antivirus.startpagina.nl

Log file

  • Anonymous avatar

    Herintreder

    Goede avond,

    De laatste tijd vind ik de snelheid van mijn computer terug lopen. Buiten het feit dat het goed is om zo af en toe wat onderhoud te plegen leek het mij nu een goed moment om eens onderhoud te gaan plegen.

    Vandaag de gehele “was lijst” doorlopen en dus de nodige scans en logfile gemaakt.

    Mijn verzoek of de technische mensen hier hun oordeel eens over willen vellen.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 23:02:39, on 27-2-2012

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16421)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe

    C:\Users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\Hp\QuickPlay\QPService.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    C:\Program Files (x86)\AVG Secure Search\vprot.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Users\Koen Gerritsen\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\HP\QuickPlay\QPService.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Hewlett-Packard\Recovery” UpdateWithCreateOnce “Software\CyberLink\PowerRecover”

    O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe” /PROMPT /CMPID=roc_dec12

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: “C:\Users\Koen Gerritsen\AppData\Local\Google\Update\GoogleUpdate.exe” /c

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray

    O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

    O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

    O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

    O4 - Startup: Dropbox.lnk = Koen Gerritsen\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Koen Gerritsen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    O23 - Service: BecHelperService - Unknown owner - \BecHelperService.exe (file missing)

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Users\Koen Gerritsen\Downloads\FileZilla Server\FileZilla Server.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\Option WWAN Driver 5.0.33.0 Installer\GtDetectSc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 14284 bytes

  • Anonymous avatar

    Jos H

    Goedenmorgen.

    Het stappenplan in z'n geheel gedaan.? http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst!!#msg-4625317

    Plaats dan het mbam logje ook even.

  • Anonymous avatar

    Herintreder

    Geprobeerd om een de logfile te openen, maar deze krijg ik niet meer geopend.

    Wel een nieuwe gedraaid welke schoon is (kan ook niet anders gezien het stappen plan).

    Gister zijn er wel 30 meldingen van Trojan.Inject op de quarantaine lijst gezet.

    hieronder het nieuwe log.

    Malwarebytes Anti-Malware 1.60.1.1000

    www.malwarebytes.org

    Databaseversie: v2012.02.27.06

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Koen Gerritsen :: KOENGERRITSEN

    28-2-2012 10:07:20

    mbam-log-2012-02-28 (10-07-20).txt

    Scantype: Volledige scan

    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

    Uitgeschakelde scanopties: P2P

    Objecten gescand: 464088

    Verstreken tijd: 1 uur/uren, 35 minuut/minuten, 32 seconde(n)

    Geheugenprocessen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0

    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

  • Anonymous avatar

    Ben

    Hallo,

    1. Klik op Start > (Instellingen) > Configuratiescherm > Een programma verwijderen: (indien aanwezig)

    AOL Toolbar

    2. Start HijackThis;

    Klik met de rechtermuis op het programma Hijackthis en kies voor “Uitvoeren als Administrator”

    Kies voor ‘Do a system scan only’.

    Selecteer alle regels die hier onder staan.

    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

    O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-NL\local\search.html

    Sluit alle open vensters(behalve HijackThis), klik daarna op Fix checked en bevestig het door in het volgende scherm op Ja te klikken.

    Staat in Mbam onder tabblad Quarantainelijst nog wat over de Trojaans?

    En het logje in logbestanden kan je niet meer openen?

    Zowel plaats dat nog even samen met een nieuw HijackThis logje.

    Gr.Ben

    Antivirusprikbord

  • Anonymous avatar

    Herintreder

    Ben,

    Ik heb de voorgestelde verwijderd en nog even gekeken naar de log.

    Als in de logfile wil openen,wordt openoffice geopend en niet notepad.

    Openoffice geeft alleen blokjes en andere Griekse tekens…..

    Over de Trojan staat verder niet vermeld, alleen de blokken van verwijderen, alles verwijderen, herstellen alles herstellen.

