Ga naar inhoud

Windows verkenner loopt vast


mana_chico

Aanbevolen berichten

Enorm trage laptop

Ik heb een vrij nieuwe laptop (Samsung) van enkele maanden oud. Alles werkte perfect tot een paar weken geleden. Mijn computer ging plots enorm traag. Het vreemde is dat als ik de computer opstart, dan werkt hij voor een 10tal minuten zonder problemen. Maar daarna is het chaos. Ik kan geen mappen meer openen. Als ik een map open dan komt er gewoon een wit scherm en meer niet. Ook Mozilla Firefox blijft dan vaak steken. Zelfs een partijtje poker op Facebook lukt niet meer. Eerst dacht ik aan een virus, dus heb ik Avast en Spy Sweeper geïnstalleerd. Ik heb met beiden een volledige scan gedaan, maar het probleem blijft. Mijn harde schijf is ook niet vol want er is 130 van de 227 GB gebruikt.

Misschien ook van nut: vroeger elke keer bij het opstarten kwam er een scherm Form1. Als je onderaan erop klikte verscheen er gewoon een zwart scherm en je kon het scherm ook gewoon sluiten. Na de virusscans verdween dit scherm.

Kan iemand mij helpen? redface.gif

Bedankt

---------- Post toegevoegd om 14:20 ---------- Vorige post was om 14:19 ----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:55:39, on 11/10/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

C:\Windows\Explorer.EXE

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\SAMSUNG NOTEBOOK PC

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [bDRegion] "C:\Program Files\Cyberlink\Shared Files\brs.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Maplom] "C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" /silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--

End of file - 8359 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Malwarebytes' Anti-Malware 1.41

Database versie: 2945

Windows 6.0.6001 Service Pack 1

12/10/2009 19:12:38

mbam-log-2009-10-12 (19-12-38).txt

Scan type: Volledige Scan (C:\|D:\|)

Objecten gescand: 289743

Verstreken tijd: 2 hour(s), 37 minute(s), 32 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

---------- Post toegevoegd om 17:16 ---------- Vorige post was om 17:16 ----------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:27, on 12/10/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\SAMSUNG NOTEBOOK PC

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [bDRegion] "C:\Program Files\Cyberlink\Shared Files\brs.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Maplom] "C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" /silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--

End of file - 7466 bytes

Link naar reactie
Delen op andere sites

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:16:27, on 12/10/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe

C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\SAMSUNG NOTEBOOK PC

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [bDRegion] "C:\Program Files\Cyberlink\Shared Files\brs.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Maplom] "C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" /silent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [Power2GoExpress] NA

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--

End of file - 7466 bytes

Link naar reactie
Delen op andere sites

ComboFix 09-10-11.03 - Jan Verstraeten 12/10/2009 20:43.3.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3066.1649 [GMT 2:00]

Gestart vanuit: c:\users\Jan Verstraeten\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))

.

2009-10-12 18:52 . 2009-10-12 18:52 -------- d-----w- c:\users\Jan Verstraeten\AppData\Local\temp

2009-10-12 18:52 . 2009-10-12 18:52 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-12 18:52 . 2009-10-12 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-11 18:13 . 2009-10-11 18:13 -------- d-----w- c:\program files\CCleaner

2009-10-11 18:10 . 2009-10-11 18:10 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\Malwarebytes

2009-10-11 18:10 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-11 18:10 . 2009-10-11 18:10 -------- d-----w- c:\programdata\Malwarebytes

2009-10-11 18:10 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-11 18:10 . 2009-10-11 18:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-11 15:55 . 2009-10-11 15:55 -------- d-----w- c:\program files\Trend Micro

2009-10-11 15:53 . 2009-10-11 15:53 -------- d-----w- c:\program files\Lavalys

2009-10-10 15:13 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-10 15:13 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-10 15:13 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-10 15:13 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-10 15:13 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-10 15:13 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-10 15:13 . 2008-11-26 16:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-10-10 15:13 . 2009-10-10 15:13 -------- d-----w- c:\program files\Alwil Software

2009-10-10 15:10 . 2009-10-10 15:10 102224 ----a-w- c:\windows\system32\drivers\pwipf6.sys

