Ga naar inhoud

Computer is heel traag en blijft vasthangen na 2 minuten


Gast thesnubworld

Aanbevolen berichten

Gast thesnubworld

Hallo,

Ik starte mijn pc op en ineens ging het zwart scherm i.p.v een bureaublad...

Toen dacht ik van 'yep, ik heb een virus(sen)' dus wou ik virusesscanners opzetten.

En blijkt dat microsoft essntials ofz iets uitgeschakeld is en niet meer kan in schakelen.

en avast die stopt gewoon na 3-4 minuten met scannen maar de tijd loopt wel door van de scan?

IK vind het best irritant om hier steeds mijn problemen laten te helpen oplossen.

Daarom heb ik besloten om als dit virus eraf is op dit forum te zoeken hoe ik mijn pc terug maak en sneller maak zoals ik hem kocht 2 jaar geleden.

Ik heb al ondertussen een HiJackThis logje gemaakt:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:19:10, on 2/05/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode

Running processes:

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\windows\System32\mobsync.exe

C:\Users\Gebruiker\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Gebruiker\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [boot] C:\Users\Gebruiker\AppData\Roaming\Apple Computer\loader.jar

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe

O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--

End of file - 8941 bytes

---------- Post toegevoegd om 09:05 ---------- Vorige post was om 09:04 ----------

ooh ja hij is gemaakt in veilige modus met netwerkopdrachtpomp omdat op gewone stand van pc niet wilt openen...

Link naar reactie
Delen op andere sites

Het logje wordt nagekeken door onze malware specialisten. Even geduld.

Daarom heb ik besloten om als dit virus eraf is op dit forum te zoeken hoe ik mijn pc terug maak en sneller maak zoals ik hem kocht 2 jaar geleden.

Virussen komen echt niet zomaar op een pc. Je kan virussen op je pc krijgen door bv sex sites te bezoeken, via email-bijlagen, door lukraak websites te bezoeken en op elke link te klikken, enz...

Je kan je bewapenen tegen virussen door

- altijd de recentste virusdefintie-update te downloaden

- WOT te installeren (hier meer info)

Als je op voorrand weet dat je een gevaarlijke site gaat bezoeken, kan je Sandboxie installeren. Dat is een tijdelijke zandbox die (in theorie) geen virussen tijdens een surfsessie op je pc kan zetten. Sandboxie is hier te downloaden.

De zwakste schakel blijft de gebruiker. Dus nooit lukraak op elke link klikken. Ook bij het installeren van programma's niet te vlug op OK klikken. Als je te rap op OK klikt, mis je boodschappen zoals 'deze toolbars worden ook geïnstalleerd'. Als je niet te vlug op OK klikt, kun je die boodschap nog wegklikken. Meestal zit die optie van 'toolbars installeren' verstopt in het setupmenu. Vandaar dat je elk scherm van een installatie zeer goed moet lezen.

aangepast door Kurtt
Link naar reactie
Delen op andere sites

Gast thesnubworld

Ja inderdaad ik bezoek vaak sex-sites maar kan het niet stoppen zeg maar...

Enig idee hoe ik echt alle sex-sites kan uitzetten?

en misschien ook nog een optie is die dan permanent blijft?

Danku!

Link naar reactie
Delen op andere sites

Als je Sandboxie geinstalleerd hebt, zie je op je bureaublad een geel icoon met de naam "Sandboxed Web Browser". Dubbelklik hierop. Nu zit je in een sandbox modus en kan je elke site bezoeken zonder dat er virussen op je pc kunnen. Hoe merk je dat je in de sandbox modus zit? Bezoek een website en ga eens met je muis naar rechts bovenaan naar het rode kruisje en als er een gele rechthoek komt rondom je scherm, dan zit je nog in de sandbox modus. Dan kan er dus geen virussen op je pc komen omdat er tijdens de sandbox niets op je pc terecht kan komen. Als je gewone Internet Explorer wil starten kies je de blauwe E op je bureaublad.

Sommige virussen kunnen door de sandbox maar dit blijkt in de praktijk mee te vallen.

Opgelet: sandboxie is geen vervanger van een anti-virus programma !

Wacht echter eerst de analyse van je logje af!

aangepast door Kurtt
Link naar reactie
Delen op andere sites

Gast thesnubworld

Weet u misschien wanneer ze oplossing hebben want ik moet echt heel de tijd op veilige modus zitten?

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast thesnubworld

ComboFix 12-05-03.01 - Gebruiker 03/05/2012 14:24:05.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3037.1680 [GMT 2:00]

Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Complitly

c:\program files\Complitly\chrome\ComplitlyChrome.crx

c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe

c:\program files\Complitly\FireFoxUninstaller.exe

c:\program files\Complitly\InstTracker.exe

c:\program files\Complitly\support@Complitly.com\chrome.manifest

c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png

c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files\Complitly\support@Complitly.com\install.rdf

c:\program files\Complitly\System.Data.SQLite.dll

c:\program files\Complitly\unins000.dat

c:\program files\Complitly\unins000.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-03 to 2012-05-03 ))))))))))))))))))))))))))))))

.

.

