nakijken logje

knien

31-07-2012 19:57

Hallo wil iemand mijn logje nakijken. Ik heb het stappenplan helemaal gevolgd.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:00, on 31-7-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Frans\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 12560 bytes
Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
www.malwarebytes.org
Databaseversie: v2012.07.31.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frans :: FRANS
Realtime bescherming: Ingeschakeld
31-7-2012 11:31:42
mbam-log-2012-07-31 (11-31-42).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 216476
Verstreken tijd: 3 minuut/minuten, 49 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\$RECYCLE.BIN\S-1-5-21-2671133534-3839013441-1120917848-1001\$RDL3KOQ.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\$RECYCLE.BIN\S-1-5-21-2671133534-3839013441-1120917848-1001\$RFQ19HX.exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
2012/07/31 11:30:27 +0200 FRANS Frans MESSAGE Starting protection
2012/07/31 11:30:30 +0200 FRANS Frans MESSAGE Protection started successfully
2012/07/31 11:30:33 +0200 FRANS Frans MESSAGE Starting IP protection
2012/07/31 11:30:35 +0200 FRANS Frans MESSAGE IP Protection started successfully
2012/07/31 11:30:42 +0200 FRANS Frans MESSAGE Starting database refresh
2012/07/31 11:30:42 +0200 FRANS Frans MESSAGE Stopping IP protection
2012/07/31 11:33:31 +0200 FRANS Frans MESSAGE IP Protection stopped
2012/07/31 11:33:34 +0200 FRANS Frans MESSAGE Database refreshed successfully
2012/07/31 11:33:34 +0200 FRANS Frans MESSAGE Starting IP protection
2012/07/31 11:33:36 +0200 FRANS Frans MESSAGE IP Protection started successfully
2012/07/31 11:38:59 +0200 FRANS Frans MESSAGE Starting protection
2012/07/31 11:39:03 +0200 FRANS Frans MESSAGE Protection started successfully
2012/07/31 11:39:06 +0200 FRANS Frans MESSAGE Starting IP protection
2012/07/31 11:39:09 +0200 FRANS Frans MESSAGE IP Protection started successfully
2012/07/31 14:59:03 +0200 FRANS Frans MESSAGE Executing scheduled update: Daily
2012/07/31 14:59:11 +0200 FRANS Frans MESSAGE Scheduled update executed successfully: database updated from version v2012.07.31.05 to version v2012.07.31.09
2012/07/31 14:59:11 +0200 FRANS Frans MESSAGE Starting database refresh
2012/07/31 14:59:11 +0200 FRANS Frans MESSAGE Stopping IP protection
2012/07/31 15:02:00 +0200 FRANS Frans MESSAGE IP Protection stopped
2012/07/31 15:02:07 +0200 FRANS Frans MESSAGE Database refreshed successfully
2012/07/31 15:02:07 +0200 FRANS Frans MESSAGE Starting IP protection
2012/07/31 15:02:09 +0200 FRANS Frans MESSAGE IP Protection started successfully
fazantje

31-07-2012 20:10

Hoi Knien,
Wat is het probleem:S
Groetjes Huib;)
knien

31-07-2012 20:21

Hoi Huib
Als ik de computer opstartte kreeg ik een melding om te betalen omdat hij op een kinderpornosite was enz.Met trent online heb ik dit in de veilige modus kunnen verwijderen en hierna heb ik de computer schoongemaakt en daarna ook nog eens het stappenplan gevold.
Groetjes Frans
fazantje

31-07-2012 20:37

Hoi Knien,
Heb je die kinderpornosite door gegeven aan de politie/digitale recherche:S
Zo niet, doe dit als nog.
Deze link kan een toegevoegde waarde hebben tot het oprollen van een kinderporno bende.
Doe het volgende:
Download combofix.exe hier.
Schakel jou virus scanner nu uit.
Dit doe je rechts onderin jou taakbalk
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”.
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Wees geduldig en denk niet van de scanner is op tilt.
Post de inhoud van dit bestandje samen met een nieuw HijackThis logje.
Succes,
Huib;)
knien

