Ga naar inhoud

SR59230A

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    10

  • Registratiedatum

  • Laatst bezocht

SR59230A's prestaties

Groentje

Groentje (2/14)

  • Actief
  • Eerste post
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. SR59230A
    ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Users\Ruben\AppData\Local\Babylon Map Verwijdert : C:\Users\Ruben\AppData\Roaming\Babylon ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\Software\Conduit ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [1144 octets] - [14/12/2012 16:01:59] ########## EOF - C:\AdwCleaner[s1].txt - [1204 octets] ##########
  2. SR59230A
    Alleen het zwarte scherm (met cursor) bij het opstarten blijft gedurende enkele minuten aanhouden. Voor de rest functioneert alles prima.
  3. SR59230A
    Mijn excuses voor het late antwoord. Na het scannen (i.e. grofweg 7u) werd geen enkel bestand gevonden. Nadat de scan trachtte ik op 'Rapportage lijst opslaan' te klikken, doch was deze optie niet (meer) beschikbaar? Mvg SR59230A
  4. SR59230A
    Beste, Alle bestanden met een naam bestaande uit een willekeurige cijfer-/lettercombinatie zijn inmiddels verwijderd. Helaas is nog geen verbetering waar te nemen. Mvg, SR59230A
  5. SR59230A
    Een poging tot systeemherstel werd reeds ondernomen op de dag dat ik kaspersky liet runnen, maar er verscheen steeds een foutmelding dat deze niet door kon gaan. En nu staat er geen herstelpunt meer bij dat oud genoeg (i.e. voor de feiten) is. Combofix logje, na de reset: ComboFix 12-11-08.01 - Ruben 08/11/2012 15:48:57.7.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3014.1815 [GMT 1:00] Gestart vanuit: c:\users\Ruben\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ruben\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\program files\GUM1E87.tmp" "c:\windows\system32\XDva397.sys" "c:\windows\xhunter1.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_XDVA397 -------\Legacy_XHUNTER1 -------\Service_XDva397 -------\Service_xhunter1 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))) . . 2012-11-08 14:53 . 2012-11-08 14:53 -------- d-----w- c:\users\user\AppData\Local\temp 2012-11-08 14:53 . 2012-11-08 14:53 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-08 14:53 . 2012-11-08 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-08 14:53 . 2012-11-08 14:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-06 16:42 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69F7CA13-C4CA-49E4-834C-D2559AF816A3}\mpengine.dll 2012-11-01 22:10 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-01 22:10 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-01 22:10 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-01 22:10 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-01 22:10 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-01 22:10 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-01 22:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-01 22:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-01 22:10 . 2012-11-01 22:10 -------- d-----w- c:\programdata\AVAST Software 2012-11-01 22:10 . 2012-11-01 22:10 -------- d-----w- c:\program files\AVAST Software 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----w- c:\program files\Common Files\Skype 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----r- c:\program files\Skype 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----w- c:\program files\GUM1E87.tmp 2012-11-01 22:03 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\AppData\Roaming\Wise Registry Cleaner 2012-11-01 22:02 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\AppData\Roaming\Wise Disk Cleaner 2012-11-01 22:01 . 2012-11-01 22:05 -------- d-----w- c:\users\Ruben\Wise Registry Cleaner 2012-11-01 22:01 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\Wise Disk Cleaner 2012-11-01 21:18 . 2012-11-08 14:55 -------- d-----w- c:\users\Ruben\AppData\Local\temp 2012-11-01 20:37 . 2012-11-01 21:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-10-31 23:32 . 2012-10-31 23:32 95744 ----a-w- c:\windows\system32\rnpasswd.exe 2012-10-27 21:32 . 2012-10-27 21:32 -------- d-sh--w- c:\users\Ruben\wc 2012-10-27 21:32 . 2012-10-27 21:32 -------- d-sh--w- c:\users\Ruben\AppData\Roaming\ViperUpdate AU 2012-10-27 21:29 . 2012-10-27 21:29 -------- d-----w- c:\program files\All Answers Ltd 2012-10-21 13:05 . 2012-10-21 13:05 -------- d-----w- c:\users\Ruben\AppData\Roaming\ICAClient 2012-10-21 13:05 . 2012-10-21 13:05 -------- d-----w- c:\users\Ruben\AppData\Local\Citrix 2012-10-21 13:04 . 2012-10-21 13:04 -------- d-----w- c:\program files\Citrix 2012-10-10 17:22 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 17:22 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 17:22 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 17:22 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-29 18:54 . 