Danieldevries33
-
Items
23 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Danieldevries33
-
excuus voor de late reactie. Ik heb punt 42 uitgevoerd zoals hierboven omschreven. Resultaat: bij longtest geeft ie aan dat er zich 2 errors bevinden op de harde schijf. Ik kon alleen niets kopiëren en er stond ook niet bij wat de errors waren, alleen dat de long test mislukt was (long test failed). Kunnen deze errors verholpen worden. Mvg, Daniel
-
Beste Asus, ik heb vanmiddag mijn laptop schoon gemaakt door onder andere de fan stofvrij te maken en de gehele binnenkant stofvrij te maken zoals aangegeven in eerder gestuurde handleiding. De PC is qua temperatuur een stuk koeler (van 84 graden naar 45-50 graden via Speccy). Daarna heb ik een volledige scan gedaan met Avast, maar nog steeds loopt mijn laptop vast of wordt hij onverwacht afgesloten. Wat kan hier de oorzaak van zijn? Groet, Daniel
-
ik ga morgen beginnen met het stofvrij maken van mijn laptop. Heb gelezen hoe dit moet en zal het opvolgen. Maar is dit ook de reden waarom mijn laptop vastloopt bij scannen van harde schijf? Groet Daniel
-
Er waren 4 rijen met groene blokjes, halverwege de 5de rij loopt hij vast. Voledige Laptop naam is Asus X70L Serie -7S074A Pentium T2390 Display 17" WXGA+ HD 160 GB Memory 2 GB OS Vista Basic
-
Hallo Asus, ik heb drie keer geprobeerd mijn harde schijf te scannen met hd tune. Alle drie de keren loopt mijn computer vast. Ik kan dan helemaal niets meer met mijn laptop behalve via de uit knop mijn laptop uitzetten en weer aanzetten. Wat kan hier de oorzaak van zijn? groet, Daniel
-
OK, bestanden ga ik herstellen, maar heb je enig idee waarom avast bij volledige scan halverwege automatisch de computer opnieuw opstart? Als mijn computer schoon zou zijn, zou dit toch niet mogelijk moeten zijn? Groet, Daniel
-
helaas niet. Is er ook een andere mogelijkheid om deze bestanden te herstellen? groet daniël
-
[ATTACH]20666[/ATTACH] hierboven de bijgevoegde sfcdetails log. Hoop dat het nu goed is. Alvast bedankt voor je hulp sfcdetails.txt
-
ik krijg de volgende foutmelding: the following errors occured: sfcdetails.txt uploaden van bestand mislukt
-
Ik heb geprobeerd het bestand toe te voegen, maat het bestand is 0 bytes. Doe ik misschien iets verkeerd? ik heb de tekst precies zo over getypt als aangegeven. Ik hoor het graag als ik iets fout heb gedaan
-
Hallo Kape, Speccy geinstalleerd, graag zie heironder de link. http://speccy.piriform.com/results/cnPdFFtlYuDpSN3yqsl5kFT Vriendelijke groet, Daniel
-
Goedemorgen Kape, ik heb combofix en avast verwijderd zoals door jou aangegeven. Daarna heb ik een nieuwe proef versie van de site van avast gedownload. Vannacht heb ik Avast een volledige scan laten uitvoeren met als resultaat dat de computer door onbekende reden onverwacht is afgesloten. Er zit dus iets in mijn computer wat er voor zorgt dat Avast geen complete scan kan doen. Ook kan ik de automatische updates voor windows niet inschakelen zoals eerder aangegeven. Wat nu? Groet Daniël
-
Goedemiddag Kape, ik heb vandaag een volledige scan gedaan met Avast virusscanner. Halverwege wordt de pc opnieuw opgestart en wordt ongeveer volgende melding gegeven: uw computer is onverwacht afgesloten. Zoek online naar oplossing van het probleem. Enig idee hooe dit kan? Tevens zou ik graag de automatische updates van windows weer willen inschakelen, wat me tot op heden met geen mogelijkheid gelukt is. Groet en alvast bedankt voor je hulp, Daniel
-
De computer is nu beter dat zeker en denk ook een stuk schoner. Er is nog 1 ding wat niet werk en dat zijn de automatische updates van Windows. Deze staat standaard uitgeschakeld en als ik het wil inschakelen wordt de volgende melding gegeven: 'De instellingen kunnen niet door jet beveiligingscentrum worden gewijzigd.' Ook handmatig aanpassen lukt met geen mogelijkheid. Enig idee hoe ik dit het best kan oplossen en heb je nog een removal tool voor Antivir (vorige werkte niet)?
