virussen en adware

Daniel

04-07-2013 22:19

hallo
heb een laptop met wat virusmeldingen gehad en ellendige progamma,s
gr Daan.Logfile of random's system information tool 1.09 (written by random/random)
Run by Dennis at 2013-07-04 22:09:56
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 166 GB (87%) free of 191 GB
Total RAM: 1013 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:10:37, on 4-7-2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dennis\Downloads\RSIT.exe
C:\Program Files\trend micro\Dennis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\27.0.1453.110\npchrome_frame.dll
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\27.0.1453.110\npchrome_frame.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
–
End of file - 4632 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
ChromeFrame BHO - C:\Program Files\Google\Chrome\Application\27.0.1453.110\npchrome_frame.dll
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“MSC”=c:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Dennis\AppData\Local\Temp\wlsidten.dll,H1N1
C:\Windows\system32\igfxdev.dll
“ConsentPromptBehaviorUser”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
“NoDriveTypeAutoRun”=145
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-07-04 22:09:57 —-D—- C:\Program Files\trend micro
2013-07-04 22:09:56 —-D—- C:\rsit
2013-07-04 21:08:40 —-D—- C:\Program Files\ESET
2013-07-04 20:41:07 —-A—- C:\AdwCleaner.txt
2013-07-04 20:15:09 —-D—- C:\Program Files\Microsoft Security Client
2013-07-04 20:07:47 —-A—- C:\Windows\system32\javaws.exe
2013-07-04 20:07:15 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2013-07-04 20:07:15 —-A—- C:\Windows\system32\javaw.exe
2013-07-04 20:07:15 —-A—- C:\Windows\system32\java.exe
2013-07-04 20:06:44 —-D—- C:\Program Files\Java
2013-07-04 19:47:06 —-A—- C:\Windows\ntbtlog.txt
2013-06-13 00:37:58 —-A—- C:\Windows\system32\FlashPlayerInstaller.exe
======List of files/folders modified in the last 1 month======
2013-07-04 22:09:57 —-RD—- C:\Program Files
2013-07-04 22:09:52 —-D—- C:\Windows\Temp
2013-07-04 21:08:42 —-SD—- C:\Windows\Downloaded Program Files
2013-07-04 21:06:07 —-SHD—- C:\Windows\Installer
2013-07-04 21:06:07 —-D—- C:\ProgramData\Skype
2013-07-04 21:06:02 —-D—- C:\Program Files\Common Files
2013-07-04 21:05:56 —-D—- C:\Users\Dennis\AppData\Roaming\Skype
2013-07-04 21:05:06 —-SHD—- C:\System Volume Information
2013-07-04 20:59:53 —-D—- C:\Windows\system32\drivers
2013-07-04 20:59:53 —-D—- C:\Windows\PCHEALTH
2013-07-04 20:48:59 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-07-04 20:42:23 —-D—- C:\Windows\system32\catroot
2013-07-04 20:07:47 —-D—- C:\Windows\System32
2013-07-04 20:06:51 —-A—- C:\Windows\system32\npdeployJava1.dll