    Hiermee heb ik verder nog niets gedaan.

    Ik zal eens kijken of de opschoonactie resultaat heeft gehad of dat het aan de programma's ligt die “mee opgestart” worden bij het opstarten van de computer.

    In ieder geval al zeer bedankt voor het mee kijken.

  • Anonymous avatar

    Ben

    Hallo,

    Dan gaan we toch nog even verder kijken.

    Heb je al wel de regels met HijackThis verwijderd ? (zo nee doe dat dan eerst)

    Download ComboFix van één van deze locaties:

    Link 1

    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

    >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

    - Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze elkaar tegen werken.

    * ( hier of hier staat een handleiding over hoe je deze kan uitschakelen)

    - Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

    - Dubbelklik op "Combofix.exe" om de tool te starten.

    - Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.

    * Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion.” herstart dan de computer.

    - Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

    * Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.

    Plaats hierna het Combofix logje en een nieuw HijackThis logje, en vertel hoe het gaat.

    Suc6. Ben

    Antivirusprikbord

  • Anonymous avatar

    Herintreder

    Goede avond,

    Aller eerst mij excuses voor de late reactie.

    Door werkzaamheden buiten de deur heb ik niet eerder tijd gehad deze handelingen uit te voeren.

    Alle bestanden heb / had ik verwijderd met Hijackthis zoals beschreven stond.

    Vandaag heb ik ComboFix en Hijackthis gedraaid waarvan de onderstaande logfiles de overzichten zijn….

    Ik zou het zeer waarderen als jullie er weer naar willen kijken

    Groet Koen.

    ComboFix 12-03-04.02 - Koen Gerritsen 06-03-2012 18:38:32.1.2 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1790

    Gestart vanuit: c:\users\Koen Gerritsen\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Nieuw herstelpunt werd aangemaakt

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\install.exe

    c:\users\Koen Gerritsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

    c:\windows\SysWow64\system32

    c:\windows\SysWow64\system32\3DAudio.ax

    c:\windows\SysWow64\system32\avrt.dll

    c:\windows\SysWow64\system32\cis-2.4.dll

    c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

    c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

    c:\windows\SysWow64\system32\issacapi_se-2.3.dll

    c:\windows\SysWow64\system32\MACXMLProto.dll

    c:\windows\SysWow64\system32\MaDRM.dll

    c:\windows\SysWow64\system32\MaJGUILib.dll

    c:\windows\SysWow64\system32\MAMACExtract.dll

    c:\windows\SysWow64\system32\MASetupCleaner.exe

    c:\windows\SysWow64\system32\MaXMLProto.dll

    c:\windows\SysWow64\system32\mfplat.dll

    c:\windows\SysWow64\system32\MK_Lyric.dll

    c:\windows\SysWow64\system32\MSCLib.dll

    c:\windows\SysWow64\system32\MSFLib.dll

    c:\windows\SysWow64\system32\MSLUR71.dll

    c:\windows\SysWow64\system32\msvcp60.dll

    c:\windows\SysWow64\system32\MTTELECHIP.dll

    c:\windows\SysWow64\system32\MTXSYNCICON.dll

    c:\windows\SysWow64\system32\muzaf1.dll

    c:\windows\SysWow64\system32\muzapp.dll

    c:\windows\SysWow64\system32\muzapp.exe

    c:\windows\SysWow64\system32\muzdecode.ax

    c:\windows\SysWow64\system32\muzeffect.ax

    c:\windows\SysWow64\system32\muzmp4sp.ax

    c:\windows\SysWow64\system32\muzmpgsp.ax

    c:\windows\SysWow64\system32\muzoggsp.ax

    c:\windows\SysWow64\system32\muzwmts.dll

    c:\windows\SysWow64\system32\psapi.dll

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))

    .

    .