-
Hallo Kape, ik heb de removal tool gebruikt, alleen die van Antivir werkt niet. Dan gaat hij mijn pc controleren op mailware. Graag zie hieronder de het combifix logje: ComboFix 12-08-13.01 - hf1908 13-08-2012 22:48:33.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3062.1587 [GMT 2:00] Gestart vanuit: c:\users\hf1908\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\hf1908\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\$avg\$VAULT\vvfolder.idx c:\program files\AVG c:\program files\AVG\AVG2012\awacs\inclient_free\banner\content.dat c:\program files\AVG\AVG2012\awacs\inclient_free\sign.bin c:\program files\AVG\AVG2012\awacs\inclient_free\upgrade\content.dat c:\program files\AVG\AVG2012\awacs\inclient_free_cnet\sign.bin c:\program files\AVG\AVG2012\awacs\inclient_free_cnet\upgrade\content.dat c:\program files\AVG\AVG2012\awacs\inclient_trial\banner\content.dat c:\program files\AVG\AVG2012\awacs\inclient_trial\sign.bin c:\program files\AVG\AVG2012\awacs\mobilation\component\content.dat c:\program files\AVG\AVG2012\awacs\mobilation\component\image.bmp c:\program files\AVG\AVG2012\awacs\mobilation\sign.bin c:\program files\AVG\AVG2012\awacs\mobilation_en\component\content.dat c:\program files\AVG\AVG2012\awacs\mobilation_en\component\image.bmp c:\program files\AVG\AVG2012\awacs\mobilation_en\sign.bin c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\component\content.dat c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\component\image.bmp c:\program files\AVG\AVG2012\awacs\mobilation_en_sp1\sign.bin c:\program files\AVG\AVG2012\awacs\mobilation_sp1\component\content.dat c:\program files\AVG\AVG2012\awacs\mobilation_sp1\component\image.bmp c:\program files\AVG\AVG2012\awacs\mobilation_sp1\sign.bin c:\program files\AVG\AVG2012\awacs\multimi-banner-sp1\banner\content.dat c:\program files\AVG\AVG2012\awacs\multimi-banner-sp1\banner\mm.mht c:\program files\AVG\AVG2012\awacs\multimi-banner-sp1\sign.bin c:\program files\AVG\AVG2012\awacs\multimi-banner\banner\content.dat c:\program files\AVG\AVG2012\awacs\multimi-banner\banner\mm.mht c:\program files\AVG\AVG2012\awacs\multimi-banner\sign.bin c:\program files\AVG\AVG2012\awacs\speedtest\component\content.dat c:\program files\AVG\AVG2012\awacs\speedtest\component\speedtest.bmp c:\program files\AVG\AVG2012\awacs\speedtest\sign.bin c:\program files\AVG\AVG2012\awacs\speedtest_sp1\component\content.dat c:\program files\AVG\AVG2012\awacs\speedtest_sp1\component\speedtest2.bmp c:\program files\AVG\AVG2012\awacs\speedtest_sp1\sign.bin c:\programdata\AVG2012 c:\programdata\AVG2012\IDS\config\internalList.zip.bak c:\programdata\AVG2012\IDS\config\md5Cache.dat c:\programdata\AVG2012\IDS\config\quarantinedList.zip c:\programdata\AVG2012\IDS\config\quarantinedList.zip.bak c:\programdata\AVG2012\IDS\config\ShortcutCache.dat c:\programdata\AVG2012\IDS\config\userList.zip c:\programdata\AVG2012\IDS\config\userList.zip.bak c:\programdata\AVG2012\log\avgadvisor.log c:\programdata\AVG2012\log\avgadvisor.log.lock c:\programdata\AVG2012\log\avgcfg.log c:\programdata\AVG2012\log\avgcfg.log.lock c:\programdata\AVG2012\log\avgcfgex.log c:\programdata\AVG2012\log\avgcfgex.log.lock c:\programdata\AVG2012\log\avgchjw.log c:\programdata\AVG2012\log\avgchjw.log.1 c:\programdata\AVG2012\log\avgchjw.log.2 c:\programdata\AVG2012\log\avgchjw.log.3 c:\programdata\AVG2012\log\avgchjw.log.4 c:\programdata\AVG2012\log\avgchjw.log.5 c:\programdata\AVG2012\log\avgchjw.log.lock c:\programdata\AVG2012\log\avgcore.log c:\programdata\AVG2012\log\avgcore.log.1 c:\programdata\AVG2012\log\avgcore.log.2 c:\programdata\AVG2012\log\avgcore.log.3 c:\programdata\AVG2012\log\avgcore.log.4 c:\programdata\AVG2012\log\avgcore.log.lock c:\programdata\AVG2012\log\avgcsl.log c:\programdata\AVG2012\log\avgcsl.log.lock c:\programdata\AVG2012\log\avgdecider.log c:\programdata\AVG2012\log\avgdecider.log.1 c:\programdata\AVG2012\log\avgdecider.log.lock c:\programdata\AVG2012\log\avgdiagex.log c:\programdata\AVG2012\log\avgdiagex.log.lock c:\programdata\AVG2012\log\avgemc.log c:\programdata\AVG2012\log\avgemc.log.lock c:\programdata\AVG2012\log\avgexc.log c:\programdata\AVG2012\log\avgexc.log.lock c:\programdata\AVG2012\log\avgidpagent.log c:\programdata\AVG2012\log\avgidpagent.log.1 c:\programdata\AVG2012\log\avgidpagent.log.lock c:\programdata\AVG2012\log\avgidpfix.log c:\programdata\AVG2012\log\avgldr.log c:\programdata\AVG2012\log\avgldr.log.lock c:\programdata\AVG2012\log\avglng.log c:\programdata\AVG2012\log\avglng.log.lock c:\programdata\AVG2012\log\avgns.log c:\programdata\AVG2012\log\avgns.log.lock c:\programdata\AVG2012\log\avgpostinst.log c:\programdata\AVG2012\log\avgpostinst.log.lock c:\programdata\AVG2012\log\avgrkt.log c:\programdata\AVG2012\log\avgrkt.log.lock c:\programdata\AVG2012\log\avgrs.log c:\programdata\AVG2012\log\avgrs.log.lock c:\programdata\AVG2012\log\avgscan.log c:\programdata\AVG2012\log\avgscan.log.lock c:\programdata\AVG2012\log\avgsched.log c:\programdata\AVG2012\log\avgsched.log.1 c:\programdata\AVG2012\log\avgsched.log.2 c:\programdata\AVG2012\log\avgsched.log.3 c:\programdata\AVG2012\log\avgsched.log.4 c:\programdata\AVG2012\log\avgsched.log.5 c:\programdata\AVG2012\log\avgsched.log.6 c:\programdata\AVG2012\log\avgsched.log.lock c:\programdata\AVG2012\log\avgsrm.log