31-07-2012 21:43

Duurde even maar het is gelukt.
ComboFix 12-07-30.03 - Frans 31-07-2012 21:20:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2336
Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Besmet exemplaar van c:\windows\SysWow64\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))
.
.
2012-07-31 19:25 . 2012-07-31 19:25 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 19:25 . 2012-07-31 19:25 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-31 09:30 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\users\Frans\AppData\Roaming\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\programdata\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:30 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 18:08 . 2012-07-28 18:08 ——– d—–w- c:\program files (x86)\ESET
2012-07-28 15:36 . 2012-07-28 15:36 ——– d—–w- c:\users\Frans\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 15:36 . 2012-07-31 10:20 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-07-28 15:02 . 2012-07-31 10:20 ——– d—–w- c:\programdata\fuxrjtmderiomvf
2012-07-13 16:20 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-13 16:13 . 2012-06-06 05:05 1390080 —-a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 16:13 . 2012-06-06 05:05 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:24 2048 —-a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-13 16:13 . 2012-06-06 06:06 2004480 —-a-w- c:\windows\system32\msxml6.dll
2012-07-13 16:13 . 2012-06-06 06:06 1881600 —-a-w- c:\windows\system32\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:55 2048 —-a-w- c:\windows\system32\msxml3r.dll
2012-07-11 16:03 . 2012-06-09 05:43 14172672 —-a-w- c:\windows\system32\shell32.dll
2012-07-07 23:38 . 2012-07-07 23:38 ——– d—–w- c:\windows\Msagent
2012-07-06 07:46 . 2010-02-23 08:16 294912 —-a-w- c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:32 . 2012-04-05 06:48 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 17:32 . 2011-09-02 10:47 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 16:17 . 2011-08-29 17:14 59701280 —-a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 11:56 38424 —-a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:56 2428952 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:56 57880 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:56 44056 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:56 701976 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:56 2622464 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:56 99840 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:56 186752 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:56 36864 —-a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-05-23 20:14 8139072 —-a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 5982528 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 2881856 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 2681664 —-a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25743168 —-a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 20:14 2524992 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25248064 —-a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 2445120 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 19607872 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 20:14 17551680 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 14298944 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 20:14 10194752 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-13 19:27 68928 —-a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 61248 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 1738048 —-a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 1468224 —-a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 2368832 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-05-21 04:01 8105280 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-05-21 04:01 2741568 —-a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 04:01 18044224 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-05-21 04:01 15322432 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-09-15 20:34 889664 —-a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-09-15 20:34 63296 —-a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-09-15 20:34 2561856 —-a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-09-15 20:34 118080 —-a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-09-15 20:34 3149632 —-a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-09-15 20:34 6151488 —-a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 —-a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-14 18:51 5559664 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:51 3913072 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“DAEMON Tools Pro Agent”=“c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
“AlcoholAutomount”=“c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“LifeCam”=“c:\program files (x86)\Microsoft LifeCam\LifeExp.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Adobe ARM (1)”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“SMART Board Tools”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
“SMART Ink”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
“Malwarebytes' Anti-Malware”=“c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer3”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys
S3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“VX1000”=“c:\windows\vVX1000.exe”
.
“LoadAppInit_DLLs”=0x0
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startpagina.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“Name”=“ActiveSync”
“DisplayName”=“Microsoft ActiveSync”
“Param1”=“ActiveSync”
“Type”=“wellknown”
“Order”=dword:00000001
“State”=dword:00000020
.
“Name”=“IESettings”
“Type”=“IESettings”
“Order”=dword:00000004
“State”=dword:00000003
.
“Name”=“MediaFiles”
“Type”=“MediaFiles”
“Order”=dword:00000003
“State”=dword:00000003
.
“Name”=“NPW”
“Param1”=“NPW”
“Type”=“wellknown”
“Order”=dword:00000002
“State”=dword:00000003
.
“Name”=“Outlook”
“DisplayName”=“Microsoft Outlook”
“Param1”=“Outlook”
“Type”=“wellknown”
“Order”=dword:00000000
“State”=dword:00000007
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-31 21:30:11 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-31 19:30
.
Pre-Run: 435.547.459.584 bytes beschikbaar
Post-Run: 435.243.175.936 bytes beschikbaar
.
- - End Of File - - BE30E35113C75B45069B68E1C9A027D6
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:38, on 31-7-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Frans\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11697 bytes
Groetjes Frans
fazantje

01-08-2012 14:46
Hoi Frans,
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
c:\programdata\fuxrjtmderiomvf
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
knien

