Archief - Kan dit logje eens gecheckt worden , aub.

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
S

Scout

Legacy Member
Laptop van neef, heb al de meeste brol verwijderd denk ik...
Alvast bedankt !


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:34:51, on 10-11-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ExtraFilm Designer BE NL\ExtraFilmManager.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\arne\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files (x86)\ExtraFilm Designer BE NL\ExtraFilmManager.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\arne\Downloads\utorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [TorrentEasy_1440508f8a8e153a7590890ea07de9415eb39e82] "C:\Users\arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9USWI2FQ\TorrentEasy-1440508F8A8E153A7590890EA07DE9415EB39E82[1].exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10724 bytes
J

Juisterr

Legacy Member
Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.
4de6eab6867f3-Combofix.JPG


1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
S

Scout

Legacy Member
ComboFix 11-11-11.04 - arne 11-11-2011 18:38:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2514 [GMT 1:00]
Gestart vanuit: c:\users\arne\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TorrentEasy\extensions.exe
c:\programdata\TorrentEasy\fdmbtsupp.dll
c:\users\arne\AppData\Roaming\PriceGong
c:\users\arne\AppData\Roaming\PriceGong\Data\mru.xml
c:\windows\animbigN.bmp
c:\windows\animsmalN.bmp
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\rnaph.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))
.
.
2011-11-11 17:50 . 2011-11-11 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 17:36 . 2011-11-11 17:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{789E1075-4EF3-487F-8CAE-D519EE815D90}\offreg.dll
2011-11-11 17:36 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{789E1075-4EF3-487F-8CAE-D519EE815D90}\mpengine.dll
2011-11-10 22:28 . 2011-11-10 22:28 -------- d-----w- c:\users\arne\AppData\Roaming\Avira
2011-11-10 16:11 . 2011-06-18 14:30 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-10 16:11 . 2011-06-18 14:13 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-10 16:11 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Avira
2011-11-10 16:11 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\Avira
2011-11-10 15:56 . 2011-11-10 15:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-10 00:22 . 2011-11-10 00:22 -------- d-----w- c:\program files\ATI
2011-11-10 00:22 . 2011-11-10 00:22 -------- d-----w- c:\program files\ATI Technologies
2011-11-09 23:24 . 2011-11-09 23:24 -------- d-----w- c:\users\arne\AppData\Roaming\Malwarebytes
2011-11-09 23:23 . 2011-11-09 23:23 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 23:23 . 2011-11-09 23:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 23:23 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 18:19 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:19 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:19 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 14:19 . 2011-11-06 14:19 -------- d-----w- c:\users\arne\AppData\Local\Facebook
2011-10-31 13:39 . 2011-11-06 13:49 -------- d-----w- c:\users\Gast
2011-10-30 01:01 . 2011-10-30 01:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-10-28 23:43 . 2011-09-06 10:30 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-10-28 23:43 . 2011-08-29 15:36 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-10-28 23:19 . 2011-10-28 23:19 -------- d-----w- c:\program files (x86)\Nuvoton Technology Corporation
2011-10-24 22:02 . 2011-10-24 22:02 -------- d-----w- c:\program files (x86)\BitTorrent
2011-10-24 22:02 . 2011-11-09 23:02 -------- d-----w- c:\users\arne\AppData\Roaming\BitTorrent
2011-10-24 22:02 . 2011-10-24 22:02 -------- d-----w- c:\users\arne\AppData\Local\BitTorrent
2011-10-19 21:01 . 2011-10-19 21:01 -------- d-----w- c:\programdata\Premium
2011-10-19 21:01 . 2011-10-19 21:01 -------- d-----w- c:\programdata\InstallMate
2011-10-12 22:48 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 22:48 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 22:48 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 22:48 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 22:48 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 22:48 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 22:48 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 22:48 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 10:57 . 2011-10-04 10:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-09-29 17:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-04 17:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-04 17:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-04 16:54 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-11-29 13:26 3908192 ----a-w- c:\program files (x86)\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-17 39408]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"Facebook Update"="c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ExtraFilmManager"="c:\program files (x86)\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-06-18 340136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-18 428200]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521508543-652275343-1070438672-1001Core.job
- c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 14:19]
.
2011-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521508543-652275343-1070438672-1001UA.job
- c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 14:19]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 19:22]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 19:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8
mStart Page = hxxp://www.telenet.be
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Telenet Internet
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-msnmsgr - ~c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-uTorrent - c:\users\arne\Downloads\utorrent.exe
SafeBoot-BsScanner
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FX - Video Converter - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3521508543-652275343-1070438672-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3521508543-652275343-1070438672-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-11-11 19:56:08
ComboFix-quarantined-files.txt 2011-11-11 18:26
.
Pre-Run: 243.200.602.112 bytes beschikbaar
Post-Run: 243.629.666.304 bytes beschikbaar
.
- - End Of File - - 28FDD49BDF24F0AB9314C70B30475208
J

Juisterr

Legacy Member
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
Registry::
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScript.gif