c:\programdata\AVG2012\log\avgsrm.log.lock c:\programdata\AVG2012\log\avgsrmac.log c:\programdata\AVG2012\log\avgsrmac.log.lock c:\programdata\AVG2012\log\avgtdi.log c:\programdata\AVG2012\log\avgtdi.log.lock c:\programdata\AVG2012\log\avgtray_idp_hf1908.log c:\programdata\AVG2012\log\avgtray_idp_hf1908.log.lock c:\programdata\AVG2012\log\avgual.2012-07-21.log c:\programdata\AVG2012\log\avgual.log c:\programdata\AVG2012\log\avgual.log.lock c:\programdata\AVG2012\log\avgui.log c:\programdata\AVG2012\log\avgui.log.1 c:\programdata\AVG2012\log\avgui.log.lock c:\programdata\AVG2012\log\avgui_idp_hf1908.log c:\programdata\AVG2012\log\avgui_idp_hf1908.log.lock c:\programdata\AVG2012\log\avgupd.log c:\programdata\AVG2012\log\avgupd.log.1 c:\programdata\AVG2012\log\avgupd.log.lock c:\programdata\AVG2012\log\avgwd.log c:\programdata\AVG2012\log\avgwd.log.1 c:\programdata\AVG2012\log\avgwd.log.2 c:\programdata\AVG2012\log\avgwd.log.lock c:\programdata\AVG2012\log\avgwdsvc.log c:\programdata\AVG2012\log\avgwdsvc.log.lock c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.1 c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.2 c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock c:\programdata\AVG2012\log\commonpriv.log c:\programdata\AVG2012\log\commonpriv.log.lock c:\programdata\AVG2012\log\fixcfg.log c:\programdata\AVG2012\log\fixcfg.log.lock c:\programdata\AVG2012\log\history.xml c:\programdata\AVG2012\log\vault.log c:\programdata\AVG2012\log\vault.log.lock c:\programdata\AVG2012\scanlogs\I_00000001.log c:\programdata\AVG2012\scanlogs\I_00000005.log c:\programdata\AVG2012\scanlogs\srm.idx c:\programdata\Avira c:\programdata\Avira\firstlsp.reg.dat C:\TDSSKiller_Quarantine c:\tdsskiller_quarantine\22.07.2012_12.21.58\susp0000\object.ini c:\tdsskiller_quarantine\22.07.2012_12.21.58\susp0000\svc0000\object.ini c:\tdsskiller_quarantine\22.07.2012_12.21.58\susp0000\svc0000\tsk0000.dta c:\tdsskiller_quarantine\22.07.2012_12.21.58\susp0000\svc0000\tsk0000.ini c:\users\hf1908\AppData\Roaming\AVG c:\users\hf1908\AppData\Roaming\AVG\BoostSpeed\DiskDoctor.log c:\users\hf1908\AppData\Roaming\AVG\PC Tuneup\Logs\PC Tuneup_SN.log c:\users\hf1908\AppData\Roaming\AVG\PC Tuneup\User Reports\Integrator_report.html c:\users\hf1908\AppData\Roaming\AVG\PC Tuneup\User Reports\Integrator_report.xml c:\users\hf1908\AppData\Roaming\AVG\Rescue\AVG Registry Cleaner\120722182646288.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120722021544718.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120722021602183.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120722174830819.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120722174830989.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120806155145867.rsc c:\users\hf1908\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120806155145896.rsc c:\users\hf1908\AppData\Roaming\AVG\Track Eraser\TrackEraser.igl . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))) . . 2012-08-13 21:11 . 2012-08-13 21:11 -------- d-----w- c:\users\hf1908\AppData\Local\temp 2012-08-13 21:11 . 2012-08-13 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-13 20:07 . 2012-08-13 20:07 -------- d-----w- c:\program files\Enigma Software Group 2012-08-13 20:06 . 2012-08-13 20:33 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-13 20:06 . 2012-08-13 20:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-08-09 16:24 . 2012-08-09 16:24 -------- d-----w- c:\users\hf1908\AppData\Roaming\QuickScan 2012-08-06 20:27 . 2012-08-13 16:40 -------- d-----w- c:\programdata\AVAST Software 2012-08-06 20:27 . 2012-08-13 16:40 -------- d-----w- c:\program files\AVAST Software 2012-07-28 12:15 . 2012-08-07 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-28 12:15 . 2012-08-07 11:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-26 21:10 . 2012-07-26 21:10 -------- d-----w- c:\users\hf1908\AppData\Local\ASUS 2012-07-22 11:45 . 2012-07-22 11:48 -------- d-----w- c:\programdata\HitmanPro 2012-07-21 23:07 . 2012-07-21 23:07 -------- d--h--w- c:\programdata\Common Files 2012-07-21 23:07 . 2012-07-22 10:49 -------- d-----w- c:\programdata\MFAData 2012-07-17 18:24 . 2012-07-17 18:28 -------- d-----w- c:\program files\PC HealthBoost . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-13 16:33 . 2008-09-27 04:59 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-05-17 22:45 . 2012-06-14 16:12 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-14 16:12 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35 . 2012-06-14 16:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29 . 2012-06-14 16:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24 . 2012-06-14 16:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-01-13 17:37 . 2012-01-13 17:40 158566 ----a-w- c:\program files\crack64.exe 2012-01-13 17:36 . 2012-01-13 17:40 158558 ----a-w- c:\program files\crack86.exe 2012-07-18 20:48 . 2011-12-03 16:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-19 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-14 273544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection] 2012-06-04 15:41 789136 ----a-w- c:\program files\HEMA Fotoservice\dd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3654621356-790600758-1572618741-1000] "EnableNotificationsRef"=dword:00000001 . S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\hf1908\Desktop\Run\a2ddax86.