01-08-2012 20:37

hallo Huib,
Alles gelukt hieronder de logjes.
ComboFix 12-07-31.03 - Frans 01-08-2012 20:01:36.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2408
Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Frans\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\programdata\fuxrjtmderiomvf”
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))
.
.
2012-08-01 18:07 . 2012-08-01 18:07 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 18:07 . 2012-08-01 18:07 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-31 09:30 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\users\Frans\AppData\Roaming\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\programdata\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:30 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 18:08 . 2012-07-28 18:08 ——– d—–w- c:\program files (x86)\ESET
2012-07-28 15:36 . 2012-07-28 15:36 ——– d—–w- c:\users\Frans\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 15:36 . 2012-07-31 10:20 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-07-28 15:02 . 2012-07-31 10:20 ——– d—–w- c:\programdata\fuxrjtmderiomvf
2012-07-13 16:20 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-13 16:13 . 2012-06-06 05:05 1390080 —-a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 16:13 . 2012-06-06 05:05 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:24 2048 —-a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-13 16:13 . 2012-06-06 06:06 2004480 —-a-w- c:\windows\system32\msxml6.dll
2012-07-13 16:13 . 2012-06-06 06:06 1881600 —-a-w- c:\windows\system32\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:55 2048 —-a-w- c:\windows\system32\msxml3r.dll
2012-07-11 16:03 . 2012-06-09 05:43 14172672 —-a-w- c:\windows\system32\shell32.dll
2012-07-07 23:38 . 2012-07-07 23:38 ——– d—–w- c:\windows\Msagent
2012-07-06 07:46 . 2010-02-23 08:16 294912 —-a-w- c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:32 . 2012-04-05 06:48 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 17:32 . 2011-09-02 10:47 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 16:17 . 2011-08-29 17:14 59701280 —-a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 11:56 38424 —-a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:56 2428952 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:56 57880 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:56 44056 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:56 701976 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:56 2622464 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:56 99840 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:56 186752 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:56 36864 —-a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-05-23 20:14 8139072 —-a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 5982528 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 2881856 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 2681664 —-a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25743168 —-a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 20:14 2524992 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25248064 —-a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 2445120 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 19607872 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 20:14 17551680 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 14298944 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 20:14 10194752 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-13 19:27 68928 —-a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 61248 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 1738048 —-a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 1468224 —-a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 2368832 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-05-21 04:01 8105280 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-05-21 04:01 2741568 —-a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 04:01 18044224 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-05-21 04:01 15322432 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-09-15 20:34 889664 —-a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-09-15 20:34 63296 —-a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-09-15 20:34 2561856 —-a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-09-15 20:34 118080 —-a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-09-15 20:34 3149632 —-a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-09-15 20:34 6151488 —-a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 —-a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-14 18:51 5559664 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:51 3913072 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_19.27.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-27 17:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 17:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 17:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-01 17:56 48322 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-31 19:17 43288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-01 17:56 43288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-29 17:03 . 2012-08-01 17:56 17006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2671133534-3839013441-1120917848-1001_UserData.bin
+ 2012-08-01 18:24 . 2012-08-01 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 18:24 . 2012-08-01 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-31 19:27 . 2012-07-31 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-31 19:26 476304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-01 18:22 476304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-29 19:38 . 2012-08-01 18:22 5983388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-12288.dat
- 2011-08-29 19:38 . 2012-07-31 19:26 5983388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-12288.dat
+ 2011-08-29 17:38 . 2012-08-01 18:22 36500456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-8192.dat
- 2011-08-29 17:38 . 2012-07-31 19:26 36500456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“DAEMON Tools Pro Agent”=“c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
“AlcoholAutomount”=“c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“LifeCam”=“c:\program files (x86)\Microsoft LifeCam\LifeExp.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Adobe ARM (1)”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“SMART Board Tools”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
“SMART Ink”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
“Malwarebytes' Anti-Malware”=“c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer3”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys
S3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“VX1000”=“c:\windows\vVX1000.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startpagina.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“Name”=“ActiveSync”
“DisplayName”=“Microsoft ActiveSync”
“Param1”=“ActiveSync”
“Type”=“wellknown”
“Order”=dword:00000001
“State”=dword:00000020
.
“Name”=“IESettings”
“Type”=“IESettings”
“Order”=dword:00000004
“State”=dword:00000003
.
“Name”=“MediaFiles”
“Type”=“MediaFiles”
“Order”=dword:00000003
“State”=dword:00000003
.
“Name”=“NPW”
“Param1”=“NPW”
“Type”=“wellknown”
“Order”=dword:00000002
“State”=dword:00000003
.
“Name”=“Outlook”
“DisplayName”=“Microsoft Outlook”
“Param1”=“Outlook”
“Type”=“wellknown”
“Order”=dword:00000000
“State”=dword:00000007
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-01 20:27:28 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-01 18:27
ComboFix2.txt 2012-07-31 19:30
.
Pre-Run: 435.229.167.616 bytes beschikbaar
Post-Run: 434.761.506.816 bytes beschikbaar
.
- - End Of File - - 0621B062C4A13A46717CBB81AE2FE304
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:31, on 1-8-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Frans\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11644 bytes
Groetjes Frans
fazantje

