Ga naar inhoud

Computer crasht...een virusje onder de leden?


Aanbevolen berichten

Ik heb de post verkeerd neergezet en bij deze nog even hier geplaatst. Ik heb sinds gisteren te maken met een hardnekkig virus, denk ik. Bij internetgebruik crasht mijn computer na een tijdje en krijg ik een blauw scherm. Ik kan daarna niets meer. Ik werk nu in de veilige modus en dat gaat eventjes goed. Na een tijdje loopt hij hier ook vast. MBAM proberen uit te voeren, maar loopt na een paar seconden vast. Hijack this Logje wel kunnen maken en kun je hieronder zien. Ik hoop dat iemand me kan helpen en alvast bij voorbaat dank voor de hulp!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 18:32:34, on 23-7-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19190)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://citrix.humanitas-dmh.nl/CitrixLogonPoint/HDMH/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CACC548F-00FA-49A7-AD3D-735344428CF7}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10661 bytes

Link naar reactie
Delen op andere sites

  • Reacties 40
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Ok hier mijn log met de nieuwe versie:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:29:49, on 23-7-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19190)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Jasper\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://citrix.humanitas-dmh.nl/CitrixLogonPoint/HDMH/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CACC548F-00FA-49A7-AD3D-735344428CF7}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10919 bytes

Link naar reactie
Delen op andere sites

Alvast geen aanduidingen van een virus in dit logje. Even dit uitvoeren :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Ik weet niet wat er gebeurd is, maar combofix heeft voor een probleempje gezorgd. Ik dacht avast! Afgesloten te hebben, maar bleek niet het geval. Hierdoor kreeg ik een melding om dit programma af te sluiten, maar lukte niet. Vervolgens liep de pc weer vast. Daarna opnieuw opgestart en kreeg ik opeens de melding dat mijn licentie voor Windows vista verlopen is. Online licentie geprobeerd en leek te werken, maar daarna ging pc raar doen en gaf melding dat deze licentie niet legitiem is. Probleem is dat ik geen product ode meer kan vinden.. Net mijn hele kelder overhoop gehaald, maar zonder resultaat. Ik kan nu niet meer internetten. Loopt constant vast. Weet nu niet meer wat te doen. Kan ook niet meer in veilige modus, omdat de licentie niet goed is...drama... Suggesties?

Link naar reactie
Delen op andere sites

Normaal gesproken niet nee, maar momenteel gaat niets normaal met mijn computer. Op zich kom ik er nu wel weer in, al geeft hij nog wel een melding dat het geen legitieme versie van Vista is, maar ik kan wel weer combofix opstarten en beginnen met uitvoeren. Gisteren heb ik het programma proberen uit te voeren, maar lukte niet helemaal. Hij bleef hangen bij het scannen van de computer. Hij geeft aan normaal 10 minuten wachten en bij ernstige besmetting het dubbele, maar ik heb 45 minuten gewacht, maar er gebeurde helemaal niets. Toen ik iets anders wilde aanklikken, liep de computer gelijk weer vast. Ben dus nog niets verder gekomen. Sticktertje overigens niet gevonden. Ik heb hem laten installeren bij een computerzaak en die hebben de cd nooit meegeleverd en daarbij dus blijkbaar ook geen stickertje geplakt.... Lekker handig. Heb je nog suggesties wat ik zou kunnen doen? Dat vastlopen is het grootste probleem. Hierdoor kan mijn computer niets afmaken. Hijack this lukt nog wel, omdat dit snel gaat, maar langzamere programma's is een drama...

Bedankt overigens weer voor je hulp!

Link naar reactie
Delen op andere sites

Het is toch gelukt in de veilige modus! Valt ook niet meer zo snel uit. Nu even snel posten, want computer is nog erg traag:

ComboFix 12-07-25.04 - Jasper 24-07-2012 22:04:11.2.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3326.2778 [GMT 2:00]

Gestart vanuit: c:\users\Jasper\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\TEMP

.