2009-10-10 15:07 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-10 14:51 . 2009-10-10 15:17 -------- d-----w- c:\programdata\Webroot

2009-10-10 14:51 . 2009-10-10 14:51 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\Webroot

2009-10-10 14:51 . 2009-10-10 14:51 -------- d-----w- c:\program files\Webroot

2009-10-10 14:51 . 2009-09-18 12:08 1563008 ----a-w- c:\windows\WRSetup.dll

2009-10-10 13:46 . 2009-10-10 14:32 -------- d-----w- c:\users\Jan Verstraeten\.housecall6.6

2009-10-08 18:28 . 2009-10-08 18:28 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-10-08 18:01 . 2009-10-08 18:01 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\VistaCodecs

2009-10-08 17:36 . 2009-10-08 18:34 -------- d-----w- c:\program files\Audacity

2009-10-08 17:22 . 2009-10-08 17:33 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\Audacity

2009-09-29 19:36 . 2009-09-29 19:36 -------- d-----w- c:\program files\iPod

2009-09-29 19:36 . 2009-09-29 19:37 -------- d-----w- c:\program files\iTunes

2009-09-23 22:46 . 2009-09-23 22:46 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-09-23 15:58 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-09-23 15:58 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-09-23 15:58 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-23 15:58 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-09-23 15:58 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-09-23 15:58 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-09-23 15:58 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-09-23 15:58 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-09-21 18:30 . 2009-09-21 18:30 -------- d-----w- c:\program files\VirtualDJ

2009-09-20 19:16 . 2009-09-20 19:16 -------- d-----w- c:\program files\SopCast

2009-09-18 11:42 . 2009-09-18 11:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys

2009-09-18 11:42 . 2009-09-18 11:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys

2009-09-18 11:42 . 2009-09-18 11:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys

2009-09-14 18:31 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll

2009-09-14 18:28 . 2009-09-14 18:28 -------- d-----w- c:\users\Jan Verstraeten\AppData\Local\Microsoft Help

2009-09-12 21:22 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-09-12 21:22 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-09-12 21:21 . 2009-09-12 21:22 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-12 21:18 . 2009-09-12 21:19 -------- d-----w- c:\program files\QuickTime

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-12 14:11 . 2008-09-17 06:22 714060 ----a-w- c:\windows\system32\perfh013.dat

2009-10-12 14:11 . 2008-09-17 06:22 144376 ----a-w- c:\windows\system32\perfc013.dat

2009-10-12 14:03 . 2008-09-17 08:01 97703 ----a-w- c:\programdata\nvModes.dat

2009-10-12 05:08 . 2008-09-17 23:41 12 ----a-w- c:\windows\bthservsdp.dat

2009-10-10 15:27 . 2009-06-30 14:36 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\uTorrent

2009-10-10 15:15 . 2009-06-30 15:14 -------- d-----w- c:\programdata\McAfee

2009-10-10 15:11 . 2009-06-30 15:21 -------- d-----w- c:\program files\MSSOAP

2009-10-09 10:46 . 2008-09-17 08:02 -------- d-----w- c:\programdata\Microsoft Help

2009-10-08 18:28 . 2009-06-30 13:59 109488 ----a-w- c:\users\Jan Verstraeten\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-08 18:01 . 2009-07-01 11:20 -------- d-----w- c:\program files\VistaCodecPack

2009-10-08 18:01 . 2009-07-01 11:19 -------- d-----w- c:\programdata\VistaCodecs

2009-10-08 17:29 . 2008-09-17 08:05 -------- d-----w- c:\program files\Microsoft Works

2009-10-07 15:02 . 2009-06-30 14:43 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\Vso

2009-09-29 19:36 . 2009-06-30 16:04 -------- d-----w- c:\program files\Common Files\Apple

2009-09-26 13:50 . 2009-08-29 21:02 -------- d-----w- c:\programdata\Ubisoft

2009-09-13 20:30 . 2009-06-30 16:09 -------- d-----w- c:\users\Jan Verstraeten\AppData\Roaming\Apple Computer

2009-09-09 13:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-09-09 11:23 . 2009-09-09 11:23 -------- d-----w- c:\programdata\Electronic Arts

2009-09-09 11:22 . 2009-09-09 11:22 -------- d-----w- c:\program files\Electronic Arts

