pc traag en virusscanner loopt vast

Abigail · 19 oktober 2012

Hoi,

Als ik een virusscanner (maakt niet uit welke) een volledige scan laat uitvoeren blijft het telkens vastlopen op een bepaalde file (jpg file kan niet de volledige pad zien). Deze file zit ergens verborgen in AppData van Windows. Handmatig kan ik het niet terugvinden. Door de scan reageert niets meer waardoor ik mn pc alleen via de powerknop kan afsluiten.

Een snelle scan uitvoeren werkt overigens wel. Via microsoft security essentials heb ik al een virus verwijderd. Daarna heb ik nog een snelle scan uitgevoerd via mbam waarbij ik nog twee dingen heb verwijderd. Mn taakbeheer werkt nu wel weer, deze deed het voor het verwijderen niet meer. Pc doet nu ook erg traag.

Hoe kan ik voorbij deze file komen zodat ik een volledige scan kan uitvoeren? Ik weet nu ook niet of ik nog virussen heb. Hieronder een hijackthis logje.

Graag jullie hulp. Alvast bedankt.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:39:29, on 19-10-2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Program Files\DNA\btdna.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SABnzbd\SABnzbd.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - SOURCENEXT - C:\Windows\system32\bgsvcgen.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

--

End of file - 12297 bytes

kape · 20 oktober 2012

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Analysis of program downloads scanned for viruses and spyware.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw logje van HijackThis .

Abigail · 20 oktober 2012

ComboFix 12-10-19.01 - 20-10-2012 12:34:31.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3066.1626 [GMT 2:00]

Gestart vanuit: c:\users\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\program files\Mozilla Firefox\components\AskHPRFF.js

c:\programdata\Roaming

c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini

c:\users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url

c:\users\AppData\Roaming\Zione

c:\users\AppData\Roaming\Zione\elbif.fag

c:\users\Favorites\Videos.url

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_nvsvc

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-20 to 2012-10-20 ))))))))))))))))))))))))))))))

.

2012-10-20 01:14 . 2012-10-17 15:40 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-10-20 01:14 . 2012-10-17 15:40 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1692DC6-802A-4FFE-9EB3-E2BBC66AA6DC}\gapaengine.dll

2012-10-20 01:12 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B43BBB55-F70C-45E6-9246-EA1CFE759F5C}\mpengine.dll

2012-10-19 20:43 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-19 09:16 . 2012-10-19 09:16 -------- d-----w- c:\windows\system32\EventProviders

2012-10-19 07:21 . 2012-10-19 07:21 -------- d-----w- c:\program files\Common Files\Java

2012-10-19 07:21 . 2012-10-19 07:21 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-19 07:18 . 2012-10-19 07:18 -------- d-----w- c:\programdata\McAfee

2012-10-18 20:47 . 2012-10-18 20:47 388096 ----a-r- c:\users\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-18 20:47 . 2012-10-18 20:47 -------- d-----w- c:\program files\Trend Micro

2012-10-17 23:43 . 2012-10-17 23:43 -------- d-----w- C:\6a1458f5c0a03a677d206e

2012-10-17 23:11 . 2012-10-17 23:11 -------- d-----w- c:\users\AppData\Roaming\Malwarebytes

2012-10-17 23:10 . 2012-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-17 23:10 . 2012-10-17 23:10 -------- d-----w- c:\programdata\Malwarebytes

2012-10-17 23:10 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-17 22:36 . 2012-10-17 22:36 -------- d-----w- C:\69152d92c16c11b33475

2012-10-17 22:03 . 2012-10-17 22:03 -------- d-----w- C:\6eaa69b3a1f65b3fbc3bbf673cd598

2012-10-17 20:45 . 2012-10-17 20:45 -------- d-----w- C:\a859486ea2d25819a7

2012-10-17 15:35 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55903D0C-3958-4001-A9E3-2358F28A6019}\mpengine.dll

2012-10-17 15:21 . 2012-10-17 15:23 -------- d-----w- c:\program files\Microsoft Security Client

2012-10-17 15:20 . 2010-04-05 17:03 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-17 15:20 . 2010-04-05 17:02 220040 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-17 15:20 . 2010-04-05 17:02 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-10-17 15:20 . 2010-04-05 16:29 438272 ----a-w- c:\windows\system32\IKEEXT.DLL

2012-10-17 15:20 . 2010-04-05 16:29 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2012-10-17 15:20 . 2010-04-05 16:28 328704 ----a-w- c:\windows\system32\BFE.DLL

2012-10-17 15:07 . 2012-10-17 15:07 -------- d-----w- c:\users\AppData\Local\MFAData

2012-10-17 15:07 . 2012-10-17 15:07 -------- d-----w- c:\users\AppData\Local\Avg2013

2012-09-28 19:34 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-09-28 19:33 . 2012-09-28 19:33 -------- d-----w- c:\program files\iPod

2012-09-28 19:32 . 2012-09-28 19:34 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-19 07:21 . 2010-05-26 23:19 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-30 20:03 . 2012-08-30 20:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-21 11:01 . 2009-12-24 17:25 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-07-27 20:10 . 2012-07-24 17:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-27 20:10 . 2012-07-24 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"BitTorrent DNA"="c:\users\Program Files\DNA\btdna.exe" [2009-11-13 323392]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-08 92704]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

c:\users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

SABnzbd.lnk - c:\program files\SABnzbd\SABnzbd.exe [2010-5-2 336896]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

NA [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-19 c:\windows\Tasks\User_Feed_Synchronization-{1E2EF721-28F6-4F3B-82C6-A7B71D9873C7}.job

- c:\windows\system32\msfeedssync.exe [2010-10-31 04:25]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hotmail.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

TCP: DhcpNameServer = 192.168.1.254

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\AppData\Roaming\Mozilla\Firefox\Profiles\yxaqflav.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: browser.startup.homepage - www.google.nl

FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-20 12:46

Windows 6.0.6001 Service Pack 1 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(6080)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Samsung\Easy Display Manager\dmhkcore.exe

c:\program files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-20 12:52:27 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-20 10:52

.

Pre-Run: 82.109.886.464 bytes beschikbaar

Post-Run: 89.541.292.032 bytes beschikbaar

.

- - End Of File - - DF5721966D3A20F2171D59C12FC7EC0D

Abigail · 20 oktober 2012

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:19:33, on 20-10-2012

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Program Files\DNA\btdna.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\SABnzbd\SABnzbd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\DllHost.exe