Ga naar inhoud

virus of spyware in google ?

pclaaf
 Delen

Aanbevolen berichten

pclaaf Groentje

pclaaf

Geplaatst:
  • Auteur
Geplaatst:

Nou, dat was schrikken !

Nadat Combofix had gedraaid, deed plots niets het meer. Mozilla niet, IE niet, en alle andere progjes ook niet meer. Systeemherstel deed het ook niet meer. Ik kreeg steeds de volgende melding: " Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering." Ik heb mn laptop in de veilige modus opnieuw opgestart en toen deed systeemherstel het gelukkig wel. Maar nu ik er zo over nadenk had ik misschien beter in de veilige modus hier kunnen komen.. ? In ieder geval is mijn laptop dus weer naar het punt hersteld vlak voor de scan met Combofix. AVG is nog wel verwijderd. Ik heb de log nog wel van Combofix :

ComboFix 11-06-11.01 - Roy 13-06-2011 0:26.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1295 [GMT 2:00]

Gestart vanuit: c:\users\Roy\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Roy\AppData\Roaming\Adobe\plugs

c:\users\Roy\AppData\Roaming\Adobe\shed

c:\users\Roy\AppData\Roaming\Microsoft\Windows\Templates\44j0236824c3v150c3873gnlwu800h0f15vxj3il82eua

c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\extensions\{292aad94-f718-40b5-92c8-28869690f2f4}

c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\extensions\{292aad94-f718-40b5-92c8-28869690f2f4}\chrome.manifest

c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\extensions\{292aad94-f718-40b5-92c8-28869690f2f4}\chrome\xulcache.jar

c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\extensions\{292aad94-f718-40b5-92c8-28869690f2f4}\defaults\preferences\xulcache.js

c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\extensions\{292aad94-f718-40b5-92c8-28869690f2f4}\install.rdf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-12 to 2011-06-12 ))))))))))))))))))))))))))))))

.

.

2011-06-12 22:37 . 2011-06-12 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-11 10:01 . 2011-06-11 10:01 388096 ----a-r- c:\users\Roy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-11 10:01 . 2011-06-11 10:01 -------- d-----w- c:\program files (x86)\Trend Micro

2011-06-05 01:24 . 2011-06-05 01:24 20 ----a-w- c:\windows\SysWow64\drivers\PCIIDE.SYS

2011-06-04 23:47 . 2011-06-04 23:47 -------- d-----w- c:\windows\system32\SPReview

2011-06-04 23:45 . 2011-06-04 23:45 -------- d-----w- c:\windows\system32\EventProviders

2011-06-04 15:56 . 2011-06-04 15:56 -------- d-----w- C:\$AVG

2011-06-04 15:20 . 2011-06-04 15:20 -------- d-----w- c:\users\Roy\AppData\Local\ElevatedDiagnostics

2011-05-30 20:35 . 2011-05-30 22:57 -------- d-----w- c:\users\Roy\AppData\Roaming\mIRC

2011-05-30 20:35 . 2011-06-04 15:45 -------- d-----w- c:\program files (x86)\mIRC

2011-05-29 10:47 . 2011-05-29 20:44 -------- d-sh--w- c:\programdata\FE0EA4D975DC0B07EC1C431037541BEF

2011-05-25 21:30 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-05-25 21:30 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-05-25 21:30 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-05-25 21:28 . 2010-11-20 13:27 750080 ----a-w- c:\windows\system32\TSWorkspace.dll

2011-05-25 21:27 . 2010-11-20 13:33 152960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2011-05-25 21:26 . 2010-11-20 13:27 72192 ----a-w- c:\windows\system32\napdsnap.dll

2011-05-25 21:25 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-05-25 21:25 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-05-25 21:24 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-05-25 21:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-05-25 21:24 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-05-25 21:23 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-05-25 21:23 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-05-25 21:23 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-05-25 21:23 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-05-24 17:41 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-18 21:53 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-05-18 21:53 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-05-18 15:39 . 2011-05-18 15:39 84718440 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcF7A9.tmp

2011-05-18 15:28 . 2011-06-04 15:45 -------- d-----w- c:\program files (x86)\Microsoft

2011-05-18 15:27 . 2011-05-18 15:27 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2011-05-18 15:27 . 2011-05-18 15:28 -------- d-----w- c:\program files (x86)\Windows Live

2011-05-18 15:27 . 2011-05-18 15:27 -------- d-----w- c:\windows\PCHEALTH

2011-05-18 15:26 . 2011-05-18 15:26 144416072 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc3B3D.tmp

2011-05-17 16:27 . 2011-05-17 16:27 -------- d-----w- c:\users\Roy\AppData\Local\{AA38FB59-3514-41EB-ABA4-F2191C8CB4E5}

2011-05-16 16:40 . 2011-05-16 16:40 -------- d-----w- c:\users\Roy\AppData\Local\{5CDCF2B4-8D7B-4E5C-99CE-9E7AD07AD043}

2011-05-15 19:59 . 2011-05-15 19:59 -------- d-----w- c:\users\Roy\AppData\Local\{2D6C301D-0E87-4952-BB05-126A6F963DAA}

2011-05-15 18:52 . 2011-06-04 15:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-05-15 18:51 . 2011-05-15 18:51 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1caff56c1cc13310a\Silverlight.4.0.exe

2011-05-15 18:49 . 2011-05-15 22:30 -------- d-----w- c:\users\Roy\AppData\Local\Windows Live

2011-05-15 18:23 . 2011-05-15 18:23 -------- d-----w- c:\program files (x86)\Google

2011-05-15 18:19 . 2011-05-15 18:19 -------- d-----w- c:\users\Roy\AppData\Local\Windows Live Writer

2011-05-15 18:19 . 2011-05-15 18:19 -------- d-----w- c:\users\Roy\AppData\Roaming\Windows Live Writer

2011-05-15 17:21 . 2011-05-15 17:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-05 00:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-05 00:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-29 07:11 . 2010-11-08 15:17 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2010-11-08 15:17 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-09 07:02 . 2011-05-11 21:41 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:02 . 2011-05-11 21:41 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 21:41 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-03-30 17:40 . 2011-05-08 13:20 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2011-03-30 17:36 . 2011-05-08 13:20 25920 ----a-w- c:\windows\system32\authuitu.dll

2011-03-30 17:36 . 2011-05-08 13:20 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2011-03-30 17:36 . 2011-05-08 13:20 36160 ----a-w- c:\windows\system32\uxtuneup.dll

2011-03-30 17:36 . 2011-05-08 13:20 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2011-03-25 03:29 . 2011-05-11 21:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 03:29 . 2011-05-11 21:41 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 03:29 . 2011-05-11 21:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 03:29 . 2011-05-11 21:41 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 03:29 . 2011-05-11 21:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-03-25 03:29 . 2011-05-11 21:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 03:28 . 2011-05-11 21:41 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-03-16 11:28 . 2011-04-27 00:55 18240 ----a-w- c:\windows\system32\roboot64.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-11-7 503808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 SASDIFSV;SASDIFSV;c:\users\Roy\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SAS***IL;SAS***IL;c:\users\Roy\AppData\Local\Temp\SAS_SelfExtract\SAS***IL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]

.

.

Inhoud van de 'Gedeelde Taken' map

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5336&r=27361010d945l04d4z1h5v4722125r

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-13 00:53:05 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-12 22:52

.

Pre-Run: 120.223.227.904 bytes beschikbaar

Post-Run: 120.117.571.584 bytes beschikbaar

.

- - End Of File - - CEE641BC97B18EC87A564160A43B58AA

_______________________________________________________________________________

Wat kan ik nu doen ? Als ik weer Combofix ga uitvoeren heb ik straks weer het zelfde probleem, ben ik bang.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Toch zal het nnodzakelijk zijn om Combofix - hoe riskant ook - nog eens te laten scannen, maar nu met een fix waarmee ongewenste onderdelen worden verwijderd.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files (x86)\Common Files\Windows Live\.cache\wlcF7A9.tmp

c:\program files (x86)\Common Files\Windows Live\.cache\wlc3B3D.tmp

Folder::

c:\programdata\FE0EA4D975DC0B07EC1C431037541BEF

c:\users\Roy\AppData\Local\{AA38FB59-3514-41EB-ABA4-F2191C8CB4E5}

c:\users\Roy\AppData\Local\{5CDCF2B4-8D7B-4E5C-99CE-9E7AD07AD043}

c:\users\Roy\AppData\Local\{2D6C301D-0E87-4952-BB05-126A6F963DAA}

Firefox::

FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\ym4iphae.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
pclaaf Groentje

pclaaf

Geplaatst:
  • Auteur
Geplaatst:

Hallo helpers.

Door persoonlijke omstandigheden ben ik even een tijdje offline geweest. Maar ik ben er weer. In de tussentijd heeft mijn huisgenoot mijn laptop zo nu en dan gebruikt ( zonder virus scanner :S ) maar in ieder geval, het lijkt of het probleem zich niet meer voor doet. Ik heb meerdere woorden geprobeert, en google linkt het allemaal netjes meteen door. Wel is mijn laptop heel erg traag. Ik heb nog een Hijack this gedaan , hieronder de log. Kunnen jullie die nog een X bekijken ?

BVD

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:57:45, on 20-6-2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 7873 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit logje ziet er prima uit. Toch zou het wenselijk zijn om de opdracht uit bericht 13 uit te voeren. Dan kunnen we pas zeker van zijn dat alle problemen zijn opgelost en kan het misschien ook nog een bijdrage leveren tot een hogere snelheid van de PC.

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.