Ga naar inhoud

Rickolomeus

Lid
  • Items

    8
  • Registratiedatum

  • Laatst bezocht

Rickolomeus's prestaties

  1. Dit ga ik z.s.m. proberen, hopelijk vandaag, anders morgen (ivm werk). Zodra het probleemloos verlopen is zet ik het onderwerp op "Opgelost". Sowiezo hartelijk dank voor de snelle en duidelijke hulp!
  2. # AdwCleaner v3.004 - Report created 13/09/2013 at 22:02:53 # Updated 15/09/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Mams - GREYHOUND # Running from : C:\Users\Mams\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\Mams\AppData\Roaming\Mozilla\Firefox\Profiles\f6w355vp.default\searchplugins\Askcom.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Mozilla Firefox v11.0 (nl) [ File : C:\Users\Mams\AppData\Roaming\Mozilla\Firefox\Profiles\f6w355vp.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Mams\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1577 octets] - [13/09/2013 22:00:24] AdwCleaner[s0].txt - [1514 octets] - [13/09/2013 22:02:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1574 octets] ##########
  3. Heb de computer zojuist opgestart in normale modus, ik krijg geen aanduidingen van de worm. Durf nog niet te juichen, maar het lijkt tot nu toe goed!
  4. ComboFix 13-09-14.01 - Mams 12-09-2013 23:30:39.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2046.1598 [GMT 2:00] Gestart vanuit: c:\users\Mams\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Mams\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))) . . 2013-09-12 21:38 . 2013-09-12 21:38 -------- d-----w- c:\users\Mams\AppData\Local\temp 2013-09-12 21:38 . 2013-09-12 21:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-09-12 21:38 . 2013-09-12 21:38 -------- d-----w- c:\users\gebruiker\AppData\Local\temp 2013-09-12 21:38 . 2013-09-12 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\users\Mams\AppData\Roaming\Malwarebytes 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\programdata\Malwarebytes 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-10 19:58 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-10 19:27 . 2013-09-10 19:50 -------- d-----w- C:\hijackthis 2013-09-08 09:10 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D804494-63ED-4B85-85D2-2B4ACF3BD913}\mpengine.dll 2013-08-28 11:36 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-24 14:04 . 2013-08-24 14:04 -------- d-----w- c:\users\Mams\AppData\Roaming\Avira 2013-08-24 13:57 . 2013-08-24 13:57 -------- d-----w- c:\programdata\Avira(1) 2013-08-24 13:57 . 2013-08-24 13:57 -------- d-----w- c:\program files\Avira(0) 2013-08-15 09:49 . 2013-08-15 09:52 -------- d-----w- c:\windows\system32\MRT 2013-08-14 09:45 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 09:45 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 09:45 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 09:45 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 09:45 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 09:45 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 09:45 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 09:45 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 09:45 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 09:45 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 09:45 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 09:45 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-09 18:05 . 2012-04-02 08:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-09 18:05 . 2011-06-01 16:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-07 13:10 . 2010-08-14 12:52 5590 --sha-w- c:\programdata\KGyGaAvL.sys 2013-08-07 02:22 . 2009-10-03 00:09 238872 ------w- c:\windows\system32\MpSigStub.exe 2012-03-13 04:38 . 2012-03-17 16:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-21 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-11-30 380928] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496] . c:\users\Mams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:05] . 2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 12:24] . 2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 12:24] . 2013-09-09 c:\windows\Tasks\User_Feed_Synchronization-{686EBC25-3C96-48AE-84B4-59C4C225660A}.job - c:\windows\system32\msfeedssync.exe [2011-07-02 10:23] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://nl.yahoo.com/?p=us IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 FF - ProfilePath - c:\users\Mams\AppData\Roaming\Mozilla\Firefox\Profiles\f6w355vp.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://nl.yahoo.com/?p=us FF - ExtSQL: !HIDDEN! 2009-06-25 07:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . HKLM-RunOnce-<NO NAME> - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-09-12 23:38 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-09-12 23:39:52 ComboFix-quarantined-files.txt 2013-09-12 21:39 ComboFix2.txt 2013-09-12 17:50 . Pre-Run: 41.300.549.632 bytes beschikbaar Post-Run: 41.231.323.136 bytes beschikbaar . - - End Of File - - 114B70931D91741FEDC8EA10DE828EAB 5C616939100B85E558DA92B899A0FC36