01-08-2012 20:50
Hoi Frans,
Ik had file aangegeven i.p.v. folder:?
Dus graag onderstaande nogmaals even uitvoeren want hij staat er nog in.
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
c:\programdata\fuxrjtmderiomvf
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
knien

01-08-2012 21:18

Opnieuw geprobeerd maar als combofix klaar is moet ik zelf de computer opnieuw opstarten omdat ik het logje van combofix niet kan openen. Na opstarten wel.
ComboFix 12-07-31.03 - Frans 01-08-2012 20:54:56.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2479
Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Frans\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fuxrjtmderiomvf
c:\programdata\fuxrjtmderiomvf\btn-green.png
c:\programdata\fuxrjtmderiomvf\corners-btn.png
c:\programdata\fuxrjtmderiomvf\corners1.png
c:\programdata\fuxrjtmderiomvf\corners2.png
c:\programdata\fuxrjtmderiomvf\corners3.png
c:\programdata\fuxrjtmderiomvf\corners4.png
c:\programdata\fuxrjtmderiomvf\ie6-7.css
c:\programdata\fuxrjtmderiomvf\McAfee.png
c:\programdata\fuxrjtmderiomvf\nl-flag.png
c:\programdata\fuxrjtmderiomvf\nl-image.png
c:\programdata\fuxrjtmderiomvf\pay7.png
c:\programdata\fuxrjtmderiomvf\pay8.png
c:\programdata\fuxrjtmderiomvf\pay9.png
c:\programdata\fuxrjtmderiomvf\steps-en.png
c:\programdata\fuxrjtmderiomvf\steps-nl.png
c:\programdata\fuxrjtmderiomvf\style.css
c:\programdata\fuxrjtmderiomvf\tabs.png
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))
.
.
2012-08-01 19:00 . 2012-08-01 19:00 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 19:00 . 2012-08-01 19:00 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-07-31 09:30 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\users\Frans\AppData\Roaming\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:00 ——– d—–w- c:\programdata\Malwarebytes
2012-07-31 09:00 . 2012-07-31 09:30 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 18:08 . 2012-07-28 18:08 ——– d—–w- c:\program files (x86)\ESET
2012-07-28 15:36 . 2012-07-28 15:36 ——– d—–w- c:\users\Frans\AppData\Roaming\SUPERAntiSpyware.com
2012-07-28 15:36 . 2012-07-31 10:20 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-07-13 16:20 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
2012-07-13 16:13 . 2012-06-06 05:05 1390080 —-a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 16:13 . 2012-06-06 05:05 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:24 2048 —-a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-13 16:13 . 2012-06-06 06:06 2004480 —-a-w- c:\windows\system32\msxml6.dll
2012-07-13 16:13 . 2012-06-06 06:06 1881600 —-a-w- c:\windows\system32\msxml3.dll
2012-07-13 16:13 . 2010-06-26 03:55 2048 —-a-w- c:\windows\system32\msxml3r.dll
2012-07-11 16:03 . 2012-06-09 05:43 14172672 —-a-w- c:\windows\system32\shell32.dll
2012-07-07 23:38 . 2012-07-07 23:38 ——– d—–w- c:\windows\Msagent
2012-07-06 07:46 . 2010-02-23 08:16 294912 —-a-w- c:\windows\system32\browserchoice.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 17:32 . 2012-04-05 06:48 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 17:32 . 2011-09-02 10:47 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 16:17 . 2011-08-29 17:14 59701280 —-a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 11:56 38424 —-a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:56 2428952 —-a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:56 57880 —-a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:56 44056 —-a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:56 701976 —-a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:56 2622464 —-a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:56 99840 —-a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:56 186752 —-a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:56 36864 —-a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:48 . 2012-05-23 20:14 8139072 —-a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 5982528 —-a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 20:14 2881856 —-a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 2681664 —-a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25743168 —-a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 20:14 2524992 —-a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 20:14 25248064 —-a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 2445120 —-a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 20:14 19607872 —-a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 20:14 17551680 —-a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 20:14 14298944 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 20:14 10194752 —-a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-13 19:27 68928 —-a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 61248 —-a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-03-13 19:27 1738048 —-a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 1468224 —-a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-03-13 19:27 2368832 —-a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-05-21 04:01 8105280 —-a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-05-21 04:01 2741568 —-a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-05-21 04:01 18044224 —-a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-05-21 04:01 15322432 —-a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-09-15 20:34 889664 —-a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-09-15 20:34 63296 —-a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-09-15 20:34 2561856 —-a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2011-09-15 20:34 118080 —-a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-09-15 20:34 3149632 —-a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-09-15 20:34 6151488 —-a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 —-a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-14 18:51 5559664 —-a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:50 3968368 —-a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:51 3913072 —-a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_19.27.