    2012-03-06 18:38 . 2012-03-06 18:38 ——– d—–w- c:\users\Ellen\AppData\Local\temp

    2012-03-06 18:38 . 2012-03-06 18:38 ——– d—–w- c:\users\Default\AppData\Local\temp

    2012-02-27 21:52 . 2012-02-27 21:52 388096 —-a-r- c:\users\Koen Gerritsen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2012-02-27 21:52 . 2012-02-27 21:52 ——– d—–w- c:\program files (x86)\Trend Micro

    2012-02-27 20:19 . 2012-02-28 15:51 ——– d—–w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

    2012-02-27 20:12 . 2012-02-27 20:12 ——– d—–w- c:\users\Koen Gerritsen\AppData\Roaming\Malwarebytes

    2012-02-27 19:59 . 2012-02-27 21:49 ——– d—–w- c:\programdata\Malwarebytes

    2012-02-27 19:59 . 2012-02-27 19:59 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2012-02-27 19:59 . 2011-12-10 14:24 23152 —-a-w- c:\windows\system32\drivers\mbam.sys

    2012-02-27 14:47 . 2012-02-27 14:47 ——– d—–w- C:\$AVG

    2012-02-27 13:02 . 2012-02-27 13:34 ——– d—–w- c:\programdata\Spybot - Search & Destroy

    2012-02-16 21:49 . 2011-12-30 06:26 515584 —-a-w- c:\windows\system32\timedate.cpl

    2012-02-16 21:49 . 2011-12-30 05:27 478720 —-a-w- c:\windows\SysWow64\timedate.cpl

    2012-02-16 21:49 . 2012-01-04 10:44 509952 —-a-w- c:\windows\system32\ntshrui.dll

    2012-02-16 21:49 . 2012-01-04 08:58 442880 —-a-w- c:\windows\SysWow64\ntshrui.dll

    2012-02-16 21:49 . 2012-01-14 04:06 3145728 —-a-w- c:\windows\system32\win32k.sys

    2012-02-16 21:49 . 2011-12-28 03:59 498688 —-a-w- c:\windows\system32\drivers\afd.sys

    2012-02-16 21:49 . 2011-12-16 08:46 634880 —-a-w- c:\windows\system32\msvcrt.dll

    2012-02-16 21:48 . 2011-12-16 07:52 690688 —-a-w- c:\windows\SysWow64\msvcrt.dll

    2012-02-12 15:56 . 2012-02-12 16:02 ——– d—–w- c:\users\Koen Gerritsen\.jenny

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-01-12 00:19 . 2012-01-12 00:19 4448256 —-a-w- c:\windows\SysWow64\GPhotos.scr

    2011-12-21 07:32 . 2011-05-28 18:02 414368 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-07-04 15:09 . 2011-07-04 15:09 231248 —-a-w- c:\program files (x86)\truecrypt.sys

    2011-07-04 15:09 . 2011-07-04 15:09 230352 —-a-w- c:\program files (x86)\truecrypt-x64.sys

    2011-07-04 15:09 . 2011-07-04 15:09 1591760 —-a-w- c:\program files (x86)\TrueCrypt Format.exe

    2011-07-04 15:09 . 2011-07-04 15:09 1496528 —-a-w- c:\program files (x86)\TrueCrypt.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    @=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 94208 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    @=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 94208 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    @=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 94208 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    “LightScribe Control Panel”=“c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe”

    “KiesPDLR”=“c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe”

    “KiesHelper”=“c:\program files (x86)\Samsung\Kies\KiesHelper.exe”

    “PC Suite Tray”=“c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe”

    .

    “QPService”=“c:\program files (x86)\HP\QuickPlay\QPService.exe”

    “UCam_Menu”=“c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe”

    “QlbCtrl.exe”=“c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe”

    “UpdatePRCShortCut”=“c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe”

    “Easybits Recovery”=“c:\program files (x86)\EasyBits For Kids\ezRecover.exe”

    “WirelessAssistant”=“c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe”

    “AVG_TRAY”=“c:\program files (x86)\AVG\AVG2012\avgtray.exe”

    “RIMBBLaunchAgent.exe”=“c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe”

    “KiesHelper”=“c:\program files (x86)\Samsung\Kies\KiesHelper.exe”

    “KiesTrayAgent”=“c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe”

    “vProt”=“c:\program files (x86)\AVG Secure Search\vprot.exe”

    “ROC_roc_dec12”=“c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe”

    “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”

    .

    c:\users\Koen Gerritsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\Dropbox.exe

    .

