Volledige versie bekijken : Relevant Knowlegde
merlijn 26 March 2011, 13:02 Verwijzing naar dit topic: http://www.minatica.be/threads/74667-relevant-knowledge
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:04, on 17/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{71F32B34-2FD5-4486-ACC9-4975AB79A7C4}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9024 bytes
Ik was al bezig met dr.web en hij had 4 files gevonden van dit zooitje, heb ze verwijderd en daarna hijackthis gedraaid, met dit als uitkomst.
merlijn 26 March 2011, 15:34 Ik heb dr.web weer eens gedraaid erna, en hij vind niets meer.
Woudje100 27 March 2011, 13:21 Hallo,
Download MalwareBytes' Anti-Malware (http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Woudje100
merlijn 29 March 2011, 14:53 alles oke weer, dank je!
merlijn 30 March 2011, 17:19 Ik denk dat het opgelost is, tenzij jullie nog iets zien, dat er niet thuishoort in mijn logje. Mss deze regel?
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Anders mag hier een slotje op!
Zeer hartelijk bedankt!
Woudje100 30 March 2011, 18:03 Hallo,
Zou je het logje van MBAM toch willen posten.
Post ook een nieuw HijackThis logje.
Woudje100
merlijn 31 March 2011, 12:13 Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 6218
Windows 6.1.7600
Internet Explorer 9.0.8080.16413
31/03/2011 12:14:09
mbam-log-2011-03-31 (12-14-09).txt
Scantype: Snelle scan
Objecten gescand: 180298
Verstreken tijd: 8 minuut/minuten, 0 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:04, on 17/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\Merlijn\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8530&r=273612097336l0358z135t4811d237
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{71F32B34-2FD5-4486-ACC9-4975AB79A7C4}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9024 bytes
merlijn 31 March 2011, 16:16 Wat ik wel heb, vastzitten van de browser, duurt ong. 1 min en dan is ie weer los?
merlijn 3 April 2011, 11:56 Hallo is daar nog iemand?
Woudje100 4 April 2011, 18:24 Hoi,
Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar de huidige (oude) versie van HijackThis.
Download HijackThis Install (http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi) naar je bureaublad.
Dubbelklik op HijackThisInstaller.exe om de installatie te starten.
Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Dubbelklik op het programma HijackThis en klik op de optie "Main Menu", en kies voor Do a system scan and save a logfile. Plaats vervolgens de inhoud van het log dat verschijnt in je volgende post.
Let op!!! Windows Vista & 7 gebruikers dienen HijackThis als administrator uit te voeren "Rechtermuisknop uitvoeren als", indien dit via de snelkoppeling niet lukt voert u HijackThis als administrator uit in de volgende directory (C:\Program Files\Trend Micro\HiJackThis)
Woudje100
merlijn 5 April 2011, 01:00 ComboFix 11-04-04.01 - Merlijn 05/04/2011 0:16.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3838.2501 [GMT 2:00]
Gestart vanuit: c:\users\Merlijn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Merlijn\AppData\Roaming\.#
c:\windows\SysWow64\zip32.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-04 to 2011-04-04 ))))))))))))))))))))))))))))))
.
.