2009-08-31 21:16 . 2009-08-31 21:16 -------- d-----w- c:\program files\Microsoft WSE

2009-08-31 21:11 . 2008-09-17 07:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-30 09:41 . 2009-07-01 10:31 -------- d-----w- c:\program files\Java

2009-08-28 17:42 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-08-28 17:42 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-08-28 12:39 . 2009-09-03 16:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-28 10:15 . 2009-09-03 16:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-25 22:48 . 2009-08-25 22:48 680 ----a-w- c:\users\Jan Verstraeten\AppData\Local\d3d9caps.dat

2009-08-17 15:35 . 2009-06-30 15:13 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-14 17:07 . 2009-09-09 13:26 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 16:29 . 2009-09-09 13:26 104960 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-14 16:29 . 2009-09-09 13:26 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 14:16 . 2009-09-09 13:26 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 14:16 . 2009-09-09 13:26 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 14:16 . 2009-09-09 13:26 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 14:16 . 2009-09-09 13:26 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 14:16 . 2009-09-09 13:26 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 14:16 . 2009-09-09 13:26 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 14:16 . 2009-09-09 13:26 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-13 19:33 . 2009-08-13 19:33 -------- d-----w- c:\program files\Medieval Software

2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-31 17:54 . 2009-07-31 17:54 249856 ------w- c:\windows\Setup1.exe

2009-07-31 17:54 . 2009-07-31 17:54 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-07-25 03:23 . 2009-07-01 10:32 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-21 21:52 . 2009-07-29 22:35 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-29 22:35 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-29 22:35 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-29 22:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-17 14:35 . 2009-08-12 20:22 71680 ----a-w- c:\windows\system32\atl.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-10-11_16.20.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-10-12 14:05 44688 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-10-12 14:05 89188 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-06-30 13:54 . 2009-10-11 16:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-30 13:54 . 2009-10-12 18:41 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-06-30 13:54 . 2009-10-12 18:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-06-30 13:54 . 2009-10-11 16:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-06-30 13:54 . 2009-10-12 18:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-06-30 13:54 . 2009-10-11 16:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-30 13:58 . 2009-10-12 14:05 8616 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1422756301-1209528235-402330673-1003_UserData.bin

- 2009-10-11 16:05 . 2009-10-11 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-10-12 14:03 . 2009-10-12 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-10-12 14:03 . 2009-10-12 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-10-11 16:05 . 2009-10-11 16:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-10-12 14:11 633886 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-10-11 16:13 633886 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-10-11 16:13 118772 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-10-12 14:11 118772 c:\windows\System32\perfc009.dat

+ 2009-06-30 15:50 . 2009-10-12 14:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-06-30 15:50 . 2009-10-11 15:44 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-09-18 12:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]

"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-07-08 6273568]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-07-08 91432]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-05-14 87336]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2008-05-14 62760]

"Maplom"="c:\program files\SlySoft\Game Jackal\GameJackal.exe" [2009-06-09 6502024]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-09-18 6515784]

c:\users\Jan Verstraeten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-11 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{65FA09B1-BAB5-4E9B-9321-3D0996D51629}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{2D992AC3-DA8B-48F0-94B4-4DA73B38DBC8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{B99DCEB4-2B4B-42C7-A693-2EE916C67B69}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{BAF45FA8-660D-4ECF-AE73-1FC9E3C2198C}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{E4BC5511-97BA-4D13-9561-851B8DFAEC06}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{09EF6841-1C20-4C55-9E7C-FA3603C77F1A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{72ABA329-573C-4EDB-8A2F-CB8E3337EA07}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{495682A0-11D9-4581-B965-A0BE0822FF8E}"= UDP:d:\games\Battle For Middle Earth\game.dat:The Battle for Middle-earth

"{30570217-7AD8-4F52-B4C7-036B42A7F27B}"= TCP:d:\games\Battle For Middle Earth\game.dat:The Battle for Middle-earth

"TCP Query User{1506AAA2-2FD4-4AF3-B94D-A9B5F6309D03}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{47EFD392-10C4-4B11-8BF7-863DC064BF36}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1DF25452-39B2-41CF-AEF6-95F34B7A66F8}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"UDP Query User{28D1BB54-987D-4B70-8A8D-8199549AC833}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module

