E21C98BC43B}
2012-05-27 18:02:28 -------- d-----w- C:\Users\Paula\AppData\Local\{393DD154-554C-4B43-83E2-AFF5D967AAD3}
2012-05-27 17:56:34 -------- d-----w- C:\Users\Paula\AppData\Local\{20FB554D-788C-497A-8A7D-43044BB75E10}
2012-05-27 15:49:02 -------- d-----w- C:\Users\Paula\AppData\Local\{171B8628-B1BE-4BEE-8EF8-E4EFA4C3DB33}
2012-05-27 15:48:49 -------- d-----w- C:\Users\Paula\AppData\Local\{FCBBB4FB-E8F6-4AB8-958B-7C05E76C63B5}
2012-05-27 15:40:19 -------- d-----w- C:\Users\Paula\AppData\Local\{4B4FC0F2-17E4-4FED-9CDB-B4515FF3268C}
2012-05-26 22:28:03 -------- d-----w- C:\Users\Paula\AppData\Local\ElevatedDiagnostics
2012-05-26 22:17:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-26 22:17:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-26 22:07:48 -------- d-----w- C:\Users\Paula\AppData\Local\{6C5F6B00-FA76-40A6-89EF-47264C31F752}
2012-05-26 22:07:20 -------- d-----w- C:\Users\Paula\AppData\Local\{064A2E27-8249-40AA-AC80-A6608470DCFF}
2012-05-26 21:40:08 -------- d-----w- C:\Users\Paula\AppData\Roaming\Windows Search
2012-05-26 21:40:08 -------- d-----w- C:\Users\Paula\AppData\Roaming\TeamViewer
2012-05-26 18:13:02 -------- d-----w- C:\ProgramData\UAB
2012-05-26 18:12:51 -------- d-----w- C:\Users\Paula\AppData\Roaming\WebcamMax
2012-05-26 18:12:51 -------- d-----w- C:\Users\Paula\AppData\Local\PC_Drivers_Headquarters
2012-05-26 18:12:51 -------- d-----w- C:\ProgramData\WebcamMax
2012-05-26 18:09:08 -------- d-----w- C:\ProgramData\Driver Utilities
2012-05-26 18:07:33 -------- d-----w- C:\Program Files (x86)\WebcamMax
2012-05-26 18:07:09 -------- d-----w- C:\Program Files (x86)\Driver Utilities
2012-05-26 14:50:25 -------- d-----w- C:\Users\Paula\AppData\Local\{8DEB3064-DAC2-4943-9357-C2AD75B281CC}
2012-05-26 14:50:09 -------- d-----w- C:\Users\Paula\AppData\Local\{42862D9D-DA45-4D21-BB04-CC656F284056}
2012-05-22 08:50:58 -------- d-----w- C:\Users\Paula\AppData\Local\{5C8916B6-91E9-4508-888C-D379D54AB4FE}
2012-05-22 08:50:39 -------- d-----w- C:\Users\Paula\AppData\Local\{8BF2DBB6-4AD9-42F5-8A66-0AF4A53E1779}
2012-05-19 18:06:31 -------- d-----w- C:\Users\Paula\AppData\Local\{A304C783-D981-4660-A41F-7ACAB4C28256}
2012-05-19 18:05:58 -------- d-----w- C:\Users\Paula\AppData\Local\{C025CF44-3409-432C-93FA-6FCFDDCBF8C1}
2012-05-19 15:26:23 -------- d-----w- C:\Users\Paula\AppData\Local\{D8B988BD-8CC1-4085-8FEB-A1E316BF93E4}
2012-05-19 15:25:48 -------- d-----w- C:\Users\Paula\AppData\Local\{7124D00A-7D56-4AC6-898D-49C298CD1EFC}
2012-05-19 12:11:45 -------- d-----w- C:\Users\Paula\AppData\Local\{EB04305E-E6EE-4532-AFD8-E4C319025009}
2012-05-19 12:11:17 -------- d-----w- C:\Users\Paula\AppData\Local\{14C1DED3-2D4E-4E21-96FD-86F71F043FB9}