2011-04-04 22:26 . 2011-04-04 22:26 -------- d-----w- c:\users\willy\AppData\Local\temp
2011-04-04 22:26 . 2011-04-04 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 19:14 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12ABA655-73AD-4C15-A832-22AC13DCACF0}\mpengine.dll
2011-04-03 13:33 . 2011-04-04 19:01 -------- d-----w- c:\windows\system32\SPReview
2011-04-03 13:33 . 2011-04-04 19:01 -------- d-----w- c:\windows\system32\EventProviders
2011-04-03 12:21 . 2011-04-04 19:01 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2011-04-03 12:21 . 2011-04-03 12:21 -------- d-----w- c:\program files (x86)\Innovative Solutions
2011-04-03 10:29 . 2011-04-03 10:29 -------- d-----w- c:\users\Merlijn\AppData\Local\{BB2450B6-0931-4E5F-8CEF-EA6CB01A118E}
2011-04-02 10:35 . 2011-04-02 10:35 -------- d-----w- c:\users\Merlijn\AppData\Local\{26363E54-C6D1-4593-A449-5E59A8CB4428}
2011-04-01 10:23 . 2011-04-01 10:23 -------- d-----w- c:\users\Merlijn\AppData\Local\{B3F150E0-B2FB-4C40-83BA-AB4332A0595F}
2011-03-31 16:17 . 2011-03-31 16:17 -------- d-----w- c:\users\Merlijn\AppData\Local\{3D956EE4-9D48-4DA5-9FAA-1528DFB2425C}
2011-03-30 12:16 . 2011-03-30 12:16 -------- d-----w- c:\users\Merlijn\AppData\Local\{A263049C-1166-4EA2-83B2-B4282AFC6A82}
2011-03-26 09:22 . 2011-04-04 19:31 -------- d-----w- c:\users\Merlijn\DoctorWeb
2011-03-25 18:21 . 2011-04-04 19:02 -------- d-----w- c:\programdata\ResultUrl
2011-03-25 17:40 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 17:31 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3439695-A90D-445C-AB48-72DD6FEC1D43}\gapaengine.dll
2011-03-12 13:14 . 2008-05-13 16:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-03-12 13:13 . 2011-03-22 13:36 -------- d-----w- c:\users\Merlijn\AppData\Local\Last.fm
2011-03-10 10:16 . 2011-03-10 10:16 -------- d-----w- c:\program files (x86)\Schaken
2011-03-09 00:10 . 2011-04-04 19:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-03-09 00:09 . 2011-04-04 19:02 -------- d-----w- c:\windows\system32\wbem\en-US
2011-03-09 00:08 . 2011-03-09 00:08 94208 ----a-w- c:\program files (x86)\Internet Explorer\nl\iediag.resources.dll
2011-03-08 18:02 . 2011-03-08 18:02 -------- d-----w- c:\programdata\McAfee
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-03-15 05:17 . 2010-12-21 14:14 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-09 17:04 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-02-23 15:04 . 2011-01-02 21:52 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-01-02 21:52 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-02 21:52 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2011-01-02 21:52 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:57 . 2011-02-25 15:51 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:55 . 2011-01-02 21:52 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-01-02 21:52 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2011-01-02 21:52 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2011-01-02 21:52 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-04-17 21:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-10 15:46 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-10 15:46 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-10 15:46 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-07 08:07 . 2011-02-25 16:02 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-25 16:02 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-10 09:17 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-25 16:02 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-25 16:02 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 09:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 09:17 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 09:17 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 04:00 . 2011-02-10 15:46 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}"= "c:\program files (x86)\Schaken\prxtbScha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\Schaken\prxtbScha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}"= "c:\program files (x86)\Schaken\prxtbScha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-03 1038088]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_Fl exDef2b.sys [x]
R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.s ys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT6.SYS [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn. sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\el rawdsk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\syste m32\svchost.exe [2009-07-14 27136]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atip mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXH WAZL.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric. sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 232992]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 23:20]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 23:20]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198267127-1876884750-887146378-1000Core.job
- c:\users\Merlijn\AppData\Local\Google\Update\Googl eUpdate.exe [2009-12-23 17:57]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198267127-1876884750-887146378-1000UA.job
- c:\users\Merlijn\AppData\Local\Google\Update\Googl eUpdate.exe [2009-12-23 17:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
IE: {{3aaf4045-49b1-48cd-abc1-b0d19ed12e40} - c:\program files (x86)\Clip Extractor\ClipExtractor.exe
TCP: {71F32B34-2FD5-4486-ACC9-4975AB79A7C4} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Merlijn\AppData\Roaming\Mozilla\Firefox\P rofiles\uix2y8dr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:google.be
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
SafeBoot-BsScanner
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{4C05E902-4F33-4639-A700-805BF173CA6E} - (no file)
WebBrowser-{3A7C81B3-E8B2-405D-B78E-F1003A53D3A6} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-04-05 00:43:02
ComboFix-quarantined-files.txt 2011-04-04 22:42
.
Pre-Run: 136.737.116.160 bytes beschikbaar
Post-Run: 136.611.131.392 bytes beschikbaar
.
- - End Of File - - 7AA1E871F9A4A37528B45690B6D44021
Ik krijg geen logje van hijackthis, alleen dat:
http://img6.imagebanana.com/img/j6bvcpgb/20110405_005808.png
merlijn 5 April 2011, 01:00 alweer iets anders.
merlijn 5 April 2011, 13:01 Nieuw logje, bij de vorige stond Microsoft Security Essentials niet uit!