---- Voorgaande Run -------

.

c:\programdata\1df6ed4b-fe89-47e0-9ab7-08fc2de77309.ico

c:\programdata\24F8DF5A8E.sys

c:\users\Jasper\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll

c:\users\Jasper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Center.lnk

c:\users\Jasper\AppData\Roaming\vso_ts_preview.xml

c:\windows\IsUn0413.exe

c:\windows\iun6002.exe

c:\windows\security\Database\tmp.edb

c:\windows\system32\muzapp.exe

K:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-24 to 2012-07-24 ))))))))))))))))))))))))))))))

.

.

2012-07-23 13:44 . 2012-07-23 14:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-03 21:06 . 2012-07-03 21:06 -------- d-----w- c:\windows\es

2012-07-03 21:04 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-07-03 21:02 . 2012-07-03 21:02 -------- d-----w- c:\windows\nl

2012-07-03 20:49 . 2012-07-03 20:49 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\4591c88e1cd595d03\MeshBetaRemover.exe

2012-07-03 20:48 . 2012-07-03 20:48 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\DXSETUP.exe

2012-07-03 20:48 . 2012-07-03 20:48 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\dsetup32.dll

2012-07-03 20:48 . 2012-07-03 20:48 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\DSETUP.dll

2012-06-29 11:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-29 11:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-29 11:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-29 11:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-29 11:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-29 11:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-29 11:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-29 11:22 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-29 11:22 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 19:02 . 2012-04-10 14:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 19:02 . 2011-07-17 14:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 11:46 . 2012-06-10 09:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-24 23:58 . 2011-04-24 23:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2011-04-25 00:48 . 2011-04-25 00:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2011-04-25 00:00 . 2011-04-25 00:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2011-04-24 23:59 . 2011-04-24 23:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2011-04-24 23:58 . 2011-04-24 23:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2011-04-24 23:57 . 2011-04-24 23:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2011-04-24 23:58 . 2011-04-24 23:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2011-04-24 23:58 . 2011-04-24 23:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2011-04-24 23:51 . 2011-04-24 23:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2011-04-25 00:00 . 2011-04-25 00:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-19 19:57 . 2012-01-18 10:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392]

"Facebook Update"="c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 5369856]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2201375780-3717989005-3553682316-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:02]

.

2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2201375780-3717989005-3553682316-1000Core.job

- c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 19:18]

.

2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2201375780-3717989005-3553682316-1000UA.job

- c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 19:18]

.

2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 16:16]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 16:16]

.

2012-07-24 c:\windows\Tasks\User_Feed_Synchronization-{B100218E-2109-4CB3-A473-21C670F2BC94}.job

- c:\windows\system32\msfeedssync.exe [2012-03-07 04:44]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://citrix.humanitas-dmh.nl/CitrixLogonPoint/HDMH/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: humanitas-dmh.nl\citrix

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{CACC548F-00FA-49A7-AD3D-735344428CF7}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\crjtbung.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - Welkom bij Facebook - Meld je aan, registreer je of ontdek meer

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.id - 96f4f12c0000000000000024211fdb77

FF - user.js: extensions.BabylonToolbar_i.hardId - 96f4f12c0000000000000024211fdb77

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15377

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:22

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0413.EXE

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-24 22:14

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2201375780-3717989005-3553682316-1000\Software\SecuROM\License information*]

"datasecu"=hex:c2,5a,7f,b6,30,0c,e7,56,85,c2,59,0b,10,19,bf,32,e7,5f,a2,d0,1d,

70,31,5b,af,4b,8a,7d,9a,eb,6b,57,66,34,6c,96,f4,65,46,b7,47,65,c1,51,61,e5,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1380)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

Voltooingstijd: 2012-07-24 22:22:24

ComboFix-quarantined-files.txt 2012-07-24 20:22

ComboFix2.txt 2010-03-02 19:54

.

Pre-Run: 233.767.464.960 bytes beschikbaar

Post-Run: 233.797.877.760 bytes beschikbaar

.