    “ConsentPromptBehaviorAdmin”= 5 (0x5)

    “ConsentPromptBehaviorUser”= 3 (0x3)

    “EnableUIADesktopToggle”= 0 (0x0)

    “PromptOnSecureDesktop”= 0 (0x0)

    .

    “WallpaperStyle”= 2

    .

    .

    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

    .

    @=“Driver”

    .

    “Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”

    “HP Software Update”=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

    “QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe” -atboottime

    “iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe”

    “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”

    .

    R2 BecHelperService;BecHelperService;BecHelperService.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys

    R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys

    R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys

    R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys

    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS

    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe

    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys

    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys

    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys

    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe

    S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe

    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe

    S2 GtDetectSc;GtDetectSc;c:\program files\Option\Option WWAN Driver 5.0.33.0 Installer\GtDetectSc.exe

    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

    S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys

    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys

    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

    .

    .

    — Andere Services/Drivers In Geheugen —

    .

    *NewlyCreated* - WS2IFSL

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    ezSharedSvc

    .

    2009-06-17 10:11 451872 —-a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3486303583-4145293222-23778799-1001Core.job

    - c:\users\Koen Gerritsen\AppData\Local\Google\Update\GoogleUpdate.exe

    .

    2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3486303583-4145293222-23778799-1001UA.job

    - c:\users\Koen Gerritsen\AppData\Local\Google\Update\GoogleUpdate.exe

    .

    .

    ——— x86-64 ———–

    .

    .

    @=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 97792 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    .

    @=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 97792 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    .

    @=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 97792 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    .

    @=“{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”

    2011-02-18 05:12 97792 —-a-w- c:\users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    .

    “IgfxTray”=“c:\windows\system32\igfxtray.exe”

    “HotKeysCmds”=“c:\windows\system32\hkcmd.exe”

    “Persistence”=“c:\windows\system32\igfxpers.exe”

    “SysTrayApp”=“c:\program files\IDT\WDM\sttray64.exe”

    “Logitech Download Assistant”=“c:\windows\system32\rundll32.exe”

    “KiesTrayAgent”=“c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe”

    .

    “LoadAppInit_DLLs”=0x0

    .

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = hxxp://www.symbaloo.com/

    uLocal Page = c:\windows\system32\blank.htm

    uDefault_Search_URL = hxxp://www.google.com/ie

    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

    FF - ProfilePath - c:\users\Koen Gerritsen\AppData\Roaming\Mozilla\Firefox\Profiles\9ehwuyqj.default\

    FF - prefs.js: browser.startup.homepage - google.nl

    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B302b617a-2f27-44f7-a84c-394e98042976%7D&mid=0e514b03b73247d1bc80d16fd87dc021-91c8bd77938d762f9b86426c4e44f59fbb16fb2a&ds=AVG&v=10.0.0.7&lang=nl&pr=fr&d=2011-11-04%2012%3A40%3A51&sap=ku&q=

    FF - prefs.js: network.proxy.type - 0

    .

    - - - - ORPHANS VERWIJDERD - - - -

    .

    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

    AddRemove-3309-7404-0599-8908 - g:\apps\YAD\yEd\uninstall.exe

    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

    .

    .

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“Shockwave Flash Object”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”

    “ThreadingModel”=“Apartment”

    .

    @=“0”

    .

    @=“ShockwaveFlash.ShockwaveFlash.10”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”

    .

    @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

    .

    @=“1.0”

    .

    @=“ShockwaveFlash.ShockwaveFlash”

    .

    @Denied: (A 2) (Everyone)

    @=“Macromedia Flash Factory Object”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”

    “ThreadingModel”=“Apartment”

    .