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ESGIGUARD . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E8541918-22B1-4D29-9FD9-1505AA268EC6}.job - c:\windows\system32\msfeedssync.exe [2012-03-08 23:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: SYSTRAN Opzoeken - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js IE: SYSTRAN Vertalen - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - c:\users\hf1908\AppData\Roaming\Mozilla\Firefox\Profiles\31u18veu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: network.proxy.type - 4 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-13 23:11 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5664) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . Voltooingstijd: 2012-08-13 23:14:15 ComboFix-quarantined-files.txt 2012-08-13 21:14 ComboFix2.txt 2012-08-12 21:01 ComboFix3.txt 2012-08-11 22:29 ComboFix4.txt 2012-08-10 10:14 ComboFix5.txt 2012-08-13 20:41 . Pre-Run: 30.817.669.120 bytes beschikbaar Post-Run: 30.722.183.168 bytes beschikbaar . - - End Of File - - 08FBB494683BDB135BDC2C26616E9E02
-
Hallo Kape, Avast leek mij zelf ook de beste keus, dus dat wordt mijn nwe antivirusscanner. Aan de hand van het vorige logje nog bijzonderheden die ik kan uitvoeren om mijn laptop schoon te krijgen? Groet, Daniël
-
Hallo Kape, er staan inderdaad een aantal antivirusprogramma'sop mijn pc omdat ik mijn pc graag volledig wou scannen wat niet lukte, pc liep vast. Wat zou volgens jou een goed antivirusprogramma zijn? Hoe kan ik de antivirusprogramma''s het best van mijn pc halen? Graag zie hieronder het volledige combifix log (gemaakt zoals jij hebt aangegeven met CFScript). ComboFix 12-08-10.02 - hf1908 12-08-2012 22:38:42.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3062.1891 [GMT 2:00] Gestart vanuit: c:\users\hf1908\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\hf1908\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))) . . 2012-08-12 20:58 . 2012-08-12 20:58 -------- d-----w- c:\users\hf1908\AppData\Local\temp 2012-08-12 20:58 . 2012-08-12 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-09 22:40 . 2012-08-09 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-09 22:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-09 16:24 . 2012-08-09 16:24 -------- d-----w- c:\users\hf1908\AppData\Roaming\QuickScan 2012-08-09 16:13 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1E3D39E-FC80-464A-86FC-FF3F5673C04A}\gapaengine.dll 2012-08-09 16:13 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB014B3A-851A-424C-BA88-9B9D0A34710E}\mpengine.dll 2012-08-09 16:10 . 2012-08-09 16:10 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-07 11:30 . 2012-08-07 12:23 -------- d-----w- c:\programdata\Avira 2012-08-06 20:27 . 2012-08-06 22:03 -------- d-----w- c:\programdata\AVAST Software 2012-08-06 20:27 . 2012-08-06 20:27 -------- d-----w- c:\program files\AVAST Software 2012-07-28 12:15 . 2012-08-07 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-28 12:15 . 2012-08-07 11:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-26 21:10 . 2012-07-26 21:10 -------- d-----w- c:\users\hf1908\AppData\Local\ASUS 2012-07-22 11:45 . 2012-07-22 11:48 -------- d-----w- c:\programdata\HitmanPro 2012-07-22 10:23 . 2012-07-22 10:23 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-22 00:06 . 2012-07-22 00:15 -------- d-----w- c:\users\hf1908\AppData\Roaming\AVG 2012-07-21 23:10 . 2012-07-22 10:48 -------- d-----w- C:\$AVG 2012-07-21 23:10 . 2012-07-22 10:56 -------- d-----w- c:\programdata\AVG2012 2012-07-21 23:08 . 2012-08-06 15:56 -------- d-----w- c:\program files\AVG 2012-07-21 23:07 . 2012-07-21 23:07 -------- d--h--w- c:\programdata\Common Files 2012-07-21 23:07 . 2012-07-22 10:49 -------- d-----w- c:\programdata\MFAData 2012-07-17 18:24 . 2012-07-17 18:28 -------- d-----w- c:\program files\PC HealthBoost 2012-07-14 11:28 . 2012-07-14 11:28 -------- d-----w- c:\users\hf1908\AppData\Roaming\Media Center Programs 2012-07-14 09:00 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2012-07-14 09:00 . 2012-07-17 19:34 -------- d-----w- c:\windows\StartHtmico 2012-07-14 08:58 . 2005-05-07 05:00 8704 ----a-w- c:\windows\system32\CNMVS7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 59392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 20992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 140288 ----a-w- c:\windows\system32\CNMLM7C.DLL 2012-07-14 08:58 . 2005-03-08 18:17 90112 ----a-r- c:\windows\system32\CNMCP7C.exe 2012-07-14 08:58 . 2012-07-14 09:00 -------- d-----w- c:\program files\Canon 2012-07-14 08:57 . 2012-07-14 08:57 -------- d--h--w- c:\programdata\CanonBJ 2012-07-14 08:57 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-12 20:11 . 2008-09-27 04:59 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-05-17 22:45 . 2012-06-14 16:12 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-14 16:12 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35 . 2012-06-14 16:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29 . 2012-06-14 16:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24 . 2012-06-14 16:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51 . 