2013-07-04 20:06:51 —-A—- C:\Windows\system32\deployJava1.dll
2013-07-04 20:05:56 —-D—- C:\Windows\Prefetch
2013-07-04 19:56:41 —-HD—- C:\ProgramData
2013-07-04 19:56:41 —-D—- C:\Windows
2013-07-04 19:54:54 —-D—- C:\Windows\inf
2013-07-04 19:49:02 —-D—- C:\Windows\SoftwareDistribution
2013-07-04 19:25:14 —-D—- C:\Program Files\Google
2013-06-21 16:19:38 —-D—- C:\Windows\Debug
2013-06-21 16:08:17 —-D—- C:\ProgramData\Microsoft Help
2013-06-21 16:02:07 —-A—- C:\Windows\system32\mrt.exe
2013-06-13 00:39:02 —-A—- C:\Windows\system32\FlashPlayerApp.exe
2013-06-13 00:29:45 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-06-09 14:21:40 —-D—- C:\Windows\system32\catroot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys
R3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys
S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys
S3 iatmunin;iatmunin; \??\C:\Users\Dennis\AppData\Local\Temp\iatmunin.sys
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys
S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
—————–EOF—————–
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.07.04.08
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Dennis :: PC_VAN_DENNIS
4-7-2013 20:49:44
mbam-log-2013-07-04 (20-49-44).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 192497
Verstreken tijd: 8 minuut/minuten, 38 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\Dennis\AppData\Roaming\skype.dat (Trojan.FakeAlert.RGenX) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
# AdwCleaner v2.304 - Verslag gemaakt op 04/07/2013 om 20:41:07
# Geactualiseerd op 03/07/2013 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Gebruiker : Dennis - PC_VAN_DENNIS
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Dennis\Downloads\adwcleaner.exe
# Optie
***** *****
***** *****
File Verwijderd : C:\END
Map Verwijderd : C:\Program Files\Common Files\AVG Secure Search
Map Verwijderd : C:\Program Files\Conduit
Map Verwijderd : C:\Users\Dennis\AppData\Local\Conduit
Map Verwijderd : C:\Users\Dennis\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Dennis\AppData\LocalLow\findr
Map Verwijderd : C:\Users\Dennis\AppData\LocalLow\PriceGong
Map Verwijderd : C:\Users\Dennis\AppData\Roaming\dvdvideosoftiehelpers
Map Verwijderd : C:\Users\Dennis\AppData\Roaming\OpenCandy
***** *****
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Verwijderd : HKCU\Software\Conduit
Sleutel Verwijderd : HKCU\Software\IGearSettings
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Sleutel Verwijderd : HKLM\Software\Conduit
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Waarde Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
***** *****
-\\ Internet Explorer v7.0.6001.18639
Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Ben

