Vista - Hijack this log

[ChrisNL]

Goede avond,

Ik kan geen bestanden van wat voor aard dan ook downloaden via me internet browsers, ook lukt het me niet om b.v. pokerstars te downloaden, wat ik voorheen wel had geinstalleerd.

Misschien hebben jullie een oplossing, bedankt alvast

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:51:44, on 23-1-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Spotnet\Spotnet.exe

C:\Program Files\Spotnet\SABnzbd.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Chris en Lies\Documents\downloads\complete\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ALDI Nederland - Startpagina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris en Lies\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E; AskTbSPC2/5.9.1.14019)" -"http://spellen.speltuin.nl/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f7370656c6c656e2e7370656c7475696e2e6e6c2f36393962626436656261333466346233373238613635633032636238376333312f323635322e646372&width=389&height=420&cr=1"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: NDAS-apparaatbeheer.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing) (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--

End of file - 13760 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll

O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E; AskTbSPC2/5.9.1.14019)" -"http://spellen.speltuin.nl/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=6874 74703a2f2f7370656c6c656e2e7370656c7475696e2e6e6c2f363939626264366562613334663462 33 373238613635633032636238376333312f323635322e646372&width=389&height=420&cr=1"

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing)

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay, de wereldwijde online handelsplaats (file missing) (HKCU)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verwijder Ask Toolbar of Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw logje van HijackThis.

[ChrisNL]

Malwarebytes Anti-Malware 1.70.0.1100

Malwarebytes : Free anti-malware download

Databaseversie: v2013.01.23.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Chris en Lies :: PC_VAN_CHRIS [administrator]

23-1-2013 21:08:54

mbam-log-2013-01-23 (21-08-54).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 212536

Verstreken tijd: 6 minuut/minuten, 56 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:18:37, on 23-1-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\NDAS\System\ndasmgmt.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Chris en Lies\Documents\downloads\complete\HijackThis.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ALDI Nederland - Startpagina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris en Lies\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: NDAS-apparaatbeheer.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--

End of file - 11416 bytes

[kape]

Dit is prima verlopen. Heb je nu nog dezelfde problemen ? Zo ja, moeten we nog even dieper kijken.

[ChrisNL]

Goedemorgen,

Ja nog steeds de zelfde problemen helaas, zit nu alleen niet thuis dus kan weinig uitrichten op mijn pc, eind van de middag ben ik weer thuis, bedankt alvast voor alle hulp

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[ChrisNL]

Super, ik ga ermee aan de slag als ik van mijn werk kom.

[kape]

OK, dan lezen we hier het resultaat wel ;-)

[ChrisNL]

ComboFix 13-01-23.01 - Chris en Lies 24-01-2013 16:49:17.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3325.1753 [GMT 1:00]

Gestart vanuit: c:\users\Chris en Lies\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Chris en Lies\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

c:\users\Chris en Lies\AppData\Roaming\Adobe\plugs

c:\users\Chris en Lies\AppData\Roaming\Adobe\shed

c:\users\Chris en Lies\AppData\Roaming\inst.exe

c:\users\Chris en Lies\AppData\Roaming\vso_ts_preview.xml

c:\users\Chris en Lies\Documents\Windows\tmp.txt

c:\users\CHRISE~1\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

c:\windows\IsUn0413.exe

c:\windows\system32\muzapp.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-24 to 2013-01-24 ))))))))))))))))))))))))))))))

.

.

2013-01-23 15:42 . 2013-01-23 15:42 -------- d-----w- c:\program files\CCleaner

2013-01-17 05:36 . 2013-01-17 05:36 -------- d-----w- c:\program files\NzbMagic

2013-01-09 11:53 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 11:52 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 11:52 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 18:25 . 2012-09-22 07:32 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 18:25 . 2011-06-15 04:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 13:12 . 2012-12-21 02:00 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50 . 2012-12-21 02:00 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 15:49 . 2012-10-05 07:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-23 13:11 . 2009-10-02 11:56 848 --sha-w- c:\programdata\KGyGaAvL.sys

2012-11-14 02:09 . 2012-12-13 02:05 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2012-12-13 02:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 02:05 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2012-12-13 02:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 02:05 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2012-12-13 02:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 01:29 . 2012-12-12 20:04 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 10:18 . 2012-12-12 20:04 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 08:26 . 2012-12-12 20:04 23040 ----a-w- c:\windows\system32\dpnsvr.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-29 39408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-07 960440]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]

"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]

"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2011-04-26 1287464]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NDAS-apparaatbeheer.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2007-6-29 236520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 18:25]

.

2013-01-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-29 09:57]

.

2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:13]

.

2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:13]

.

2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3714982201-875793385-758948499-1000Core.job

- c:\users\Chris en Lies\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 02:41]

.

2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3714982201-875793385-758948499-1000UA.job

- c:\users\Chris en Lies\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13 02:41]

.

.

------- Bijkomende Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-01-24 16:57

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3544)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Hercules\Audio\DJ Console Series\drivers\x86\HerculesDJControlMP3.EXE

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\NDAS\System\ndassvc.exe

c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-24 17:03:58 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-24 16:03

.

Pre-Run: 252.538.695.680 bytes beschikbaar

Post-Run: 252.584.288.256 bytes beschikbaar

.

- - End Of File - - ECD48F9F7E1EA48F05A741C84208E922

[kape]

Mooi zo ... Combofix heeft één en ander aangepakt. Blijf je nu nog met dezelfde problemen zitten ?