2012-02-08 21:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 20:49 . 2012-09-11 20:49 16304 ------w- c:\windows\system32\apl003.sys 2012-09-11 20:49 . 2012-09-11 20:49 13232 ------w- c:\windows\system32\apf003.sys 2012-09-11 18:23 . 2012-03-18 21:48 140480 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-09-11 18:23 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-09-11 18:23 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-09-11 15:40 . 2012-03-18 21:47 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-09-11 15:39 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-09-11 15:31 . 2012-08-12 12:19 138056 ----a-w- c:\users\Ruben\AppData\Roaming\PnkBstrK.sys 2012-08-24 06:59 . 2012-09-25 22:30 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-25 22:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-25 22:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-25 22:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-25 22:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-25 22:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16 . 2012-09-25 21:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-25 21:39 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-25 21:39 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-25 21:39 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-25 21:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-12 12:19 . 2012-08-12 12:19 682280 ----a-w- c:\windows\system32\pbsvc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2010-11-24 94264] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2010-11-15 13880] "HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2010-11-18 65024] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-12 283160] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-11-21 12270080] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uhasselt Theme"="c:\windows\resources\themes\uhasselt.theme" [X] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ firstrun.bat [2011-6-16 132] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-07-28 01:09 4272064 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 apf003;apf003;c:\windows\system32\apf003.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x] S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] S2 uArcCapture;ArcCapture;c:\windows\system32\ArcVCapRender\uArcCapture.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] S2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 08:36 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811656452-541211027-1334658650-1007Core.job - c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 11:18] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811656452-541211027-1334658650-1007UA.job - c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 11:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ua.ac.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: line6.net Trusted Zone: soe.com Trusted Zone: sony.com . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-CitrixOnlinePluginPackWeb - c:\programdata\Citrix\Citrix online plug-in - web\TrolleyExpress.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(668) c:\windows\system32\DPFPApi.DLL . - - - - - - - > 'Explorer.exe'(5920) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Citrix\ICA Client\wfcrun32.exe . ************************************************************************** . Voltooingstijd: 2012-11-08 15:57:16 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-08 14:57 ComboFix2.txt 2012-11-05 20:25 ComboFix3.txt 2012-11-04 23:11 ComboFix4.txt 2012-11-01 21:23 ComboFix5.txt 2012-11-08 14:47 . Pre-Run: 33.908.813.824 bytes beschikbaar Post-Run: 33.820.495.872 bytes beschikbaar . - - End Of File - - 3D27958B0D4D54D04C2D544D16AF75F6
  6. SR59230A
    Ik vrees dat ik die logs nooit heb opgeslagen, gezien ik me op dat moment van geen (extra) kwaad bewust was. Mijn excuses. Is het misschien mogelijk dat er zaken in register-editor zijn aangepast door dat virus?
  7. SR59230A