05-07-2013 08:48

Hallo,
Waarom is je Windows niet up-to-date?
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
;r
C:\Users\Dennis\AppData\Local\Temp\wlsidten.dll;f
iatmunin;s
C:\Users\Dennis\AppData\Local\Temp\iatmunin.sys;f
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
daniel

05-07-2013 10:57

hoi
klopt laptop is tijdje niet gebruikt
is nu updates aan t zoeken
logje
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by Dennis on vr 05-07-2013 at 10:43:08,45.
Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
5-7-2013 10:43:44 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_05-07-2013_1045.zip ======================
Copied file C:\Users\Dennis\avg_free_stb_all_2013_3343_cnet.exe to sample\avg_free_stb_all_2013_3343_cnet.exe
Copied file C:\Users\Dennis\winzip16-32.exe to sample\winzip16-32.exe
sample\avg_free_stb_all_2013_3343_cnet.exe renamed to 9FB0193A4D325C90B76F03794A04214E
sample\winzip16-32.exe renamed to 510990E49318F60F1284EDFCCEDC8245
C:\Users\Public\Desktop\sample_05-07-2013_1045.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Dennis\Downloads\zoek.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iatmunin deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iatmunin deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
“C:\Users\Dennis\AppData\Local\Temp\wlsidten.dll” not found
“C:\Users\Dennis\AppData\Local\Temp\iatmunin.sys” not found
“C:\ProgramData\netdislw.pad” deleted
“C:\Users\Dennis\avg_free_stb_all_2013_3343_cnet.exe” deleted
“C:\Users\Dennis\winzip16-32.exe” deleted
“C:\Program Files\Vittalia” deleted
“C:\Program Files\Common Files\DVDVideoSoft\bin” deleted
==== System Specs ======================
Windows: Windows Vista Home Premium Edition Service Pack 1 (Build 6001)
Memory (RAM): 1014 MB
CPU Info: Genuine Intel(R) CPU T2080 @ 1.73GHz
CPU Speed: 1255,1 MHz
Sound Card: Luidsprekers (High Definition A |
Display Adapters: Mobile Intel(R) 945 Express Chipset Family | Mobile Intel(R) 945 Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1280 X 800 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5006X Wireless Network Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCD/DVDW TS-L632D
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 186,3GB
Hard Disks - Free: C: 155,1GB
Manufacturer *: TOSHIBA
BIOS Info: AT/AT COMPATIBLE | 03/26/07 | TOSCPL - 6040000
Time Zone: West-Europa (standaardtijd)
Motherboard *: TOSHIBA ISKAE
Internet Explorer Version: 7.0.6001.18000
Sun Java version: 1.7.0_25
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Dennis\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-07-04 18:07:15 1D9B3568CFDB55316985A053D6D96030 94632 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-04 20:09:57 ——– d—–w- C:\Program Files\trend micro
2013-07-04 19:08:40 ——– d—–w- C:\Program Files\ESET
======= C: =====
2013-07-04 18:41:07 1714F5CF038A50175B136E7EE218DFE1 3486 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Dennis\AppData\Roaming ======
2013-06-11 15:10:48 ——– d—–w- C:\users\Default\AppData\Roaming\TuneUp Software
2013-06-11 15:10:48 ——– d—–w- C:\users\Default User\AppData\Roaming\TuneUp Software
====== C:\Users\Dennis ======
====== C: exe-files ==
2013-07-04 22:29:36 C77CEFCE1DA1107E83D2745766E0FEA2 33573216 —-a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_chrome_installer.exe
2013-07-04 20:09:57 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\trend micro\Dennis.exe
2013-07-04 19:08:40 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-07-04 19:08:40 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-07-04 19:08:40 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-07-04 19:08:40 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-07-04 19:08:40 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-07-04 17:26:30 80633916458CC8041D0F483B7633E9F6 1582944 —-a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe
=== C: other files ==
2013-07-05 08:45:54 C243AEB9FE75CA4D67837CB2DD848FED 35218738 —-a-w- C:\Users\Public\Desktop\sample_05-07-2013_1045.zip
==== Startup Registry Enabled ======================
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /detectMem”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Adobe ARM”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Sidebar”
“hkey”=“HKCU”
“command”=“C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“SunJavaUpdateSched”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a——
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a——
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.nl/”
No DefaultScope Set For HKCU
New Values:
“Start Page”=“http://www.google.nl/”
“DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Dennis\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
==== EOF on vr 05-07-2013 at 10:52:05,38 ======================
Ben

05-07-2013 11:52

Hallo,
Doe het volgende:
Download ComboFix
>>Hier<<, kunt je lezen hoe je Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
daniel