2012-06-13 17:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-01-13 17:37 . 2012-01-13 17:40 158566 ----a-w- c:\program files\crack64.exe 2012-01-13 17:36 . 2012-01-13 17:40 158558 ----a-w- c:\program files\crack86.exe 2012-07-18 20:48 . 2011-12-03 16:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-19 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-14 273544] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection] 2012-06-04 15:41 789136 ----a-w- c:\program files\HEMA Fotoservice\dd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3654621356-790600758-1572618741-1000] "EnableNotificationsRef"=dword:00000001 . S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\hf1908\Desktop\Run\a2ddax86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E8541918-22B1-4D29-9FD9-1505AA268EC6}.job - c:\windows\system32\msfeedssync.exe [2012-03-08 23:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: SYSTRAN Opzoeken - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js IE: SYSTRAN Vertalen - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - c:\users\hf1908\AppData\Roaming\Mozilla\Firefox\Profiles\31u18veu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0416f7fa-58f4-4b07-a0fa-0d418f8a9108%7D&mid=0db5f699c59b47d0b75fd16a12f4af05-aabf401617100907e40195af112a052e6fbbe4c6&ds=AVG&v=12.1.0.20〈=nl&pr=fr&d=2012-07-22%2012%3A39%3A06&sap=ku&q= FF - prefs.js: network.proxy.type - 4 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-12 22:58 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(928) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . Voltooingstijd: 2012-08-12 23:01:31 ComboFix-quarantined-files.txt 2012-08-12 21:01 ComboFix2.txt 2012-08-11 22:29 ComboFix3.txt 2012-08-10 10:14 ComboFix4.txt 2012-07-22 11:38 . Pre-Run: 33.287.180.288 bytes beschikbaar Post-Run: 33.161.666.560 bytes beschikbaar . - - End Of File - - 430C9D07B7C6CB12867E646908C2B7A3
-
Allereerst vriendelijk bedankt voor je hulp en tijd. Ik heb de stappen zoals hiervoor beschreven uitgevoerd. Graag zie hieronder het combofix logje. PS compter loopt nog regelmatig vast en vandaag kreeg ik hierbij de volgende foutmelding, waarvan ik niet weet of het belangrijk is of niet: 'C://Users/hf1908/desktop\run\Reports verwijst naar een locatie die niet toegankelijk is. De locatie kan een vaste schijf op deze computer of in het netwerk zijn. Controleer of de schijf is geplaatst, of u verbinding met het netwerk of internet hebt en probeer het daarna opnieuw. Als u ook dan niets kan vinden, is de informatie mogelijk verplaatst of verwijderd' ComboFix 12-08-10.02 - hf1908 12-08-2012 0:07.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3062.1782 [GMT 2:00] Gestart vanuit: c:\users\hf1908\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\hf1908\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))) . . 2012-08-11 22:26 . 2012-08-11 22:26 -------- d-----w- c:\users\hf1908\AppData\Local\temp 2012-08-11 22:26 . 2012-08-11 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-11 21:58 . 2012-08-11 21:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB014B3A-851A-424C-BA88-9B9D0A34710E}\MpKslabdba389.sys 2012-08-11 21:58 . 2012-08-11 21:58 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB014B3A-851A-424C-BA88-9B9D0A34710E}\offreg.dll 2012-08-09 22:40 . 2012-08-09 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-09 22:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-09 16:24 . 2012-08-09 16:24 -------- d-----w- c:\users\hf1908\AppData\Roaming\QuickScan 2012-08-09 16:13 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1E3D39E-FC80-464A-86FC-FF3F5673C04A}\gapaengine.dll 2012-08-09 16:13 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB014B3A-851A-424C-BA88-9B9D0A34710E}\mpengine.dll 2012-08-09 16:10 . 2012-08-09 16:10 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-07 11:30 . 2012-08-07 12:23 -------- d-----w- c:\programdata\Avira 2012-08-06 20:27 . 2012-08-06 22:03 -------- d-----w- c:\programdata\AVAST Software 2012-08-06 20:27 . 2012-08-06 20:27 -------- d-----w- c:\program files\AVAST Software 2012-07-28 12:15 . 2012-08-07 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-28 12:15 . 2012-08-07 11:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-26 21:10 . 2012-07-26 21:10 -------- d-----w- c:\users\hf1908\AppData\Local\ASUS 2012-07-22 11:45 . 2012-07-22 11:48 -------- d-----w- c:\programdata\HitmanPro 2012-07-22 10:23 . 2012-07-22 10:23 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-22 00:06 . 2012-07-22 00:15 -------- d-----w- c:\users\hf1908\AppData\Roaming\AVG 2012-07-21 23:10 . 2012-07-22 10:48 -------- d-----w- C:\$AVG 2012-07-21 23:10 . 2012-07-22 10:56 -------- d-----w- c:\programdata\AVG2012 2012-07-21 23:08 . 2012-08-06 15:56 -------- d-----w- c:\program files\AVG 2012-07-21 23:07 . 2012-07-21 23:07 -------- d--h--w- c:\programdata\Common Files 2012-07-21 23:07 . 2012-07-22 10:49 -------- d-----w- c:\programdata\MFAData 2012-07-17 18:24 . 2012-07-17 18:28 -------- d-----w- c:\program files\PC HealthBoost 2012-07-14 11:28 . 2012-07-14 11:28 -------- d-----w- c:\users\hf1908\AppData\Roaming\Media Center Programs 2012-07-14 09:00 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2012-07-14 09:00 . 2012-07-17 19:34 -------- d-----w- c:\windows\StartHtmico 2012-07-14 08:58 . 2005-05-07 05:00 8704 ----a-w- c:\windows\system32\CNMVS7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 59392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 20992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 140288 ----a-w- c:\windows\system32\CNMLM7C.DLL 2012-07-14 08:58 . 2005-03-08 18:17 90112 ----a-r- c:\windows\system32\CNMCP7C.exe 2012-07-14 08:58 . 2012-07-14 09:00 -------- d-----w- c:\program files\Canon 2012-07-14 08:57 . 2012-07-14 08:57 -------- d--h--w- c:\programdata\CanonBJ 2012-07-14 08:57 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-11 18:00 . 2008-09-27 04:59 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-05-17 22:45 . 2012-06-14 16:12 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-14 16:12 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35 . 2012-06-14 16:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29 . 2012-06-14 16:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24 . 2012-06-14 16:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51 . 2012-06-13 17:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-01-13 17:37 . 2012-01-13 17:40 158566 ----a-w- c:\program files\crack64.exe 2012-01-13 17:36 . 2012-01-13 17:40 158558 ----a-w- c:\program files\crack86.exe 2012-07-18 20:48 . 2011-12-03 16:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
-
Goedemiddag Kape, ik heb de emisoft emergency kit scan uitgevoerd. Hierbij gaf hij aan dat een een aantal items niet verwijderd konden worden, die heb ik quarantaine geplaatst. Hierbij het logje: Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 11-8-2012 12:34:42 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 11-8-2012 12:35:58 c:\program files\everest poker\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-lobby\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\fonts\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\background\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\en\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\icons\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\sounds\ Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvmain.exe Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvsound.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvnetwork.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\init.ini Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\log.dat Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\settings.ini Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\casino.exe Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\cstart.exe Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvbase.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvcrt.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\everest poker.exe Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvgfx-dib.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvgfx.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-lobby\shared.gvt Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\background\default.gvt Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\check.art Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\chips.art Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\gvmain.dll Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\shared.gvt Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\button.ogg Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\carddeal.ogg Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\cardflip.ogg Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\chipclick.ogg Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\en\startup_strings.txt Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\icons\ep.ico Ontdekt: Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\sounds\alert.ogg Ontdekt: Trace.File.everestpoker!E1 Key: hkey_local_machine\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} Ontdekt: Trace.Registry.whenu.savenow!E1 Key: hkey_local_machine\software\classes\runmsc.loader\curver Ontdekt: Trace.Registry.whenu.savenow!E1 Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\everest poker Ontdekt: Trace.Registry.everestpoker!E1 Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{20edc024-43c5-423e-b7f5-fd93523e0d9f} Ontdekt: Trace.Registry.stylishprofile!E1 Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\wit4ie.dll Ontdekt: Trace.Registry.getstyles!E1 Key: hkey_current_user\software\grand virtual Ontdekt: Trace.Registry.everestpoker!E1 Key: hkey_local_machine\software\classes\appid\updatebho.dll Ontdekt: Trace.Registry.getstyles!E1 C:\Users\hf1908\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Ontdekt: Attached PE/Script!E2 C:\Users\hf1908\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap503_1229432160.gif Ontdekt: Attached PE/Script!E2 Gescand 561505 Gevonden 54 Scan geëindigd: 11-8-2012 14:10:43 Scantijd: 1:34:45 C:\Users\hf1908\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap392_1226925343.gif Verwijderd Attached PE/Script!E2 C:\Users\hf1908\AppData\Local\VirtualStore\Program Files\FTDv3.8\cache\pap503_1229432160.gif Verwijderd Attached PE/Script!E2 Key: hkey_local_machine\software\classes\appid\{20edc024-43c5-423e-b7f5-fd93523e0d9f} Verwijderd Trace.Registry.stylishprofile!E1 Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\wit4ie.dll Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\classes\appid\updatebho.dll Verwijderd Trace.Registry.getstyles!E1 Key: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\everest poker Verwijderd Trace.Registry.everestpoker!E1 Key: hkey_current_user\software\grand virtual Verwijderd Trace.Registry.everestpoker!E1 Key: hkey_local_machine\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} Verwijderd Trace.Registry.whenu.savenow!E1 Key: hkey_local_machine\software\classes\runmsc.loader\curver Verwijderd Trace.Registry.whenu.savenow!E1 c:\program files\everest poker\ Verwijderd Trace.File.everestpoker!E1 Verwijderd 13 c:\program files\everest poker\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-lobby\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\fonts\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\background\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\en\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\icons\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\sounds\ In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvmain.exe In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvsound.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvnetwork.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\init.ini In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\log.dat In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\settings.ini In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\casino.exe In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\cstart.exe In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvbase.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvcrt.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\everest poker.exe In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvgfx-dib.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvgfx.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-lobby\shared.gvt In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\background\default.gvt In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\check.art In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\chips.art In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\gvmain.dll In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\mp-poker\shared.gvt In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\button.ogg In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\carddeal.ogg In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\cardflip.ogg In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\shared\shared\sounds\chipclick.ogg In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\en\startup_strings.txt In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\icons\ep.ico In quarantaine Trace.File.everestpoker!E1 c:\program files\everest poker\data\startup\shared\sounds\alert.ogg In quarantaine Trace.File.everestpoker!E1 In quarantaine 42
-
Goedemiddag, ik heb de stappen zoals eerder uitgevoerd. Graag zie hieronder het logfile van combofix. ComboFix 12-08-09.01 - hf1908 10-08-2012 11:50:57.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3062.1868 [GMT 2:00] Gestart vanuit: c:\users\hf1908\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))) . . 2012-08-10 10:11 . 2012-08-10 10:11 -------- d-----w- c:\users\hf1908\AppData\Local\temp 2012-08-10 10:11 . 2012-08-10 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-09 22:40 . 2012-08-09 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-09 22:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-09 16:24 . 2012-08-09 16:24 -------- d-----w- c:\users\hf1908\AppData\Roaming\QuickScan 2012-08-09 16:13 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1E3D39E-FC80-464A-86FC-FF3F5673C04A}\gapaengine.dll 2012-08-09 16:13 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB014B3A-851A-424C-BA88-9B9D0A34710E}\mpengine.dll 2012-08-09 16:10 . 2012-08-09 16:10 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-07 11:30 . 2012-08-07 12:23 -------- d-----w- c:\programdata\Avira 2012-08-06 20:27 . 2012-08-06 22:03 -------- d-----w- c:\programdata\AVAST Software 2012-08-06 20:27 . 2012-08-06 20:27 -------- d-----w- c:\program files\AVAST Software 2012-07-28 12:15 . 2012-08-07 11:34 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-28 12:15 . 2012-08-07 11:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-26 21:10 . 2012-07-26 21:10 -------- d-----w- c:\users\hf1908\AppData\Local\ASUS 2012-07-22 11:45 . 2012-07-22 11:48 -------- d-----w- c:\programdata\HitmanPro 2012-07-22 10:23 . 2012-07-22 10:23 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-22 00:06 . 2012-07-22 00:15 -------- d-----w- c:\users\hf1908\AppData\Roaming\AVG 2012-07-21 23:10 . 2012-07-22 10:48 -------- d-----w- C:\$AVG 2012-07-21 23:10 . 2012-07-22 10:56 -------- d-----w- c:\programdata\AVG2012 2012-07-21 23:08 . 2012-08-06 15:56 -------- d-----w- c:\program files\AVG 2012-07-21 23:07 . 2012-07-21 23:07 -------- d--h--w- c:\programdata\Common Files 2012-07-21 23:07 . 2012-07-22 10:49 -------- d-----w- c:\programdata\MFAData 2012-07-17 18:24 . 2012-07-17 18:28 -------- d-----w- c:\program files\PC HealthBoost 2012-07-14 11:28 . 2012-07-14 11:28 -------- d-----w- c:\users\hf1908\AppData\Roaming\Media Center Programs 2012-07-14 09:00 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2012-07-14 09:00 . 