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-27 17:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 17:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 17:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 19:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-08-01 18:31 48486 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-31 19:17 43288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-01 18:31 43288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-29 17:03 . 2012-08-01 18:31 17062 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2671133534-3839013441-1120917848-1001_UserData.bin
- 2012-07-31 19:27 . 2012-07-31 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-01 19:01 . 2012-08-01 19:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-31 19:26 476304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-01 19:00 476304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-29 19:38 . 2012-08-01 19:00 5983388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-12288.dat
- 2011-08-29 19:38 . 2012-07-31 19:26 5983388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-12288.dat
+ 2011-08-29 17:38 . 2012-08-01 19:00 36500456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-8192.dat
- 2011-08-29 17:38 . 2012-07-31 19:26 36500456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2671133534-3839013441-1120917848-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“DAEMON Tools Pro Agent”=“c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe”
“DAEMON Tools Lite”=“c:\program files (x86)\DAEMON Tools Lite\DTLite.exe”
“AlcoholAutomount”=“c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe”
.
“AVG_TRAY”=“c:\program files (x86)\AVG\AVG10\avgtray.exe”
“LifeCam”=“c:\program files (x86)\Microsoft LifeCam\LifeExp.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Adobe ARM (1)”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“SMART Board Service”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe”
“SMART Board Tools”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
“SMART Ink”=“c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
“Malwarebytes' Anti-Malware”=“c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“mixer3”=wdmaud.drv
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
@=“”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys
S3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
.
.
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe”
“VX1000”=“c:\windows\vVX1000.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startpagina.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\
FF - prefs.js: browser.startup.homepage - startpagina.nl
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
“Name”=“ActiveSync”
“DisplayName”=“Microsoft ActiveSync”
“Param1”=“ActiveSync”
“Type”=“wellknown”
“Order”=dword:00000001
“State”=dword:00000020
.
“Name”=“IESettings”
“Type”=“IESettings”
“Order”=dword:00000004
“State”=dword:00000003
.
“Name”=“MediaFiles”
“Type”=“MediaFiles”
“Order”=dword:00000003
“State”=dword:00000003
.
“Name”=“NPW”
“Param1”=“NPW”
“Type”=“wellknown”
“Order”=dword:00000002
“State”=dword:00000003
.
“Name”=“Outlook”
“DisplayName”=“Microsoft Outlook”
“Param1”=“Outlook”
“Type”=“wellknown”
“Order”=dword:00000000
“State”=dword:00000007
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-01 21:05:00 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-01 19:04
ComboFix2.txt 2012-08-01 18:27
ComboFix3.txt 2012-07-31 19:30
.
Pre-Run: 434.865.876.992 bytes beschikbaar
Post-Run: 434.758.422.528 bytes beschikbaar
.
- - End Of File - - E9D00F9012CBF9DFCE7502B5BC56A718
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:29, on 1-8-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Frans\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 11696 bytes
Hopelijk nu wel goed.
Groet Frans
fazantje

01-08-2012 21:30

Hoi Frans,
Nu is het goed gegaan:D
Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
Windows 7
Ga naar Start en dan naar Configuratiescherm
Klik op Systeem en kies vervolgens Systeembeveiliging.
Dit opent het venster Systeemeigenschappen.
Onder Beveiligingsinstellingen selecteer je de harde schijf / partitie en klik op configureren.
Klik op de knop Verwijderen om alle herstelpunten op de geselecteerde partitie / harde schijf te verwijderen.
Klik op Toepassen en daarna op OK.
Herstart de computer.
Schakel nu systeemherstel weer opnieuw in!
Nu gaan we nog even schoonmaken;
Voer punt 5 en 6 uit van ons Schoonmaakplan.
Kijk ook even op deze pagina bij “prive berichten”.
Ik heb je een bericht gestuurd;)
Succes,
Huib;)

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

nakijken logje

knien

fazantje

knien

fazantje

knien

fazantje

knien

fazantje

knien

fazantje