"{2FBFBE22-54CA-4482-837E-573088137912}"= UDP:d:\games\Prince Of Persia\Prince of Persia.exe:Prince of Persia Dx

"{083AFE33-E8BD-4B2C-B30C-B5927B485CF9}"= TCP:d:\games\Prince Of Persia\Prince of Persia.exe:Prince of Persia Dx

"{81BBE976-7C76-4B16-869E-CB18AE660238}"= UDP:d:\games\Prince Of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{44471AB4-EFE5-4C31-BCFA-910BF42A0425}"= TCP:d:\games\Prince Of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"TCP Query User{4079F975-0A37-4ED3-BF64-D75F49436B54}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{DF174128-6F17-420D-8027-52C1A6428502}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"{09E764D5-A75B-463A-9A7F-0AE03AD97DD2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{CF300C30-9498-4F78-9B38-87D1CCE8DD62}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{A87642BC-B28A-43AC-82AB-7B0B9349BBAC}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{46B9CEC0-D402-4A0C-9FE4-4970E985D365}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{BB9867AD-9773-4E34-AFB0-44F9E1C68DDE}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{5D956CF4-E183-497B-AEDB-9C1AFFE9CDE5}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{25C4D271-D4DB-4EA3-BD02-8882FAAB37AD}d:\\games\\tom clancy's splinter cell - double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= UDP:d:\games\tom clancy's splinter cell - double agent\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4

"UDP Query User{4A0871FB-0721-45FE-A080-F2E19915E669}d:\\games\\tom clancy's splinter cell - double agent\\tcscda\\scda-offline\\system\\splintercell4.exe"= TCP:d:\games\tom clancy's splinter cell - double agent\tcscda\scda-offline\system\splintercell4.exe:SplinterCell4

"{898664AD-2064-46A9-ACB2-01EB871EA1BA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{6FE0F05F-C38D-46BD-9053-1901C7E12D15}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= c:\program files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [18/09/2009 13:42 29808]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/10/2009 17:13 111184]

R1 pwipf6;Privacyware Filter Driver;c:\windows\System32\drivers\pwipf6.sys [10/10/2009 17:10 102224]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/10/2009 17:13 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/10/2009 17:13 51792]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [20/02/2009 9:46 30312]

R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [17/09/2008 9:56 13312]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/10/2009 17:12 1201640]

R3 MaplomL;MaplomL;c:\windows\System32\drivers\maploml.sys [1/07/2009 14:01 43144]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [25/06/2008 23:30 3662848]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [17/09/2008 8:15 44576]

R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [17/09/2008 9:54 242048]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp:\\SAMSUNG NOTEBOOK PC

uInternet Settings,ProxyOverride = *.local

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Jan Verstraeten\AppData\Roaming\Mozilla\Firefox\Profiles\8e81ux0d.default\

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-10-12 20:52

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1422756301-1209528235-402330673-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d0,d9,67,3b,4d,43,63,25,45,bb,64,f3,84,c4,52,80,49,65,0c,ff,ca,90,ad,

31,83,7b,4f,83,04,ce,ff,4b,50,a2,1b,0c,a0,52,c2,75,f1,03,db,c5,ac,68,33,80,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1422756301-1209528235-402330673-1003\Software\SecuROM\License information*]

"datasecu"=hex:7a,ff,66,f7,1f,73,80,96,10,ce,e4,d5,7e,3a,ba,8c,54,be,32,5a,50,

21,c6,3b,85,9d,b5,1f,fc,23,63,6b,1e,02,7a,1b,41,cd,8c,78,e4,68,5f,0c,19,60,\

"rkeysecu"=hex:62,c4,04,42,fb,23,a1,78,75,a8,7f,d6,ac,48,0e,20

.

Voltooingstijd: 2009-10-12 20:53

ComboFix-quarantined-files.txt 2009-10-12 18:53

ComboFix2.txt 2009-10-11 18:53

ComboFix3.txt 2009-10-11 16:21

Pre-Run: 142.669.287.424 bytes beschikbaar

Post-Run: 142.638.858.240 bytes beschikbaar

273 --- E O F --- 2009-10-12 14:11

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.