2012-07-17 19:34 -------- d-----w- c:\windows\StartHtmico 2012-07-14 08:58 . 2005-05-07 05:00 8704 ----a-w- c:\windows\system32\CNMVS7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 59392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 20992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD7C.DLL 2012-07-14 08:58 . 2005-05-07 05:00 140288 ----a-w- c:\windows\system32\CNMLM7C.DLL 2012-07-14 08:58 . 2005-03-08 18:17 90112 ----a-r- c:\windows\system32\CNMCP7C.exe 2012-07-14 08:58 . 2012-07-14 09:00 -------- d-----w- c:\program files\Canon 2012-07-14 08:57 . 2012-07-14 08:57 -------- d--h--w- c:\programdata\CanonBJ 2012-07-14 08:57 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-10 09:05 . 2008-09-27 04:59 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-05-17 22:45 . 2012-06-14 16:12 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-14 16:12 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:35 . 2012-06-14 16:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-17 22:29 . 2012-06-14 16:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-17 22:24 . 2012-06-14 16:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51 . 2012-06-13 17:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-01-13 17:37 . 2012-01-13 17:40 158566 ----a-w- c:\program files\crack64.exe 2012-01-13 17:36 . 2012-01-13 17:40 158558 ----a-w- c:\program files\crack86.exe 2012-07-18 20:48 . 2011-12-03 16:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-19 4702208] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-14 273544] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection] 2012-06-04 15:41 789136 ----a-w- c:\program files\HEMA Fotoservice\dd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3654621356-790600758-1572618741-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E8541918-22B1-4D29-9FD9-1505AA268EC6}.job - c:\windows\system32\msfeedssync.exe [2012-03-08 23:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: SYSTRAN Opzoeken - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js IE: SYSTRAN Vertalen - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - c:\users\hf1908\AppData\Roaming\Mozilla\Firefox\Profiles\31u18veu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0416f7fa-58f4-4b07-a0fa-0d418f8a9108%7D&mid=0db5f699c59b47d0b75fd16a12f4af05-aabf401617100907e40195af112a052e6fbbe4c6&ds=AVG&v=12.1.0.20〈=nl&pr=fr&d=2012-07-22%2012%3A39%3A06&sap=ku&q= FF - prefs.js: network.proxy.type - 4 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109867&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - dcc6f66a00000000000000224316a923 FF - user.js: extensions.BabylonToolbar_i.hardId - dcc6f66a00000000000000224316a923 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:24 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-10 12:11 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\ADSM_PData_0150 . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2940) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . Voltooingstijd: 2012-08-10 12:14:22 ComboFix-quarantined-files.txt 2012-08-10 10:14 ComboFix2.txt 2012-07-22 11:38 . Pre-Run: 22.761.627.648 bytes beschikbaar Post-Run: 23.635.808.256 bytes beschikbaar . - - End Of File - - 2DB608E519B3C24DD1A5EEA3B9F891B1
-
Vriendelijk dank voor je hulp. Graag zie hieronder beide logjes. Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.09.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 hf1908 :: DANIELDEVRIES [administrator] 10-8-2012 0:41:30 mbam-log-2012-08-10 (00-41-30).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 184449 Verstreken tijd: 7 minuut/minuten, 46 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:52:47, on 10-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\hf1908\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: SYSTRAN Opzoeken - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Vertalen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.1.254 O15 - ESC Trusted IP range: http://192.168.1.254 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5119 bytes
-
Vriendelijk dank voor je hulp alvast. Graag zie hieronder het HiJackthis logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:27:00, on 9-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\hf1908\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: SYSTRAN Opzoeken - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Vertalen - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.1.254 O15 - ESC Trusted IP range: http://192.168.1.254 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 5495 bytes
-
Goedemiddag, mij laptop heeft denk ik een virus. De automatische updates van Windows kunnen niet ingeschakeld worden en bij een volledig scan met verschillende antivirussen (Microsoft Essentials, Antivir, Avast) loopt de computer vast. Ook start hij vanuit zichzelf soms opnieuw op. Kunnen jullie mij helpen mij laptop virusvrij te maken, zodat de automatische updates van Windows en antivirusprogramma weer functioneren? Ik heb Windows Vista x86 en heb helaas geen mogelijkheid om te upgraden naar Windows 7 omdat ik de licentiesleutel niet meer heb (het is wel een legale versie van Windows). Alvast bedankt voor jullie hulp. Groet, Daniël