2012-05-19 08:20:22 -------- d-----w- C:\Users\Paula\AppData\Local\{D9125388-B011-4040-B38E-B91304221577}
2012-05-19 08:20:04 -------- d-----w- C:\Users\Paula\AppData\Local\{4311ADD7-F8F1-4F1A-94D6-C5617196B057}
2012-05-19 07:33:59 -------- d-----w- C:\Users\Paula\AppData\Local\{34858801-DFFB-4192-A293-BA7BEC5D01D9}
2012-05-19 07:33:43 -------- d-----w- C:\Users\Paula\AppData\Local\{FEB3E56C-B79E-4A27-9D76-B19EF0102B94}
2012-05-19 07:28:14 -------- d-----w- C:\Users\Paula\AppData\Local\{AB426A5F-E89E-4FAB-8D5D-C8E943CF6B95}
2012-05-19 07:27:45 -------- d-----w- C:\Users\Paula\AppData\Local\{B35A3F4A-F306-445A-9691-14B25DBECD9E}
2012-05-19 07:23:45 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-05-19 07:23:44 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-19 07:23:44 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-19 06:46:49 -------- d-----w- C:\Users\Paula\AppData\Local\{47145164-44BE-450F-AE54-B8A943679862}
2012-05-19 06:46:30 -------- d-----w- C:\Users\Paula\AppData\Local\{56C25272-09BD-4D69-BE9A-08A42DC0A02D}
2012-05-18 20:28:05 -------- d-----w- C:\Users\Paula\AppData\Local\{6CD0D9FF-73D1-4D1F-8937-6273B6581E86}
2012-05-18 20:27:45 -------- d-----w- C:\Users\Paula\AppData\Local\{A1007803-D348-4E9B-B461-2FE63AB5E5D2}
2012-05-18 17:59:42 -------- d-----w- C:\Users\Paula\AppData\Local\{A79039BB-AE9E-43E2-B400-D3017FE818EC}
2012-05-18 17:59:29 -------- d-----w- C:\Users\Paula\AppData\Local\{BA892503-43D4-4C28-B6FC-5407AA40FB0B}
2012-05-18 13:38:23 -------- d-----w- C:\Users\Paula\AppData\Local\{53EA0609-DB62-4697-9DE9-9D97366DACE7}
2012-05-18 13:37:39 -------- d-----w- C:\Users\Paula\AppData\Local\{569050F2-11C1-41E6-80A4-8BAEECBE7D2F}
2012-05-17 21:08:00 -------- d-----w- C:\Users\Paula\AppData\Local\{B1792294-1E5F-4387-9541-BB20C54ADF2D}
2012-05-17 21:07:29 -------- d-----w- C:\Users\Paula\AppData\Local\{44E95164-00DD-4E4C-97DA-05D22AE27010}
2012-05-17 08:39:49 -------- d-----w- C:\Users\Paula\AppData\Local\{8815E267-AC55-47A4-AB41-DE9526CE199F}
2012-05-17 08:39:11 -------- d-----w- C:\Users\Paula\AppData\Local\{458D9D43-FAAC-4BE5-A4EF-3A420997F0FE}
2012-05-16 15:16:15 -------- d-----w- C:\Users\Paula\AppData\Local\{00A12392-AE52-483E-98A4-0CA715504EBA}
2012-05-16 15:15:43 -------- d-----w- C:\Users\Paula\AppData\Local\{74459994-800E-4D38-9343-8E49FB9B87C8}
2012-05-16 11:09:30 -------- d-----w- C:\Users\Paula\AppData\Local\{BC69D60B-89ED-46A5-B02C-011CB0397B98}
2012-05-16 11:09:16 -------- d-----w- C:\Users\Paula\AppData\Local\{8F9216C7-5181-45DB-A53F-1C63601C044E}
2012-05-16 11:05:33 -------- d-----w- C:\Users\Paula\AppData\Local\{25ECFF2F-51D4-418A-9073-A525A305BC83}
2012-05-16 09:02:26 -------- d-----w- C:\Users\Paula\AppData\Local\{F5D11520-4A21-4918-B2BF-1D2C2D396050}
2012-05-16 09:02:12 -------- d-----w- C:\Users\Paula\AppData\Local\{68E3B3C3-C766-4D01-AF6C-25C3B07AD4CF}
2012-05-15 22:31:53 -------- d-----w- C:\Users\Paula\AppData\Local\{F8E223B2-17CA-422E-B597-94AB90ABBC56}
2012-05-15 22:31:41 -------- d-----w- C:\Users\Paula\AppData\Local\{D65FF4C7-7914-4803-A3E8-8F93308996E7}
2012-05-15 18:26:16 -------- d-----w- C:\Users\Paula\AppData\Local\{44391821-7005-4CBE-8E92-FDE0A94D2941}
2012-05-15 18:26:01 -------- d-----w- C:\Users\Paula\AppData\Local\{6CE1389F-1A25-4F32-80FD-B7461FEB05AE}
2012-05-15 18:03:06 -------- d-----w- C:\Users\Paula\AppData\Local\{DC6A7AC1-EBB3-4778-9F4E-976E76A1F9E6}
2012-05-15 18:02:32 -------- d-----w- C:\Users\Paula\AppData\Local\{103DFFE7-4CB6-44E1-9A27-5D703BE2CA6E}
2012-05-15 06:20:30 -------- d-----w- C:\Users\Paula\AppData\Local\{CFC9F97F-7654-4D8A-B3AB-347E0BDC5BFA}
2012-05-15 06:20:10 -------- d-----w- C:\Users\Paula\AppData\Local\{F1904B68-6300-46A8-9EF7-A8C43444C423}
2012-05-14 20:38:25 -------- d-----w- C:\Users\Paula\AppData\Local\{EB1B26E4-523F-4309-A9DD-6935AB631291}
2012-05-14 20:38:04 -------- d-----w- C:\Users\Paula\AppData\Local\{1F404573-BE66-4684-B4EC-15A2D98817BA}
2012-05-14 17:55:24 -------- d-----w- C:\Users\Paula\AppData\Local\{BABC54AC-366E-4F49-84C0-D99CB1DD1CA9}
2012-05-14 17:55:05 -------- d-----w- C:\Users\Paula\AppData\Local\{03D1E11C-124D-482E-829D-40E7EDE0E570}
2012-05-14 11:01:38 -------- d-----w- C:\Users\Paula\AppData\Local\{BE2588D8-636C-4221-B4A9-55DE7F188036}
2012-05-14 11:01:19 -------- d-----w- C:\Users\Paula\AppData\Local\{862EB885-3331-496E-955C-4387B885ED8F}
2012-05-14 06:45:35 -------- d-----w- C:\Users\Paula\AppData\Local\{A41040FE-6DA2-4979-8F0A-7F4F4E28981C}
2012-05-14 06:45:19 -------- d-----w- C:\Users\Paula\AppData\Local\{9FBEE256-6C60-4FC1-AD6C-BFD0A569FAA0}
2012-05-13 21:21:09 -------- d-----w- C:\Users\Paula\AppData\Local\{4256DE6B-0A0A-4853-B47B-893250CDF1AF}
2012-05-13 21:20:43 -------- d-----w- C:\Users\Paula\AppData\Local\{F1DC9F6F-D8BD-4E3A-9109-A5D92BEF8523}
2012-05-13 20:57:52 -------- d-----w- C:\Users\Paula\AppData\Local\MagicCamera
2012-05-13 20:57:45 -------- d-----w- C:\Program Files (x86)\ShiningMorning
2012-05-13 20:51:38 -------- d-----w- C:\Users\Paula\AppData\Local\Microsoft Games
2012-05-13 20:27:27 -------- d-----w- C:\Program Files (x86)\DealBulldog Toolbar Toolbar
2012-05-13 20:27:14 -------- d-----w- C:\Program Files (x86)\AWS
2012-05-13 20:25:57 -------- d-----w- C:\Users\Paula\AppData\Local\ManyCam
2012-05-13 20:25:56 -------- d-----w- C:\ProgramData\ManyCam
2012-05-13 20:25:55 -------- d-----w- C:\Users\Paula\AppData\Roaming\ManyCam
2012-05-13 20:25:35 -------- d-----w- C:\Program Files (x86)\ManyCam
2012-05-13 20:25:30 -------- d-----w- C:\ProgramData\Ask
2012-05-13 20:24:29 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2012-05-13 20:24:18 -------- d-----w- C:\Program Files\Web Assistant
2012-05-13 19:56:19 -------- d-----w- C:\Users\Paula\AppData\Local\{831032EC-7CFA-48D9-A978-54A03FB59415}
2012-05-13 19:56:00 -------- d-----w- C:\Users\Paula\AppData\Local\{21B67D90-4C24-4BC7-A637-6A152E85C99D}
2012-05-13 19:49:57 31216 ----a-w- C:\Windows\System32\drivers\clwvd.sys
2012-05-13 16:59:32 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-05-13 16:59:12 -------- d-----w- C:\Users\Paula\AppData\Local\APN
2012-05-13 16:31:57 -------- d-----w- C:\Users\Paula\AppData\Local\{FD228384-EA97-468C-8848-D38F4CEE64E9}
2012-05-13 16:30:51 -------- d-----w- C:\Users\Paula\AppData\Local\{6FD04CF6-2510-49EB-A308-8A74E32C85BD}
2012-05-13 16:12:53 -------- d-----w- C:\a9dc9e5936d9178aca99
2012-05-13 11:19:34 -------- d-----w- C:\Users\Paula\AppData\Local\{27E01A3B-540F-420D-82F3-73BAA2CEB3D3}
2012-05-13 11:19:15 -------- d-----w- C:\Users\Paula\AppData\Local\{6C18B9A5-552C-43A5-9920-FB59D493C0A7}
2012-05-13 06:46:11 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 06:46:11 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 06:46:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 06:46:04 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-13 06:46:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-13 06:46:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-13 06:45:07 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-13 06:44:49 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-13 06:44:45 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 06:44:45 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-13 06:44:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-13 06:44:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-13 06:44:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 06:36:14 -------- d-----w- C:\Users\Paula\AppData\Local\{97794014-D53C-4380-B854-E8136E53829D}
2012-05-13 06:35:57 -------- d-----w- C:\Users\Paula\AppData\Local\{7F1B74FF-0DA6-411D-AC5B-734D831C2DED}
2012-05-10 20:13:00 -------- d-----w- C:\Users\Paula\AppData\Local\{CFF4B4E9-07CC-4CDC-B92F-A521A3462D9C}
2012-05-10 20:12:45 -------- d-----w- C:\Users\Paula\AppData\Local\{C9F9717D-85F1-4505-8ED5-6B6D8CF046A7}
2012-05-08 17:33:00 -------- d-----w- C:\Users\Paula\AppData\Local\{8CEB9DD1-8F87-4FC8-90A9-2D9A135837D9}
2012-05-08 17:32:42 -------- d-----w- C:\Users\Paula\AppData\Local\{BECF8D3E-7D13-426F-B13B-F0EF13DD18D1}
2012-05-07 18:13:14 -------- d-----w- C:\Users\Paula\AppData\Local\{E95888ED-93D3-4668-B29A-46C95AD61E09}
2012-05-07 18:12:59 -------- d-----w- C:\Users\Paula\AppData\Local\{A87993BF-3D3D-4F00-833F-439A5EAAE9AD}
2012-05-06 06:04:43 -------- d-----w- C:\Users\Paula\AppData\Local\{FE71AE15-A4B7-4915-AA26-4705BE3B9F31}
2012-05-06 06:04:25 -------- d-----w- C:\Users\Paula\AppData\Local\{2E012663-99B0-4E0A-AE57-3F2FF244C0F5}
2012-05-04 18:34:45 -------- d-----w- C:\Users\Paula\AppData\Local\{9D8030F2-2B71-403C-BE40-62F49EB8B128}
2012-05-04 18:34:31 -------- d-----w- C:\Users\Paula\AppData\Local\{3A4681EC-5E68-4398-930F-026B5D67B768}
2012-05-04 14:30:49 -------- d-----w- C:\Users\Paula\AppData\Local\{BCA3B3DF-92BB-43C9-9222-D4B4BCA15754}
2012-05-04 14:30:34 -------- d-----w- C:\Users\Paula\AppData\Local\{D22A73B3-0A2E-46A1-B09A-1811D9FE0DF3}
2012-05-03 15:46:51 -------- d-----w- C:\Users\Paula\AppData\Local\{43159245-3D76-40E4-B3AC-30AC74A06692}
2012-05-03 15:46:33 -------- d-----w- C:\Users\Paula\AppData\Local\{058EF37B-2862-4A76-8657-9CDF95C4B10C}
2012-05-03 15:26:04 -------- d-----w- C:\Users\Paula\AppData\Local\{A520178F-5E78-4CCC-8A04-BD7F7DCFD744}
2012-05-03 15:25:52 -------- d-----w- C:\Users\Paula\AppData\Local\{2E418769-4920-4433-97FE-1F71C49C6311}
2012-04-30 08:44:39 -------- d-----w- C:\Users\Paula\AppData\Local\{5378818A-93BA-455B-9636-34246380AB65}
2012-04-30 08:44:19 -------- d-----w- C:\Users\Paula\AppData\Local\{374AA5B2-D9EB-469F-B2C0-9142A85A129D}
2012-04-29 17:59:28 -------- d-----w- C:\Users\Paula\AppData\Local\{61B0BAE3-334C-40A8-A2C6-E8C740B32ADF}
2012-04-29 17:59:12 -------- d-----w- C:\Users\Paula\AppData\Local\{2AA6A905-848A-4D5A-8DA8-7A1345B1F9AE}
2012-04-29 15:57:02 -------- d-----w- C:\Users\Paula\AppData\Local\{DE324E76-5C33-41C4-842D-13C4AFECAAB5}
2012-04-29 15:56:44 -------- d-----w- C:\Users\Paula\AppData\Local\{25751810-1269-4F61-BD02-991230916FF8}
2012-04-29 14:59:09 -------- d-----w- C:\Users\Paula\AppData\Local\{DF163B8D-A00B-44D6-8203-4FAE4FAC6CBE}
2012-04-29 14:58:51 -------- d-----w- C:\Users\Paula\AppData\Local\{56391F2C-CFDD-41D5-9633-E9E5C3DA6ABF}
.
==================== Find3M ====================
.
2012-04-15 21:32:14 1071032 ----a-w- C:\Windows\System32\drivers\wcmvcam64.sys
2012-03-30 10:14:48 18816 ----a-w- C:\Windows\System32\roboot64.exe
2012-03-20 11:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-07 10:24:26 2308096 ------w- C:\Windows\System32\jscript9.dll
2012-03-07 10:24:26 1798656 ------w- C:\Windows\SysWow64\jscript9.dll
2012-03-07 10:24:26 135168 ------w- C:\Windows\System32\IEAdvpack.dll
2012-03-07 10:24:26 110592 ------w- C:\Windows\SysWow64\IEAdvpack.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 16:57:21,80 ===============


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.05.26.06

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.7601.17514
Paula :: PAULA-PC [administrator]

27-5-2012 0:19:17
mbam-log-2012-05-27 (00-19-17).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 201141
Verstreken tijd: 2 minuut/minuten, 56 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Agent) -> Data: C:\Users\Paula\AppData\Roaming\Windows Search\{1EC8CD31-CA0E-4B54-8FA3-C611D747E765}\LicenseValidator.exe -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 3
C:\$Recycle.Bin\S-1-5-21-1378051111-4103892096-2196648758-1000\$R1U1MMA.exe (PUP.BundleInstaller.BI) -> Geen actie ondernomen.
C:\Users\Paula\AppData\Local\Temp\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Geen actie ondernomen.
C:\Users\Paula\AppData\Roaming\Windows Search\{1EC8CD31-CA0E-4B54-8FA3-C611D747E765}\LicenseValidator.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
ro010
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 3
Geregistreerd: di 29 mei, 2012 16:40:48

Re: Buma Stemra Virus Verwijderen

Berichtdoor Maxstar » di 29 mei, 2012 18:02:30

Hoi en welkom op het forum,

1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig aangezien deze een dubieuze reputatie hebben.
Chatvibes Browser Helper
Babylon toolbar helper
Web Assistant
Incredibar.com Helper Object
Browser Companion Helper
Softonic Toolbar
DealBulldog Toolbar
Yontoo



2. Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op, maar start deze nog niet.


Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


DDS::
mStart Page = hxxp://www.bigseekpro.com/easywebcamrecording2/{3EA1D25B-03D6-4F6D-8A3E-0B421B020916}
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} -
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} -
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} -
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} -
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} -
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} -
BHO: Browser Companion Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} -
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} -
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} -
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} -
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} -
TB: DealBulldog Toolbar Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} -
mRun: [Browser companion helper]
mRun: [<NO NAME>]
mRun: [ApnUpdater]
StartupFolder: C:\Users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\K8H0PP~1.LNK - C:\Users\Paula\AppData\Local\Temp\k8h0pp.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

Dirlook::
C:\ProgramData\UAB

File::
C:\Users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\K8H0PP~1.LNK
C:\Users\Paula\AppData\Local\Temp\k8h0pp.exe

Folder::
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\DealBulldog Toolbar Toolbar
C:\Program Files (x86)\BrowserCompanion
C:\ProgramData\Ask
C:\Program Files (x86)\BabylonToolbar
C:\Program Files\Web Assistant
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Yontoo


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Afbeelding

Dit zal ComboFix laten starten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32665
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: Buma Stemra Virus Verwijderen

Berichtdoor ro010 » di 29 mei, 2012 18:39:36

Bedankt voor de snelle reactie

ComboFix 12-05-28.05 - Paula 29-05-2012 18:28:03.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.3019 [GMT 2:00]
Gestart vanuit: c:\users\Paula\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Paula\Desktop\CFScript.txt
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\users\Paula\AppData\Local\Temp\k8h0pp.exe"
"c:\users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\K8H0PP~1.LNK"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_a830.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\Windows Live\Companion\companioncore.dll
c:\programdata\Ask
c:\programdata\Ask\APN-Stub\MYC-ST\APNIC.dll
c:\programdata\Roaming
c:\users\Paula\AppData\Roaming\Help\coredb\storage
c:\users\Paula\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\K8H0PP~1.LNK
c:\users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k8h0pp.exe.lnk
c:\users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))
.
.
2012-05-29 16:34 . 2012-05-29 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 15:21 . 2012-05-29 16:03 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-29 14:15 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83FBCBA5-3020-4E20-9D2D-766FF534C2DB}\mpengine.dll
2012-05-26 22:28 . 2012-05-26 22:28 -------- d-----w- c:\users\Paula\AppData\Local\ElevatedDiagnostics
2012-05-26 22:17 . 2012-05-26 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-26 22:17 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-26 21:40 . 2012-05-26 21:40 -------- d-----w- c:\users\Paula\AppData\Roaming\Windows Search
2012-05-26 21:40 . 2012-05-26 21:40 -------- d-----w- c:\users\Paula\AppData\Roaming\TeamViewer
2012-05-26 18:13 . 2012-05-26 18:13 -------- d-----w- c:\programdata\UAB
2012-05-26 18:12 . 2012-05-27 19:03 -------- d-----w- c:\programdata\WebcamMax
2012-05-26 18:12 . 2012-05-26 18:12 -------- d-----w- c:\users\Paula\AppData\Roaming\WebcamMax
2012-05-26 18:12 . 2012-05-26 18:12 -------- d-----w- c:\users\Paula\AppData\Local\PC_Drivers_Headquarters
2012-05-26 18:09 . 2012-05-26 18:09 -------- d-----w- c:\programdata\Driver Utilities
2012-05-26 18:07 . 2012-05-26 18:08 -------- d-----w- c:\program files (x86)\WebcamMax
2012-05-26 18:07 . 2012-05-26 18:07 -------- d-----w- c:\program files (x86)\Driver Utilities
2012-05-19 07:23 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-05-19 07:23 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-19 07:23 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-13 20:57 . 2012-05-13 21:01 -------- d-----w- c:\users\Paula\AppData\Local\MagicCamera
2012-05-13 20:57 . 2012-05-13 20:57 -------- d-----w- c:\program files (x86)\ShiningMorning
2012-05-13 20:51 . 2012-05-13 20:51 -------- d-----w- c:\users\Paula\AppData\Local\Microsoft Games
2012-05-13 20:27 . 2012-05-13 20:27 -------- d-----w- c:\program files (x86)\AWS
2012-05-13 20:25 . 2012-05-14 10:11 -------- d-----w- c:\users\Paula\AppData\Local\ManyCam
2012-05-13 20:25 . 2012-05-13 20:25 -------- d-----w- c:\programdata\ManyCam
2012-05-13 20:25 . 2012-05-13 20:33 -------- d-----w- c:\users\Paula\AppData\Roaming\ManyCam
2012-05-13 20:25 . 2012-05-13 20:26 -------- d-----w- c:\program files (x86)\ManyCam
2012-05-13 19:49 . 2011-04-14 03:47 31216 ----a-w- c:\windows\system32\drivers\clwvd.sys
2012-05-13 19:48 . 2012-05-13 19:49 -------- d-----w- c:\program files (x86)\CyberLink
2012-05-13 16:59 . 2012-05-13 16:59 -------- d-----w- c:\users\Paula\AppData\Local\APN
2012-05-13 16:12 . 2012-05-13 16:23 -------- d-----w- C:\a9dc9e5936d9178aca99
2012-05-13 13:27 . 2012-05-13 13:27 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 13:27 . 2012-05-13 13:27 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-13 06:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 06:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 06:46 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 06:46 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 06:46 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 06:46 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 06:45 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 06:44 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 06:44 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 06:44 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 06:44 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 06:44 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 06:44 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 18:49 . 2012-04-19 18:49 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-15 21:32 . 2012-04-15 21:32 1071032 ----a-w- c:\windows\system32\drivers\wcmvcam64.sys
2012-03-30 10:14 . 2012-04-04 15:50 18816 ----a-w- c:\windows\system32\roboot64.exe
2012-03-23 11:58 . 2012-03-23 11:58 612888 ----a-r- c:\users\Paula\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
2012-03-20 11:11 . 2012-02-24 13:09 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-15 14:41 . 2012-03-15 14:41 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-15 14:41 . 2012-03-15 14:41 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-07 10:24 . 2012-03-07 10:24 2308096 ------w- c:\windows\system32\jscript9.dll
2012-03-07 10:24 . 2012-03-07 10:24 1798656 ------w- c:\windows\SysWow64\jscript9.dll
2012-03-07 10:24 . 2012-03-07 10:24 135168 ------w- c:\windows\system32\IEAdvpack.dll
2012-03-07 10:24 . 2012-03-07 10:24 110592 ------w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 06:46 . 2012-04-13 05:20 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 05:20 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 05:20 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 05:20 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 05:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 05:20 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 05:20 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\UAB ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 13:26 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-24 39408]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-04-20 2099064]
"WeatherBugAlert"="c:\program files (x86)\AWS\WeatherBug Alert\WeatherBugAlert.exe" [2009-07-08 442368]
"WebcamMaxAutoRun"="c:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2012-03-23 255208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 136176]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-29 c:\windows\Tasks\0.job
- c:\program files (x86)\internet explorer\iexplore.exe [2010-11-21 03:25]
.
2012-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1378051111-4103892096-2196648758-1000Core.job
- c:\users\Paula\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 13:26]
.
2012-05-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1378051111-4103892096-2196648758-1000UA.job
- c:\users\Paula\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-02 13:26]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 16:42]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 16:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-05 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1378051111-4103892096-2196648758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1378051111-4103892096-2196648758-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-05-29 18:37:35
ComboFix-quarantined-files.txt 2012-05-29 16:37
.
Pre-Run: 300.140.310.528 bytes beschikbaar
Post-Run: 299.968.745.472 bytes beschikbaar
.
- - End Of File - - 2DFC87E4DDBC4BD979846A2CE68D220F
ro010
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 3
Geregistreerd: di 29 mei, 2012 16:40:48

Re: Buma Stemra Virus Verwijderen

Berichtdoor Maxstar » di 29 mei, 2012 18:48:17

Hoi,

Voer nu even een scan uit met de Emsisoft Emergency Kit.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    Afbeelding
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    Afbeelding
  • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32665
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: Buma Stemra Virus Verwijderen

Berichtdoor ro010 » di 29 mei, 2012 20:53:47

Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 29-5-2012 19:02:47

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 29-5-2012 19:03:21

Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Ontdekt: Trace.Registry.StylishProfile!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\tdataprotocol.DLL Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\updatebho.DLL Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\wit4ie.DLL Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\ProxyStubClsid32 Ontdekt: Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\TypeLib Ontdekt: Trace.Registry.GetStyles!A2
C:\$WINDOWS.~Q\DATA\Windows\security\database\tmp.edb Ontdekt: Attached PE/Script!IK
C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFHP1JZG\ad_track[1].htm Ontdekt: Trojan.JS.Redirector!IK

Gescand

Bestanden: 566766
Sporen: 409585
Cookies: 1750
Processen: 30

Gevonden

Bestanden: 2
Sporen: 9
Cookies: 0
Processen: 0
Registersleutels: 0

Scan Geëindigd: 29-5-2012 20:51:41
Scantijd: 1:48:20

C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFHP1JZG\ad_track[1].htm Verwijderd Trojan.JS.Redirector!IK
C:\$WINDOWS.~Q\DATA\Windows\security\database\tmp.edb Verwijderd Attached PE/Script!IK
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\tdataprotocol.DLL Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\updatebho.DLL Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\wit4ie.DLL Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\ProxyStubClsid32 Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}\TypeLib Verwijderd Trace.Registry.GetStyles!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Verwijderd Trace.Registry.StylishProfile!A2

Verwijderd

Bestanden: 2
Sporen: 9
Cookies: 0
ro010
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 3
Geregistreerd: di 29 mei, 2012 16:40:48

Re: Buma Stemra Virus Verwijderen

Berichtdoor Maxstar » wo 30 mei, 2012 09:42:57

Hoi,

Zijn er nu momenteel nog problemen merkbaar?
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32665
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: Buma Stemra Virus Verwijderen

Berichtdoor Maxstar » za 30 jun, 2012 12:30:14

Bij gebrek aan feedback wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32665
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor


Keer terug naar Opgeloste problemen / logs

Wie is er online

Gebruikers op dit forum: Google Adsense [Bot] en 4 gasten