igorjik1992

19 juni 2012

Ik denk dat het opgelost is.

Heel erg bedankt!

10 juni 2012

ComboFix 12-06-10.01 - Diana(L)Igor 10-06-2012 19:14:30.1.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.2814.1711 [GMT 2:00]

Gestart vanuit: c:\users\Diana(L)Igor\Desktop\ComboFix.exe

AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\6D8F4CB268.sys

c:\programdata\alwwtgjxwqidooy

c:\users\Diana(L)Igor\mbam.exe

c:\windows\system32\spsys.log

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-10 to 2012-06-10 ))))))))))))))))))))))))))))))

.

2012-06-10 17:34 . 2012-06-10 17:37 -------- d-----w- c:\users\Diana(L)Igor\AppData\Local\temp

2012-06-10 17:34 . 2012-06-10 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-09 07:06 . 2012-06-09 07:06 388096 ----a-r- c:\users\Diana(L)Igor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-09 07:06 . 2012-06-09 07:06 -------- d-----w- c:\program files\Trend Micro

2012-06-06 18:45 . 2012-06-06 18:45 -------- d-----w- c:\programdata\uvspwgqgogwycek

2012-05-19 09:47 . 2012-05-19 09:47 -------- d-----w- c:\users\Diana(L)Igor\AppData\Roaming\dvdcss

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr

2012-04-04 13:56 . 2010-04-23 20:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-09-21 2816328]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2009-12-30 523408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-06 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-23 202256]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - FSUSBEXDISK

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-10 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

.

2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 20:16]

.

2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-23 20:16]

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Presario&pf=cnnb

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath -

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-NPSStartup - (no file)

HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

**************************************************************************

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden:

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4460)

c:\windows\system32\ieframe.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\KPN\Mobiel Internet Software\BecHelperService.exe

c:\windows\system32\FsUsbExService.Exe

c:\program files\KPN\Mobiel Internet Software\LoggerServer.exe

c:\program files\Giraffic\Veoh_GirafficWatchdog.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\SMINST\BLService.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\System32\TUProgSt.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Giraffic\Veoh_Giraffic.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\windows\System32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-10 19:46:27 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-10 17:45

.

Pre-Run: 59.124.146.176 bytes beschikbaar

Post-Run: 68.181.147.648 bytes beschikbaar

.

- - End Of File - - 3AE840FEABBB24654E5EA9D0B5E77502

10 juni 2012

Mbam had niks gevonden.

Hijackthis had 3 van de 10 verwijdered, tweede poging niks verwijdered 0/7.

Beide programmas als administrator uitgevoerd.

mbam log

Malwarebytes Anti-Malware 1.61.0.1400

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.06.10.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

Diana(L)Igor :: PC_VAN_DIANA [administrator]

10-6-2012 11:11:44

mbam-log-2012-06-10 (11-11-44).txt

Scantype: Snelle scan

Uitgeschakelde scanopties: P2P

Objecten gescand: 213193

Verstreken tijd: 24 minuut/minuten, 52 seconde(n)

Geheugenprocessen gedetecteerd: 0