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
S

Scout

Legacy Member
ComboFix 11-11-11.06 - arne 11-11-2011 22:09:46.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2724 [GMT 1:00]
Gestart vanuit: c:\users\arne\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\arne\Downloads\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\ConduitEngine\ConduitEngine.dll"
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))
.
.
2011-11-11 22:31 . 2011-11-11 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 21:02 . 2011-11-11 21:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{789E1075-4EF3-487F-8CAE-D519EE815D90}\offreg.dll
2011-11-11 17:36 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{789E1075-4EF3-487F-8CAE-D519EE815D90}\mpengine.dll
2011-11-10 22:28 . 2011-11-10 22:28 -------- d-----w- c:\users\arne\AppData\Roaming\Avira
2011-11-10 16:11 . 2011-06-18 14:30 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-10 16:11 . 2011-06-18 14:13 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-10 16:11 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Avira
2011-11-10 16:11 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\Avira
2011-11-10 15:56 . 2011-11-10 15:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-10 00:22 . 2011-11-10 00:22 -------- d-----w- c:\program files\ATI
2011-11-10 00:22 . 2011-11-10 00:22 -------- d-----w- c:\program files\ATI Technologies
2011-11-09 23:24 . 2011-11-09 23:24 -------- d-----w- c:\users\arne\AppData\Roaming\Malwarebytes
2011-11-09 23:23 . 2011-11-09 23:23 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 23:23 . 2011-11-09 23:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-09 23:23 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 18:19 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 18:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 18:19 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:19 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 14:19 . 2011-11-06 14:19 -------- d-----w- c:\users\arne\AppData\Local\Facebook
2011-10-31 13:39 . 2011-11-06 13:49 -------- d-----w- c:\users\Gast
2011-10-30 01:01 . 2011-10-30 01:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-10-28 23:43 . 2011-09-06 10:30 45904 ----a-w- c:\windows\system32\sbbd.exe
2011-10-28 23:43 . 2011-08-29 15:36 55384 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-10-28 23:19 . 2011-10-28 23:19 -------- d-----w- c:\program files (x86)\Nuvoton Technology Corporation
2011-10-24 22:02 . 2011-10-24 22:02 -------- d-----w- c:\program files (x86)\BitTorrent
2011-10-24 22:02 . 2011-11-09 23:02 -------- d-----w- c:\users\arne\AppData\Roaming\BitTorrent
2011-10-24 22:02 . 2011-10-24 22:02 -------- d-----w- c:\users\arne\AppData\Local\BitTorrent
2011-10-19 21:01 . 2011-10-19 21:01 -------- d-----w- c:\programdata\Premium
2011-10-19 21:01 . 2011-10-19 21:01 -------- d-----w- c:\programdata\InstallMate
2011-10-12 22:48 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 22:48 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 22:48 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 22:48 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 22:48 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 22:48 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 22:48 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-12 22:48 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 10:57 . 2011-10-04 10:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-09-29 17:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-04 17:21 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-04 17:21 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-04 16:54 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-11_17.52.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-11 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-11 17:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-11 21:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 17:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-11 17:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-11 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-11 21:02 41632 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-14 19:38 . 2011-11-11 21:02 16820 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3521508543-652275343-1070438672-1001_UserData.bin
+ 2009-07-14 04:46 . 2011-11-11 21:03 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-11 20:59 . 2011-11-11 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-11 17:31 . 2011-11-11 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-11 17:31 . 2011-11-11 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-11 20:59 . 2011-11-11 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-15 06:53 . 2011-11-11 18:56 233116 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 09:16 . 2011-11-11 17:38 701738 c:\windows\system32\perfh013.dat
+ 2009-07-14 09:16 . 2011-11-11 21:04 701738 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2011-11-11 21:04 616182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-11 17:38 616182 c:\windows\system32\perfh009.dat
+ 2009-07-14 09:16 . 2011-11-11 21:04 133738 c:\windows\system32\perfc013.dat
- 2009-07-14 09:16 . 2011-11-11 17:38 133738 c:\windows\system32\perfc013.dat
- 2009-07-14 02:36 . 2011-11-11 17:38 106562 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-11 21:04 106562 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-11 03:15 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-11 19:01 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-11-10 22:29 7111602 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-11 21:02 7111602 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-17 19:36 . 2011-11-11 19:01 2786776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3521508543-652275343-1070438672-1001-8192.dat
- 2011-04-17 19:36 . 2011-11-11 03:15 2786776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3521508543-652275343-1070438672-1001-8192.dat
+ 2009-07-14 02:34 . 2011-11-11 19:01 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-10-13 01:36 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-16 19:24 . 2011-11-11 19:01 17895164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3521508543-652275343-1070438672-1001-4096.dat
- 2011-06-16 19:24 . 2011-11-11 03:15 17895164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3521508543-652275343-1070438672-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-17 39408]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"Facebook Update"="c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-06 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ExtraFilmManager"="c:\program files (x86)\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-06-18 340136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-18 428200]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521508543-652275343-1070438672-1001Core.job
- c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 14:19]
.
2011-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521508543-652275343-1070438672-1001UA.job
- c:\users\arne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 14:19]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 19:22]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 19:22]
.
.
--------- x86-64 -----------
.
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/webhp?sourceid=navclient&hl=nl&ie=UTF-8
mStart Page = hxxp://www.telenet.be
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Telenet Internet
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3521508543-652275343-1070438672-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3521508543-652275343-1070438672-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-11-11 23:39:05
ComboFix-quarantined-files.txt 2011-11-11 22:39
ComboFix2.txt 2011-11-11 18:56
.
Pre-Run: 243.640.102.912 bytes beschikbaar
Post-Run: 243.591.639.040 bytes beschikbaar
.
- - End Of File - - 4EBC851229A1653E84FF522A271752D0
J

Juisterr

Legacy Member
Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
4e4e40e01106d-cfu.jpg


Ccleaner
Download CCleaner Slim
Installeer CCleaner en start CCleaner op.

  • Klik in de linkse kolom op Cleaner.
  • Klik achtereenvolgens op Analyseren en Opschonen.
  • Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
  • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
  • Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
  • Sluit hierna CCleaner af.

Om herbesmetting te vermijden, kan je deze tips eens nalezen:
Hoe voorkom ik een nieuwe infectie?
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan