Archief - Sites openen niet meer

Ik kan bepaalde sites niet meer openen, ik surf met Chrome maar het gaat ook niet met IE of Firefox.


http://www.afbeeldingenuploaden.nl/uploads/867122Naamloos.jpg

post eens een hijackthis logje hier

scan ook eens op virussen als ook op spyware (met bvb malwarebytes)

Spyware en Malware scan heb ik al gedaan, vond niks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:29:36, on 5/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Program Files\Smart Defrag 2\SmartDefrag.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Advanced SystemCare 5\ASCTray.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Trojan Remover\Trjscan.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Advanced SystemCare 5] "D:\Program Files\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download alle links met IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video inhoud met IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download met IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5907 bytes

verwijder eens de volgende regensl in hijackthis

O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)


test

Exit zei:

verwijder eens de volgende regensl in hijackthis

O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)


test

Klik om te vergroten...

Hoe doe je dat juist?

Ik vermoed bij 'do a system scan only' => scan en dan de regels aanvinken en 'fix checked'

Als ik dat doe, krijg ik een foutmelding:

http://www.afbeeldingenuploaden.nl/uploads/379153Naamloos.jpg

open eens internet explorer - menu - extra - internetopties - verbindingen tabblad
proxy uitzetten (en autom. instellingen ... moet aan)

Eum, ik zie dat niet direct staan?

http://www.afbeeldingenuploaden.nl/uploads/540361Naamloos.jpg

knop lan instellingen onderaan nog eerst openen

Zo staat het...

http://www.afbeeldingenuploaden.nl/uploads/310950Naamloos.jpg

hijackthis eens als administrator uitvoeren (rechtsklik de koppeling en kies uitvoeren als ...)

probeer dan nog eens te wissen

settings staan goed

Dat gaat niet...

http://www.afbeeldingenuploaden.nl/uploads/871865Naamloos.jpg

s@té zei:

Dat gaat niet...

http://www.afbeeldingenuploaden.nl/uploads/871865Naamloos.jpg

Klik om te vergroten...

Heb ze kunnen verwijderen na het uitzetten van mijn virusscanner. Het probleem is er niet mee opgelost...

Hier is een nieuw logje:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:17, on 7/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Program Files\Smart Defrag 2\SmartDefrag.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Advanced SystemCare 5\ASCTray.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gilles\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Advanced SystemCare 5] "D:\Program Files\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download alle links met IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video inhoud met IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download met IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5892 bytes

Heb ComboFix ook eens laten lopen: (het werkt nog steeds niet)

ComboFix 12-03-07.05 - Gilles 07/03/2012 21:18:34.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.12287.10444 [GMT 1:00]
Gestart vanuit: c:\users\Gilles\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Gilles\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\SysWow64\Gdiplus.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))
.
.
2012-03-07 20:26 . 2012-03-07 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 18:35 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC7D2549-436F-4953-B54C-06E8F55EB3E6}\mpengine.dll
2012-03-05 20:29 . 2012-03-05 20:29 388096 ----a-r- c:\users\Gilles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-05 14:34 . 2003-02-02 18:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-03-05 14:34 . 2002-03-05 23:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-03-05 14:34 . 2012-03-05 14:34 -------- d-----w- c:\users\Gilles\AppData\Roaming\Simply Super Software
2012-03-05 14:34 . 2012-03-05 14:34 -------- d-----w- c:\programdata\Simply Super Software
2012-03-05 13:32 . 2012-03-05 13:32 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-05 13:32 . 2012-03-05 13:32 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-05 13:32 . 2012-03-05 13:32 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-05 13:32 . 2012-03-05 13:32 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-05 13:02 . 2012-03-05 13:02 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-05 13:02 . 2012-03-05 13:02 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-24 20:51 . 2012-02-24 20:51 -------- d-----w- C:\_OTL
2012-02-24 12:41 . 2012-02-24 12:41 -------- d-----w- c:\users\Gilles\AppData\Roaming\CheckPoint
2012-02-24 12:41 . 2012-03-05 13:23 -------- d-----w- c:\program files\CheckPoint
2012-02-24 12:41 . 2012-02-24 12:41 -------- d-----w- c:\programdata\CheckPoint
2012-02-24 12:40 . 2012-03-05 13:23 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-23 21:23 . 2012-02-23 21:23 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-02-18 16:09 . 2012-02-18 16:09 -------- d-----w- c:\users\Gilles\AppData\Roaming\dvdcss
2012-02-18 12:52 . 2012-02-18 12:52 -------- d-----w- c:\users\Gilles\AppData\Roaming\Avira
2012-02-18 12:51 . 2012-02-22 17:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-18 12:51 . 2012-02-18 12:51 -------- d-----w- c:\programdata\Avira
2012-02-18 12:51 . 2011-09-15 22:55 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-18 12:51 . 2011-09-15 22:55 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-17 18:35 . 2012-02-17 18:35 273757 ----a-w- c:\programdata\1329502892.bdinstall.bin
2012-02-17 18:10 . 2012-02-17 18:10 33281 ----a-w- c:\programdata\1329502193.bdinstall.bin
2012-02-17 17:41 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-17 17:41 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-17 17:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 17:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 21:38 . 2012-01-18 14:56 19936 ------w- c:\windows\system32\pwdrvio.sys
2012-02-14 21:38 . 2012-01-18 14:56 13280 ------w- c:\windows\system32\pwdspio.sys
2012-02-14 21:38 . 2012-01-18 14:56 1013320 ----a-w- c:\windows\system32\pwNative.exe
2012-02-10 12:47 . 2012-02-10 12:47 -------- d-----w- c:\programdata\BDLogging
2012-02-08 20:37 . 2012-02-08 20:37 544552 ----a-w- c:\windows\system32\drivers\avckf.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-12-14 23:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-04 22:21 . 2012-02-04 22:21 246730 ----a-w- c:\programdata\1328393494.bdinstall.bin
2012-01-19 20:04 . 2012-01-19 20:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-01-19 20:04 . 2012-01-19 20:04 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-19 20:04 . 2012-01-19 20:04 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-19 20:04 . 2012-01-19 20:04 395776 ----a-w- c:\windows\system32\webio.dll
2012-01-19 20:04 . 2012-01-19 20:04 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-19 20:04 . 2012-01-19 20:04 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-01-19 20:04 . 2012-01-19 20:04 31232 ----a-w- c:\windows\system32\lsass.exe
2012-01-19 20:04 . 2012-01-19 20:04 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-19 20:04 . 2012-01-19 20:04 28160 ----a-w- c:\windows\system32\secur32.dll
2012-01-19 20:04 . 2012-01-19 20:04 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-19 20:04 . 2012-01-19 20:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-19 20:04 . 2012-01-19 20:04 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-19 20:04 . 2012-01-19 20:04 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-19 20:04 . 2012-01-19 20:04 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-01-17 21:00 . 2011-12-19 17:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-30 16:02 . 2012-01-14 12:30 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-12-28 19:30 . 2011-12-28 19:30 189158 ----a-w- c:\programdata\1325100405.bdinstall.bin
2011-12-24 16:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-24 16:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-19 17:59 . 2011-12-19 17:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 17:59 . 2011-12-19 17:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59 . 2011-12-19 17:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 17:58 . 2011-12-19 17:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 17:58 . 2011-12-19 17:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-19 17:58 . 2011-12-19 17:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-16 16:21 . 2012-01-15 11:58 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-12-15 00:15 . 2011-12-15 00:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 23:53 . 2011-12-14 23:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-14 23:53 . 2011-12-14 23:53 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-12-10 14:24 . 2011-12-14 23:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2011-03-10 3278232]
"Advanced SystemCare 5"="d:\program files\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"TrojanScanner"="d:\program files\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FileMonitor;FileMonitor;d:\program files\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RegFilter;RegFilter;d:\program files\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;d:\program files\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\program files\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
R4 IMFservice;IMF Service;d:\program files\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;d:\avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 AODDriver4.01;AODDriver4.01;d:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2665647102-292756623-2361176691-1000Core.job
- c:\users\Gilles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:15]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2665647102-292756623-2361176691-1000UA.job
- c:\users\Gilles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- d:\program files\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download alle links met IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video inhoud met IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download met IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xporteren naar Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\avira\AntiVir Desktop\avguard.exe
d:\program files\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Voltooingstijd: 2012-03-07 21:37:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-07 20:37
ComboFix2.txt 2012-02-24 12:23
.
Pre-Run: 21.336.981.504 bytes beschikbaar
Post-Run: 21.099.327.488 bytes beschikbaar
.
- - End Of File - - EF7069D1F35288E1EAAB46E2E53748B4

Niemand?