ComboFix 11-04-04.02 - Merlijn 05/04/2011 12:25:09.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3838.2762 [GMT 2:00]
Gestart vanuit: c:\users\Merlijn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-05 to 2011-04-05 ))))))))))))))))))))))))))))))
.
.
2011-04-05 10:35 . 2011-04-05 10:35 -------- d-----w- c:\users\willy\AppData\Local\temp
2011-04-05 10:35 . 2011-04-05 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 22:57 . 2011-04-04 22:57 388096 ----a-r- c:\users\Merlijn\AppData\Roaming\Microsoft\Install er\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-04 22:57 . 2011-04-04 22:57 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-04 19:14 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12ABA655-73AD-4C15-A832-22AC13DCACF0}\mpengine.dll
2011-04-03 13:33 . 2011-04-04 19:01 -------- d-----w- c:\windows\system32\SPReview
2011-04-03 13:33 . 2011-04-04 19:01 -------- d-----w- c:\windows\system32\EventProviders
2011-04-03 12:21 . 2011-04-04 19:01 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2011-04-03 12:21 . 2011-04-03 12:21 -------- d-----w- c:\program files (x86)\Innovative Solutions
2011-04-03 10:29 . 2011-04-03 10:29 -------- d-----w- c:\users\Merlijn\AppData\Local\{BB2450B6-0931-4E5F-8CEF-EA6CB01A118E}
2011-04-02 10:35 . 2011-04-02 10:35 -------- d-----w- c:\users\Merlijn\AppData\Local\{26363E54-C6D1-4593-A449-5E59A8CB4428}
2011-04-01 10:23 . 2011-04-01 10:23 -------- d-----w- c:\users\Merlijn\AppData\Local\{B3F150E0-B2FB-4C40-83BA-AB4332A0595F}
2011-03-31 16:17 . 2011-03-31 16:17 -------- d-----w- c:\users\Merlijn\AppData\Local\{3D956EE4-9D48-4DA5-9FAA-1528DFB2425C}
2011-03-30 12:16 . 2011-03-30 12:16 -------- d-----w- c:\users\Merlijn\AppData\Local\{A263049C-1166-4EA2-83B2-B4282AFC6A82}
2011-03-26 09:22 . 2011-04-04 19:31 -------- d-----w- c:\users\Merlijn\DoctorWeb
2011-03-25 18:21 . 2011-04-04 22:33 -------- d-----w- c:\programdata\ResultUrl
2011-03-25 17:40 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-25 17:31 . 2010-11-30 09:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3439695-A90D-445C-AB48-72DD6FEC1D43}\gapaengine.dll
2011-03-12 13:14 . 2008-05-13 16:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-03-12 13:13 . 2011-03-22 13:36 -------- d-----w- c:\users\Merlijn\AppData\Local\Last.fm
2011-03-10 10:16 . 2011-03-10 10:16 -------- d-----w- c:\program files (x86)\Schaken
2011-03-09 00:10 . 2011-04-04 19:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-03-09 00:09 . 2011-04-04 19:02 -------- d-----w- c:\windows\system32\wbem\en-US
2011-03-09 00:08 . 2011-03-09 00:08 94208 ----a-w- c:\program files (x86)\Internet Explorer\nl\iediag.resources.dll
2011-03-08 18:02 . 2011-03-08 18:02 -------- d-----w- c:\programdata\McAfee
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-03-15 05:17 . 2010-12-21 14:14 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-09 17:04 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-02-23 15:04 . 2011-01-02 21:52 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2011-01-02 21:52 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-02 21:52 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2011-01-02 21:52 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:57 . 2011-02-25 15:51 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 14:55 . 2011-01-02 21:52 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2011-01-02 21:52 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2011-01-02 21:52 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2011-01-02 21:52 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-04-17 21:59 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-10 15:46 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-10 15:46 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-10 15:46 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-07 08:07 . 2011-02-25 16:02 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-25 16:02 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-10 09:17 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-25 16:02 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-25 16:02 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-10 09:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-10 09:17 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-10 09:17 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-04_22.27.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-04 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-05 09:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-05 09:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-04 20:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-04 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-04-05 09:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-09-04 02:09 . 2011-04-05 09:00 59646 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-09-04 02:09 . 2011-04-04 09:27 59646 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-04 19:09 57528 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2009-07-14 05:10 . 2011-04-05 09:00 57528 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2009-12-23 19:45 . 2011-04-05 09:00 15600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198267127-1876884750-887146378-1000_UserData.bin
