Ga naar inhoud

Computer blijft soms hangen na het opstarten

erwin969
 Delen

Aanbevolen berichten

erwin969 Groentje

erwin969

Geplaatst:
Geplaatst:

Als ik mijn computer op start en op mijn bureaublad is aangekomen, blijft hij soms hangen. Soms na firefox te hebben opgestart en ik er een ander programma erbij opstart reageert hij niet, ook ctrl-alt-del doet niets dus handmatig uitzetten en weer aan is het enige wat het doet. Nu heb ik AVG 2013 Free geinstalleerd. Wellicht dat het daar iets mee te maken heeft? Bij deze de HijackThis log.

Alvast dank

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:33:31, on 30-10-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19328)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\nvraidservice.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\System32\mobsync.exe

C:\Program Files\TweetDeck\TweetDeck.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\TapinRadio\TapinRadio.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GlobalTuners - On-line remotely controlled tuners

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: ASETRES.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {200C064B-066D-4D6F-93E8-044231273490} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl6.cab

O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--

End of file - 9495 bytes

Link naar reactie
Delen op andere sites
  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O4 - Global Startup: ASETRES.EXE

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites
erwin969 Groentje

erwin969

Geplaatst:
  • Auteur
Geplaatst:

Hoi,

Gedaan. Bij deze de laatste hijackthis log:

De comboFix.txt kreeg ik niet. Hij bleef een hele tijd hangen op "log aan het voorbereiden, open geen andere programma's". Dat duurde zo lang dat ik mijn PC handmatig heb moeten aan en uit zetten.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:28:45, on 30-10-2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19328)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\nvraidservice.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GlobalTuners - On-line remotely controlled tuners

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {200C064B-066D-4D6F-93E8-044231273490} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl6.cab

O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--

End of file - 7991 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Logje HijackThis ziet er OK uit. Combofix kan - bij eerste gebruik - behoorlijk lang duren ... en dan spreken we niet over minuten, maar soms over uren. Dus je zal enig geduld moeten oefenen bij de uitvoering ervan. Anders kan je het als nachtjob laten draaien en kan je 's morgens zien of het gelukt is. Lukt het niet in de normale modus, probeer het dan eens in de "veilige modus".

Link naar reactie
Delen op andere sites
erwin969 Groentje

erwin969

Geplaatst:
  • Auteur
Geplaatst:

Ok, in de normale modus duurde het weer erg lang. Heb ik nog nooit gehad dat ComboFix zo lang duurt om een logje aan te maken, meestal binnen 10 minuten. In de Veilige Modus was het binnen enkele minuten klaar.

Dit is het log:

ComboFix 12-10-31.01 - Erwin 31-10-2012 12:45:50.3.4 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2542 [GMT 1:00]

Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\users\Erwin\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-31 ))))))))))))))))))))))))))))))

.

.

2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Erwin\AppData\Local\temp

2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer

2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe

2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013

2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013

2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013

2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData

2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec

2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb

1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE

2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll

2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.globaltuners.com/

mStart Page = hxxp://www.yahoo.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: onlinereceivers.net

TCP: DhcpNameServer = 192.168.178.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab

FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q=

FF - prefs.js: network.proxy.http - 96.43.130.70

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-Apanel - c:\acersw\config\SetApanel.cmd

MSConfigStartUp-FilmOn HDi Player - d:\filmon hdi player\FilmOn HDi Player.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-FileHunter - c:\users\Erwin\AppData\Roaming\FileHunter\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-31 12:54

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(992)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-10-31 12:56:46

ComboFix-quarantined-files.txt 2012-10-31 11:56

.

Pre-Run: 169,363,804,160 bytes beschikbaar

Post-Run: 169,189,957,632 bytes beschikbaar

.

- - End Of File - - 39C22EC223C84BB0EA64B43308CD2458

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL-

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
erwin969 Groentje

erwin969

Geplaatst:
  • Auteur
Geplaatst:

Ok, hier is ie. Op dezelfde manier gedaan als bij de vorige, in veilige modus.

ComboFix 12-10-31.03 - Erwin 31-10-2012 17:40:40.5.4 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2541 [GMT 1:00]

Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\users\Erwin\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-31 ))))))))))))))))))))))))))))))

.

.

2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Erwin\AppData\Local\temp

2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer

2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe

2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013

2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013

2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013

2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData

2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec

2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb

1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE

2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll

2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.globaltuners.com/

mStart Page = hxxp://www.yahoo.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: onlinereceivers.net

TCP: DhcpNameServer = 192.168.178.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab

FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q=

FF - prefs.js: network.proxy.http - 96.43.130.70

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-31 17:49

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1384)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-10-31 17:50:58

ComboFix-quarantined-files.txt 2012-10-31 16:50

.

Pre-Run: 169,782,030,336 bytes beschikbaar

Post-Run: 169,650,003,968 bytes beschikbaar

.

- - End Of File - - D2DC6F2C97810183BE3E6F37A37F09D8

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit is niet goed verlopen, je hebt Combofix gewoon opnieuw opgestart zonder de aanpassingen. Bedoeling is dat je het tekstbestand IN de rode snelkoppeling van Combofix sleept ... en dan start de tool opnieuw op om de aangeduide items te verwijderen. Wil je dat nog even herhalen en daarna een nieuw logje plaatsen ?

Link naar reactie
Delen op andere sites
erwin969 Groentje

erwin969

Geplaatst:
  • Auteur
Geplaatst:

Nogmaals dan.

ComboFix 12-10-31.03 - Erwin 01-11-2012 10:46:29.6.4 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2545 [GMT 1:00]

Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Erwin\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))

.

.

2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Erwin\AppData\Local\temp

2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer

2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe

2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013

2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013

2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013

2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll

2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec

2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb

1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE

2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll

2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]

2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.globaltuners.com/

mStart Page = hxxp://www.yahoo.com

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: onlinereceivers.net

TCP: DhcpNameServer = 192.168.178.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab

FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q=

FF - prefs.js: network.proxy.http - 96.43.130.70

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-01 10:55

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1632)

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

.

Voltooingstijd: 2012-11-01 10:56:54

ComboFix-quarantined-files.txt 2012-11-01 09:56

.

Pre-Run: 169,316,921,344 bytes beschikbaar

Post-Run: 169,184,948,224 bytes beschikbaar

.

- - End Of File - - 2E702B665B3865379D3BE7A2F814E235

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download AdwCleaner by Xplode naar je bureaublad.

A3qkP9RCEAAOZhQ.jpg

  • Sluit alle openstaande vensters.
  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.