    Hieronder zijn de logjes. Het zwarte scherm bij opstarten is overigens niet aanwezig in veilige modus. Mallwarebytes log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.04.05 Windows 7 Service Pack 1 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Ruben :: RUBEN-PC [administrator] 5/11/2012 21:26:32 mbam-log-2012-11-05 (21-26-32).txt Scantype: Volledige scan (C:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 377483 Verstreken tijd: 8 minuut/minuten, 40 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) ComboFix log ComboFix 12-11-05.03 - Ruben 05/11/2012 21:20:37.6.4 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3014.1938 [GMT 1:00] Gestart vanuit: c:\users\Ruben\Downloads\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))) . . 2012-11-05 20:24 . 2012-11-05 20:24 -------- d-----w- c:\users\user\AppData\Local\temp 2012-11-05 20:24 . 2012-11-05 20:24 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-05 20:24 . 2012-11-05 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-05 20:24 . 2012-11-05 20:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-02 19:03 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51E34608-1BD4-45C8-A6AA-1FCC6F48F4FE}\mpengine.dll 2012-11-01 22:10 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-01 22:10 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-01 22:10 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-01 22:10 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-01 22:10 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-01 22:10 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-01 22:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-01 22:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-01 22:10 . 2012-11-01 22:10 -------- d-----w- c:\programdata\AVAST Software 2012-11-01 22:10 . 2012-11-01 22:10 -------- d-----w- c:\program files\AVAST Software 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----w- c:\program files\Common Files\Skype 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----r- c:\program files\Skype 2012-11-01 22:09 . 2012-11-01 22:09 -------- d-----w- c:\program files\GUM1E87.tmp 2012-11-01 22:03 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\AppData\Roaming\Wise Registry Cleaner 2012-11-01 22:02 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\AppData\Roaming\Wise Disk Cleaner 2012-11-01 22:01 . 2012-11-01 22:05 -------- d-----w- c:\users\Ruben\Wise Registry Cleaner 2012-11-01 22:01 . 2012-11-01 22:03 -------- d-----w- c:\users\Ruben\Wise Disk Cleaner 2012-11-01 21:18 . 2012-11-05 20:24 -------- d-----w- c:\users\Ruben\AppData\Local\temp 2012-11-01 20:37 . 2012-11-01 21:48 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-10-31 23:32 . 2012-10-31 23:32 95744 ----a-w- c:\windows\system32\rnpasswd.exe 2012-10-27 21:32 . 2012-10-27 21:32 -------- d-sh--w- c:\users\Ruben\wc 2012-10-27 21:32 . 2012-10-27 21:32 -------- d-sh--w- c:\users\Ruben\AppData\Roaming\ViperUpdate AU 2012-10-27 21:29 . 2012-10-27 21:29 -------- d-----w- c:\program files\All Answers Ltd 2012-10-21 13:05 . 2012-10-21 13:05 -------- d-----w- c:\programdata\Citrix 2012-10-21 13:05 . 2012-10-21 13:05 -------- d-----w- c:\users\Ruben\AppData\Roaming\ICAClient 2012-10-21 13:05 . 2012-10-21 13:05 -------- d-----w- c:\users\Ruben\AppData\Local\Citrix 2012-10-21 13:04 . 2012-10-21 13:04 -------- d-----w- c:\program files\Citrix 2012-10-10 17:22 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 17:22 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-10 17:22 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 17:22 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-29 18:54 . 2012-02-08 21:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 20:49 . 2012-09-11 20:49 16304 ------w- c:\windows\system32\apl003.sys 2012-09-11 20:49 . 2012-09-11 20:49 13232 ------w- c:\windows\system32\apf003.sys 2012-09-11 18:23 . 2012-03-18 21:48 140480 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-09-11 18:23 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-09-11 18:23 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-09-11 15:40 . 2012-03-18 21:47 76888 ----a-w- c:\windows\system32\PnkBstrA.exe 2012-09-11 15:39 . 2012-03-18 21:47 298016 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-09-11 15:31 . 2012-08-12 12:19 138056 ----a-w- c:\users\Ruben\AppData\Roaming\PnkBstrK.sys 2012-08-24 06:59 . 2012-09-25 22:30 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 06:51 . 2012-09-25 22:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 06:51 . 2012-09-25 22:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 06:47 . 2012-09-25 22:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 06:47 . 2012-09-25 22:30 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 06:43 . 2012-09-25 22:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-22 17:16 . 2012-09-25 21:39 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 17:16 . 2012-09-25 21:39 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 17:16 . 2012-09-25 21:39 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 17:16 . 2012-09-25 21:39 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 20:12 . 2012-09-25 21:39 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-12 12:19 . 