  5. ComboFix 13-09-13.03 - Mams 12-09-2013 19:42:55.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2046.1538 [GMT 2:00] Gestart vanuit: c:\users\Mams\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\8848830E70.sys c:\users\Mams\chrome.exe c:\users\Mams\flashplayer.exe c:\users\Mams\msconfig.exe c:\windows\IsUn0413.exe c:\windows\iun6002.exe c:\windows\system32\tmp648D.tmp c:\windows\system32\tmp64BD.tmp c:\windows\system32\tmp8787.tmp c:\windows\system32\tmp87A7.tmp c:\windows\system32\tmpC601.tmp c:\windows\system32\tmpC650.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))) . . 2013-09-12 17:48 . 2013-09-12 17:49 -------- d-----w- c:\users\Mams\AppData\Local\temp 2013-09-12 17:48 . 2013-09-12 17:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-09-12 17:48 . 2013-09-12 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\users\Mams\AppData\Roaming\Malwarebytes 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\programdata\Malwarebytes 2013-09-10 19:58 . 2013-09-10 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-09-10 19:58 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-09-10 19:27 . 2013-09-10 19:50 -------- d-----w- C:\hijackthis 2013-09-08 09:10 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D804494-63ED-4B85-85D2-2B4ACF3BD913}\mpengine.dll 2013-08-28 11:36 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-24 14:04 . 2013-08-24 14:04 -------- d-----w- c:\users\Mams\AppData\Roaming\Avira 2013-08-24 13:57 . 2013-08-24 13:57 -------- d-----w- c:\programdata\Avira(1) 2013-08-24 13:57 . 2013-08-24 13:57 -------- d-----w- c:\program files\Avira(0) 2013-08-15 09:49 . 2013-08-15 09:52 -------- d-----w- c:\windows\system32\MRT 2013-08-14 09:45 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 09:45 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 09:45 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 09:45 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 09:45 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 09:45 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 09:45 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 09:45 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 09:45 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 09:45 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 09:45 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 09:45 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-09 18:05 . 2012-04-02 08:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-09 18:05 . 2011-06-01 16:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-07 13:10 . 2010-08-14 12:52 5590 --sha-w- c:\programdata\KGyGaAvL.sys 2013-08-07 02:22 . 2009-10-03 00:09 238872 ------w- c:\windows\system32\MpSigStub.exe 2012-03-13 04:38 . 2012-03-17 16:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-21 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-11-30 380928] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040] "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496] . c:\users\Mams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:05] . 2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 12:24] . 2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-21 12:24] . 2013-09-09 c:\windows\Tasks\User_Feed_Synchronization-{686EBC25-3C96-48AE-84B4-59C4C225660A}.job - c:\windows\system32\msfeedssync.exe [2011-07-02 10:23] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://nl.yahoo.com/?p=us IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 FF - ProfilePath - c:\users\Mams\AppData\Roaming\Mozilla\Firefox\Profiles\f6w355vp.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://nl.yahoo.com/?p=us FF - ExtSQL: !HIDDEN! 2009-06-25 07:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-09-12 19:49 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-09-12 19:50:32 ComboFix-quarantined-files.txt 2013-09-12 17:50 . Pre-Run: 40.909.160.448 bytes beschikbaar Post-Run: 41.122.676.736 bytes beschikbaar . - - End Of File - - 46EA71A897128CEEA57C94E2FDA4EF52 5C616939100B85E558DA92B899A0FC36
  6. Aanvullend probleem bij het aanpakken van de verouderde Java: "Windows Installer: Kan geen toegang krijgen tot de Windows Installer-service. Dit kan optreden als de Windows Installer onjuist is geïnstalleerd. Neem contact op met het ondersteunend personeel voor hulp."
  7. Bedankt voor de reactie! Bij deze het resultaat van de Malwarebytes scan: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.09.12.09 Windows Vista Service Pack 2 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Mams :: GREYHOUND [administrator] 12-9-2013 17:08:28 mbam-log-2013-09-12 (17-08-28).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 267890 Verstreken tijd: 6 minuut/minuten, 6 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Malware.Packer.NR) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Internet Security (Trojan.FakeAV) -> Data: C:\Users\Mams\AppData\Roaming\meprotection.exe -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 3 C:\Program Files\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Error Repair Professional\Backups (Rogue.ErrorRepairProfessional) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Error Repair Professional\startbug (Rogue.ErrorRepairProfessional) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 4 C:\Users\Mams\AppData\Roaming\meprotection.exe (Trojan.FakeAV) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Mams\AppData\Local\Temp\15E3.tmp (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Mams\AppData\Local\Temp\2CF.tmp (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Mams\googleupdate.exe (Malware.Packer.NR) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
  8. Goedenavond allen, Sinds dinsdag 10-9 is mijn computer getroffen door een W32 Blaster Worm. Toevallig zag ik op het forum dat er nog iemand op die dag is getroffen en snel door jullie, experts, is geholpen. Bij deze wil ik jullie hulp ook inschakelen. Om überhaupt iets uit te kunnen voeren start ik de computer steeds in veilige modus met netwerkmogelijkheden op. De eerste stap die steeds wordt aangeraden is het uitvoeren van een Hijackthis scan. Onderstaande betreft het resultaat: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:29:54, on 10-9-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16502) FIREFOX: 11.0 (nl) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [internet Security] C:\Users\Mams\AppData\Roaming\meprotection.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8363 bytes Alvast bedankt voor jullie hulp!
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.