2012-05-03 12:34 . 2012-05-03 12:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-05-03 12:34 . 2012-05-03 12:34 -------- d-----w- c:\users\Gast\AppData\Local\temp

2012-05-03 12:34 . 2012-05-03 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-03 12:34 . 2012-05-03 12:34 -------- d-----w- c:\users\Andere gebruiker\AppData\Local\temp

2012-05-03 12:19 . 2012-05-03 12:19 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{982A0F94-359D-4A7D-94B0-0C975C6882B8}\MpKsl0748ed99.sys

2012-05-03 12:19 . 2012-05-03 12:19 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{982A0F94-359D-4A7D-94B0-0C975C6882B8}\offreg.dll

2012-05-03 11:03 . 2012-05-03 11:03 -------- d-----w- c:\program files\Sandboxie

2012-04-30 14:22 . 2012-04-13 07:36 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{982A0F94-359D-4A7D-94B0-0C975C6882B8}\mpengine.dll

2012-04-29 12:23 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-29 12:23 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-04-29 12:23 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-29 12:23 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-29 12:23 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-29 12:23 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-29 11:23 . 2012-04-29 11:23 -------- d-----w- c:\users\Gebruiker\AppData\Local\VS Revo Group

2012-04-29 11:23 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-04-29 11:23 . 2012-04-29 11:23 -------- d-----w- c:\program files\VS Revo Group

2012-04-28 15:25 . 2012-04-28 15:25 -------- d-----w- c:\users\Gebruiker\UnDoneX_v3

2012-04-12 13:05 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-12 13:05 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-12 13:05 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-12 13:05 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-04-12 13:05 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-12 13:05 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-04-12 13:04 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-12 13:04 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-11 12:10 . 2012-04-11 12:10 188824 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\expapply.dll

2012-04-11 12:10 . 2012-04-11 12:10 429864 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\AoeOnlinePatch.dll

2012-04-11 12:10 . 2012-04-11 12:10 2629928 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\AoeOnlineDlg.dll

2012-04-11 12:10 . 2012-04-11 12:10 188824 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\expapply.dll

2012-04-11 12:10 . 2012-04-11 12:10 152872 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AOEOnlineReplace.exe

2012-04-11 12:10 . 2012-04-11 12:10 429864 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlinePatch.dll

2012-04-11 12:10 . 2012-04-11 12:10 2629928 ----a-w- c:\program files\Microsoft Games\Age of Empires Online\patchTemp\AoeOnlineDlg.dll

2012-04-10 12:13 . 2012-04-10 12:13 -------- d-----w- c:\users\Gebruiker\cx_cache

2012-04-09 21:23 . 2012-04-09 21:42 -------- d-----w- c:\users\Gebruiker\.gimp-2.6

2012-04-09 18:21 . 2012-04-09 18:21 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\EpicBot

2012-04-09 18:17 . 2012-04-09 18:17 -------- d-----w- c:\program files\EpicBot

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 07:36 . 2012-03-29 17:43 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-04 13:56 . 2011-03-09 16:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-28 08:10 . 2012-03-28 08:10 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{943510D5-44B2-4C4F-BFC2-751928CAAC4A}\gapaengine.dll

2012-03-20 18:44 . 2012-03-20 18:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-16 15:35 . 2011-05-23 19:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-14 02:15 . 2012-03-28 06:26 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E27248E-288D-4764-8510-55D7F2D1B666}\mpengine.dll

2012-03-03 09:19 . 2010-06-25 07:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-23 08:18 . 2010-06-29 09:56 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 05:34 . 2012-03-19 16:40 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14 . 2012-03-19 16:40 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13 . 2012-03-19 16:40 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 05:38 . 2012-03-20 12:28 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-04-21 01:18 . 2012-05-03 11:02 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Gebruiker\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Boot"="c:\users\Gebruiker\AppData\Roaming\Apple Computer\loader.jar" [2012-04-12 81049]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]

"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 13834856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2011-09-24 86016]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 358472]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 1809992]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 3649096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-8-16 2589808]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]

R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 135664]

R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [x]

R3 cpuz134;cpuz134;c:\users\GEBRUI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 135664]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2011-09-29 21632]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-19 3595660]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-01 34384]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 MpKsl0748ed99;MpKsl0748ed99;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{982A0F94-359D-4A7D-94B0-0C975C6882B8}\MpKsl0748ed99.sys [2012-05-03 29904]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSL0748ED99

*NewlyCreated* - SBIEDRV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 12:16]

.

2012-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-15 12:16]

.

2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918549753-1553974762-1166484144-1000Core.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 12:15]

.

2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1918549753-1553974762-1166484144-1000UA.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 12:15]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\efipz907.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,

0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ac,f3,ae,49,fc,20,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,23,2f,7d,10,d2,6a,4d,9c,82,93,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,23,2f,7d,10,d2,6a,4d,9c,82,93,\

.

[HKEY_USERS\S-1-5-21-1918549753-1553974762-1166484144-1000\Software\SecuROM\License information*]

"datasecu"=hex:cc,21,88,ee,f4,cd,fb,14,24,4c,b2,a3,03,8b,3f,ca,00,db,5a,d7,15,

0d,fd,da,7d,8e,31,27,8c,ce,86,0d,39,15,a7,c7,82,08,da,55,82,e3,70,bf,98,9a,\

"rkeysecu"=hex:23,77,f6,77,a6,f4,aa,19,ca,b1,3b,4c,bc,73,6a,9f

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-05-03 14:36:42

ComboFix-quarantined-files.txt 2012-05-03 12:36

ComboFix2.txt 2012-04-13 10:35

.

Pre-Run: 181.970.714.624 bytes beschikbaar

Post-Run: 182.660.911.104 bytes beschikbaar

.

- - End Of File - - FEDB2E0314CACD2C697238109E7037E6

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.