2012-08-12 12:19 682280 ----a-w- c:\windows\system32\pbsvc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPConnectionManager"="c:\program files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2010-11-24 94264] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2010-11-15 13880] "HPQuickWebProxy"="c:\program files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2010-11-18 65024] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-12 283160] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-11-21 12270080] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uhasselt Theme"="c:\windows\resources\themes\uhasselt.theme" [X] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ firstrun.bat [2011-6-16 132] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2012-08-29 10:03 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-07-28 01:09 4272064 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe [x] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x] R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] R2 uArcCapture;ArcCapture;c:\windows\system32\ArcVCapRender\uArcCapture.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] R2 WMCoreService;Mobile Broadband Service;c:\program files\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 apf003;apf003;c:\windows\system32\apf003.sys [x] R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 08:36 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811656452-541211027-1334658650-1007Core.job - c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 11:18] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-811656452-541211027-1334658650-1007UA.job - c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 11:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ua.ac.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: line6.net Trusted Zone: soe.com Trusted Zone: sony.com . - - - - ORPHANS VERWIJDERD - - - - . HKLM-RunOnce-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'lsass.exe'(532) c:\windows\system32\DPFPApi.DLL . Voltooingstijd: 2012-11-05 21:25:40 ComboFix-quarantined-files.txt 2012-11-05 20:25 ComboFix2.txt 2012-11-04 23:11 ComboFix3.txt 2012-11-01 21:23 ComboFix4.txt 2012-07-04 20:01 ComboFix5.txt 2012-11-05 20:20 . Pre-Run: 32.918.245.376 bytes beschikbaar Post-Run: 32.962.088.960 bytes beschikbaar . - - End Of File - - A0AB86F19692BFA7E4636D7B2F96E064
  8. SR59230A
    1) Opgelopen nadat ik een map voor Minecraft poogde te downloaden. Via Ad.fly omgeleid, waarna de laptop meteen uitviel. Na het heropstarten verscheen de fictieve Sabammelding. 2) Kaspersky rescue disk, ComboFix en vervolgens Malwarebytes. Mvg, SR59230A
  9. SR59230A
    Ik heb de instructies zonet uitgevoerd. 'gzyjhrk' is inmiddels verwijderd, maar helaas heeft dit het probleem niet verholpen. Mvg, SR59230A
  10. SR59230A
    Beste, Dit forum is volkomen nieuw voor me. De kans dat mijn beschrijving onvolledig is, is dus vrijwel groot. Mijn excuses bij voorbaat. Enkele dagen geleden kreeg ik te maken met het (blijkbaar hardnekkige) Sabam/Ukash virus. Na enig sleutelwerk is het wel gelukt dit virus te verwijderen (vermoed ik?), doch functioneert mijn laptop allerminst optimaal. Volgende hekelpunten zijn nog steeds duidelijk op te merken: - Altijd: Zwart scherm voor het opstarten (ca. 5 minuten alvorens het login-scherm verschijnt); - Altijd: Scrollbar van de touchpad werkt nietmeer; - Soms: Bij het aanvinken van 'energiebesparing' wijzigt de helderheid zich niet (hetgeen vroeger natuurlijk wel het geval was); - Soms: Webcam blijkt niet te werken; - ... Hieronder vinden jullie tevens een hijack-logje. Hopelijk weet iemand hier raad mee. Dank bij voorbaat. Met vriendelijke groet, SR59230A ______________________________________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:14, on 5/11/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Ruben\Downloads\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = universiteit antwerpen - uaHome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-18\..\RunOnce: [uhasselt Theme] c:\windows\resources\themes\uhasselt.theme (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [uhasselt Theme] c:\windows\resources\themes\uhasselt.theme (User 'Default user') O4 - .DEFAULT User Startup: firstrun.bat (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.line6.net O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - C:\Windows\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Remote Procedure Call (RPC) Service (gzyjhrk) - Unknown owner - C:\Users\Ruben\AppData\Roaming\Microsoft\Ixaixlns\ixaixlns.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Passwdrenew - Unknown owner - C:\Windows\System32\rnpasswd.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\system32\ArcVCapRender\uArcCapture.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem -- End of file - 12267 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.