- 2009-12-23 19:45 . 2011-04-04 19:09 15600 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198267127-1876884750-887146378-1000_UserData.bin
+ 2009-07-14 04:46 . 2011-04-04 23:16 70656 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
+ 2009-12-28 11:15 . 2011-04-04 23:07 3892 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-12-28 11:15 . 2011-03-13 18:17 3892 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-04-05 08:57 . 2011-04-05 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2011-04-04 19:03 . 2011-04-04 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2011-04-04 19:03 . 2011-04-04 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-04-05 08:57 . 2011-04-05 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-07-14 05:01 . 2011-04-04 23:29 389984 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-04 18:57 389984 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2010-02-07 23:44 . 2011-04-04 23:07 1004216 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2198267127-1876884750-887146378-1000-12288.dat
- 2010-02-07 23:44 . 2011-03-31 22:38 1004216 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2198267127-1876884750-887146378-1000-12288.dat
+ 2011-04-04 21:56 . 2011-04-04 21:56 1402880 c:\windows\Installer\cca29c.msi
+ 2009-07-14 02:34 . 2011-04-05 09:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-04-04 19:28 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2010-01-02 12:58 . 2011-04-03 23:09 33732816 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2198267127-1876884750-887146378-1000-8192.dat
+ 2010-01-02 12:58 . 2011-04-04 23:07 33732816 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2198267127-1876884750-887146378-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}"= "c:\program files (x86)\Schaken\prxtbScha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
2011-01-17 15:54 175912 ----a-w- c:\program files (x86)\Schaken\prxtbScha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}"= "c:\program files (x86)\Schaken\prxtbScha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3a7c81b3-e8b2-405d-b78e-f1003a53d3a6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 135664]
R2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-03 1038088]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_Fl exDef2b.sys [x]
R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.s ys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT6.SYS [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn. sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\el rawdsk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\syste m32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atip mdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atik mpag.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXH WAZL.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric. sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 232992]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 23:20]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-12 23:20]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198267127-1876884750-887146378-1000Core.job
- c:\users\Merlijn\AppData\Local\Google\Update\Googl eUpdate.exe [2009-12-23 17:57]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198267127-1876884750-887146378-1000UA.job
- c:\users\Merlijn\AppData\Local\Google\Update\Googl eUpdate.exe [2009-12-23 17:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
IE: {{3aaf4045-49b1-48cd-abc1-b0d19ed12e40} - c:\program files (x86)\Clip Extractor\ClipExtractor.exe
TCP: {71F32B34-2FD5-4486-ACC9-4975AB79A7C4} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Merlijn\AppData\Roaming\Mozilla\Firefox\P rofiles\uix2y8dr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:google.be
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{4C05E902-4F33-4639-A700-805BF173CA6E} - (no file)
WebBrowser-{3A7C81B3-E8B2-405D-B78E-F1003A53D3A6} - (no file)
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 0n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-04-05 12:50:34
ComboFix-quarantined-files.txt 2011-04-05 10:50
ComboFix2.txt 2011-04-04 22:43
.
Pre-Run: 135.521.333.248 bytes beschikbaar
Post-Run: 135.463.313.408 bytes beschikbaar
.
- - End Of File - - CA4DBC8055390676E816AA4D218C5983
Met hijackthis, krijg ik nog altijd dat venstertje en geen logje?
merlijn 7 April 2011, 12:19 Ik weet dat het hobby is, maar het duurt me veel te lang, in die tijd heb ik het wel zelf opgelost.
Toch bedankt, hier kan een slot op!
Een formatje en het is ook opgelost!
Woudje100 7 April 2011, 22:00 Mijn excuses
merlijn 16 April 2011, 12:04 dus er wordt geen analyse gemaakt meer?:shocked:
Die analyse is nuttig voor toekomstige problemen voor dit soort probleem, of heb ik het mis?
Woudje100 16 April 2011, 18:25 Hoi,
Het is een beetje onnodig om het geplaatste ComboFix logje nu nog te gaan analyseren. Je hebt Windows immers al opnieuw geïnstalleerd.
Woudje100
|
|