05-07-2013 13:11

logje
ComboFix 13-07-04.01 - Dennis 05-07-2013 12:54:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.1013.259
Gestart vanuit: c:\users\Dennis\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-05 to 2013-07-05 ))))))))))))))))))))))))))))))
.
.
2013-07-05 10:59 . 2013-07-05 10:59 ——– d—–w- c:\users\Dennis\AppData\Local\temp
2013-07-05 10:59 . 2013-07-05 10:59 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-07-05 09:25 . 2010-04-28 05:44 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
2013-07-05 09:25 . 2013-07-05 09:25 ——– dc—-w- c:\windows\system32\DRVSTORE
2013-07-05 09:25 . 2013-07-05 09:25 ——– d—–w- c:\program files\Microsoft
2013-07-05 09:25 . 2013-07-05 09:25 ——– d—–w- c:\program files\Windows Live
2013-07-05 09:25 . 2013-07-05 09:25 ——– d—–w- c:\program files\Windows Live SkyDrive
2013-07-05 09:05 . 2013-07-05 09:30 ——– d—–w- c:\program files\Microsoft Silverlight
2013-07-05 08:59 . 2013-06-17 00:10 7068072 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26FB9635-F806-4ECC-8240-D2AA141DCEC0}\mpengine.dll
2013-07-05 08:52 . 2013-06-17 00:10 7068072 —-a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-05 08:49 . 2013-07-05 08:43 24064 —-a-w- c:\windows\zoek-delete.exe
2013-07-04 20:09 . 2013-07-04 20:10 ——– d—–w- c:\program files\trend micro
2013-07-04 20:09 . 2013-07-04 20:10 ——– d—–w- C:\rsit
2013-07-04 19:08 . 2013-07-04 19:08 ——– d—–w- c:\program files\ESET
2013-07-04 18:23 . 2013-07-04 18:22 724464 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-04 18:23 . 2013-07-04 18:22 724464 ——w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{147F73AF-2A37-4A03-9D61-37823EC5B273}\gapaengine.dll
2013-07-04 18:15 . 2013-07-04 18:16 ——– d—–w- c:\program files\Microsoft Security Client
2013-07-04 18:07 . 2013-07-04 18:07 94632 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-04 18:06 . 2013-07-04 18:06 ——– d—–w- c:\program files\Java
2013-06-12 22:37 . 2013-06-12 22:38 8610696 —-a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-11 15:10 . 2013-06-11 15:10 ——– d—–w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 18:06 . 2012-07-06 13:42 867240 —-a-w- c:\windows\system32\npdeployJava1.dll
2013-07-04 18:06 . 2012-03-05 21:10 789416 —-a-w- c:\windows\system32\deployJava1.dll
2013-06-12 22:39 . 2012-10-03 12:07 692104 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 22:39 . 2012-03-05 20:07 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-10-28 14:06 238872 ——w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe”
.
“ConsentPromptBehaviorUser”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
@=“Service”
.
2011-06-06 11:55 937920 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
2008-01-21 02:23 1233920 —-a-w- c:\program files\Windows Sidebar\sidebar.exe
.
2013-03-12 05:32 253816 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Vittalia - c:\program files\Vittalia\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-05 12:59
Windows 6.0.6001 Service Pack 1 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
Voltooingstijd: 2013-07-05 13:01:52
ComboFix-quarantined-files.txt 2013-07-05 11:01
.
Pre-Run: 163.995.557.888 bytes beschikbaar
Post-Run: 163.944.140.800 bytes beschikbaar
.
- - End Of File - - 563188EA47F738263C04905FA10C2A27
5C616939100B85E558DA92B899A0FC36
Ben

05-07-2013 14:39

Hallo,
Download: http://www.bleepingcomputer.com/download/securitycheck/ en sla het op je Bureaublad op.
Start Security Check.
Volg de Instructies in het scherm.
Aan het eind verschijnt een log (checkup.txt) plaats de inhoud ervan in je volgende antwoord.
Vertel er ook bij hoe je pc nu draait.
Gr.Ben
daniel

05-07-2013 14:57

logje
Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
EasyCleaner
Java 7 Update 25
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
.
Ben

05-07-2013 15:08

Hallo,
Out of date service pack!! Download en instaleer nu eerst SP 2: http://www.microsoft.com/nl-nl/download/details.aspx?id=15278
Internet Explorer 7 Out of date! Update naar IE9 voor betere bescherming.
Plaats hierna een nieuw logje van Security Check .
Gr.Ben
daniel

05-07-2013 15:19

foutmelding bij sp2 install
http://support.microsoft.com/kb/968279
Ben

05-07-2013 15:23

Hallo,
Heb eerst SP 2 gedownload en daarna geïnstalleerd?
Je kunt proberen of de system file checker (sfc) iets kan repareren:
Start - Alle Programma's - Bureauaccessoires - Rechtsklik op Opdrachtprompt en kies voor ‘als Administrator uitvoeren’
Typ in dat zwarte scherm: sfc /scannow . Dat duurt wel even.
Installeer hierna SP2.
Gr.Ben

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

virussen en adware

Daniel

Ben

daniel

Ben

daniel

Ben

daniel

Ben

daniel

Ben