    @=“FlashFactory.FlashFactory.1”

    .

    @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”

    .

    @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”

    .

    @=“1.0”

    .

    @=“FlashFactory.FlashFactory”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker4”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (Full) (Everyone)

    .

    ———————— Andere Aktieve Processen ————————

    .

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\users\Koen Gerritsen\Downloads\FileZilla Server\FileZilla Server.exe

    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

    c:\program files (x86)\TuneUp Utilities 2011\OneClick.exe

    .

    **************************************************************************

    .

    Voltooingstijd: 2012-03-06 19:49:41 - machine werd herstart

    ComboFix-quarantined-files.txt 2012-03-06 18:49

    .

    Pre-Run: 173.106.122.752 bytes beschikbaar

    Post-Run: 172.735.438.848 bytes beschikbaar

    .

    - - End Of File - - B7CB2F3507C658568924CA1F7FFFB5EF

    En de logfile van Hijackthis.

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 20:08:41, on 6-3-2012

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16421)

    Boot mode: Normal

    Running processes:

    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe

    C:\Users\Koen Gerritsen\AppData\Roaming\Dropbox\bin\Dropbox.exe

    C:\Program Files (x86)\Hp\QuickPlay\QPService.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    C:\Program Files (x86)\AVG Secure Search\vprot.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Users\Koen Gerritsen\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_NL&c=94&bd=Presario&pf=cnnb

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O4 - HKLM\..\Run: “C:\Program Files (x86)\HP\QuickPlay\QPService.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\Hewlett-Packard\Recovery” UpdateWithCreateOnce “Software\CyberLink\PowerRecover”

    O4 - HKLM\..\Run: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe”

    O4 - HKLM\..\Run: C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\vprot.exe”

    O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe” /PROMPT /CMPID=roc_dec12

    O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”

    O4 - HKCU\..\Run: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

    O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

    O4 - HKCU\..\Run: “C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray

    O4 - Startup: Dropbox.lnk = Koen Gerritsen\AppData\Roaming\Dropbox\bin\Dropbox.exe

    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

    O11 - Options group: Accelerated graphics

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    O23 - Service: BecHelperService - Unknown owner - \BecHelperService.exe (file missing)

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    O23 - Service: CDMA Device Service - Unknown owner - C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe

    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Users\Koen Gerritsen\Downloads\FileZilla Server\FileZilla Server.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

    O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\Option WWAN Driver 5.0.33.0 Installer\GtDetectSc.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    End of file - 12147 bytes

  • Anonymous avatar

    Ben

    Hallo,

    Hoe is het nou met je problemen?

    Gr.Ben

    Antivirusprikbord

  • Anonymous avatar

    Herintreder

    Hallo Ben,

    Ik kan niet zeggen dat de computer er sneller op is geworden.

    Als jij in de, laatste door mij geplaatste logfile, geen “rare” dingen hebt aan getroffen zal ik er mee moeten leven.

    Het is een algemeen goed dat door gebruik van en installatie van programma's op de computer de werksnelheid terug loopt.

    Als er verder niet veel aan te doen is….

    Wat goed is, is goed.

  • Anonymous avatar

    Ben

    Hallo,

    laat het onderstaande programma je pc scannen maar hou er rekening mee dat het cracks van games ook verwijderd.

    Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.

    • Open de map "EmsisoftEmergencyKit“ en dubbelklik op ”Start.exe"

    • Klik nu op "Emergency Kit Scanner“ u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op ”Ja"

    • Als de update gereed is en de melding "Update process is succesvol afgerond“ verschijnt klikt u op ”menu“ en dan op ”Scan PC"

    • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.

    • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.

    • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

    Opmerking:

    Als u deze melding ziet.

    C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK

    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor "Versturen als vals alarm (False Positive)".

    • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde“ u zal nu de volgende melding krijgen maar klik hier op ”Ja"

    • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt

    • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.

    • Herstart nu de computer.

    Gr.Ben

    Antivirusprikbord