- - End Of File - - D4A2DB11DB5D7B7FCB38CB6DA6E09234

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\crjtbung.default\

FF - user.js: extensions.BabylonToolbar_i.id - 96f4f12c0000000000000024211fdb77

FF - user.js: extensions.BabylonToolbar_i.hardId - 96f4f12c0000000000000024211fdb77

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15377

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:22

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-07-26.03 - Jasper 25-07-2012 21:23:07.3.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3326.2713 [GMT 2:00]

Gestart vanuit: c:\users\Jasper\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jasper\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))

.

.

2012-07-23 13:44 . 2012-07-23 14:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-03 21:06 . 2012-07-03 21:06 -------- d-----w- c:\windows\es

2012-07-03 21:04 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-07-03 21:02 . 2012-07-03 21:02 -------- d-----w- c:\windows\nl

2012-07-03 20:49 . 2012-07-03 20:49 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\4591c88e1cd595d03\MeshBetaRemover.exe

2012-07-03 20:48 . 2012-07-03 20:48 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\DXSETUP.exe

2012-07-03 20:48 . 2012-07-03 20:48 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\dsetup32.dll

2012-07-03 20:48 . 2012-07-03 20:48 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\444f7def1cd595d02\DSETUP.dll

2012-06-29 11:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-29 11:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-29 11:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-29 11:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-29 11:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-29 11:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-29 11:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-29 11:22 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-29 11:22 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 19:02 . 2012-04-10 14:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 19:02 . 2011-07-17 14:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 11:46 . 2012-06-10 09:41 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-24 23:58 . 2011-04-24 23:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2011-04-25 00:48 . 2011-04-25 00:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2011-04-25 00:00 . 2011-04-25 00:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2011-04-24 23:59 . 2011-04-24 23:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2011-04-24 23:58 . 2011-04-24 23:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2011-04-24 23:57 . 2011-04-24 23:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2011-04-24 23:58 . 2011-04-24 23:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2011-04-24 23:58 . 2011-04-24 23:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2011-04-24 23:51 . 2011-04-24 23:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2011-04-25 00:00 . 2011-04-25 00:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-19 19:57 . 2012-01-18 10:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-01-04 937872]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-01-04 21392]

"Facebook Update"="c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 5369856]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2201375780-3717989005-3553682316-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:02]

.

2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2201375780-3717989005-3553682316-1000Core.job

- c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 19:18]

.

2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2201375780-3717989005-3553682316-1000UA.job

- c:\users\Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 19:18]

.

2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 16:16]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 16:16]

.

2012-07-24 c:\windows\Tasks\User_Feed_Synchronization-{B100218E-2109-4CB3-A473-21C670F2BC94}.job

- c:\windows\system32\msfeedssync.exe [2012-03-07 04:44]

.

.

------- Bijkomende Scan -------

.

uStart Page = https://citrix.humanitas-dmh.nl/CitrixLogonPoint/HDMH/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: humanitas-dmh.nl\citrix

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{CACC548F-00FA-49A7-AD3D-735344428CF7}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\crjtbung.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - Welkom bij Facebook - Meld je aan, registreer je of ontdek meer

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-RunOnce-<NO NAME> - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-25 21:33

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2201375780-3717989005-3553682316-1000\Software\SecuROM\License information*]

"datasecu"=hex:c2,5a,7f,b6,30,0c,e7,56,85,c2,59,0b,10,19,bf,32,e7,5f,a2,d0,1d,

70,31,5b,af,4b,8a,7d,9a,eb,6b,57,66,34,6c,96,f4,65,46,b7,47,65,c1,51,61,e5,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(2012)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

Voltooingstijd: 2012-07-25 21:41:07

ComboFix-quarantined-files.txt 2012-07-25 19:41

ComboFix2.txt 2012-07-24 20:22

ComboFix3.txt 2010-03-02 19:54

.

Pre-Run: 233.781.858.304 bytes beschikbaar

Post-Run: 233.682.792.448 bytes beschikbaar

.

- - End Of File - - 923D39A79ED8A1952B4C94AEB7CE73E3

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.