Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Kan iemand mijn hijack logje even bekijken?.

Singer
6 antwoorden
  • Sinds vanmiddag opent I.E. zichzelf en toont advertenties.Google heeft ook iets wat raar is,ik moet telkens met de muis klikken om weer kontakt te krijgen met de site waar ik op zit,de balk bovenaan word dan grijs.Ik heb ccleaner laten lopen en Spybot seatch and destroy.die vind telkens hetzelfde waarna ik dat dan weer verwijder.Het zijn gewone site van arke en cheaptickets en andere rommel. b.v.Iemand een idee of oplossing?.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:13:38, on 13-1-2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Users\Bert\AppData\Local\Temp\Blr.exe
    C:\Windows\Bmimoa.exe
    C:\Users\Bert\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Users\Bert\AppData\Local\Temp\Blq.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diesiedleronline.de/de/startseite
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\Bert\AppData\Roaming
    3yvzgrsqwSv.exe
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player
    pdivx32.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player
    pdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKCU\..\Run: [EPSON PX710W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SA89E.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Epson Stylus Photo PX710W(Netwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SF853.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DefSystem] C:\ProgramData\system.exe
    O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Bert\AppData\Local\Temp\Blq.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bert\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  • Hoi Singer, indien jij enkel Spybot Search & Destroy de veiligheid in jouw Windows laat bewaken, moet je niet raar opkijken, indien IE raar gaat doen.
    Want als ik me mij niet vergis doen wel meer dingen in jouw Windows raar!
    Je log duidt namelijk een fikse besmetting aan, omdat je simpelweg geen ativirusprogramma gebruikt!

    Verder vindt ik onderaan het log ook een vreemde melding:

    http://specs.tweak.to/17811 - heb je hier een verklaring voor?


    Mijn advies is, installeer de beste gratis antivirus, die er momenteel verkrijgbaar is!

    [b:3059a7d794]Avast 5 Free[/b:3059a7d794]: http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

    Installeer Avast met alle opties!
    En vergeet niet Avast eerst te registreren en daarna te updaten - hiervoor klik je in het menu op [b:3059a7d794]Onderhoud[/b:3059a7d794]

    Na registratie en updaten Avast een volledig systeem scan laten doen en post daarna een nieuw Hijack This-log!


    N.B.: andere gratis antivirusprogramma's zijn
    [list:3059a7d794][*:3059a7d794]AVG
    [*:3059a7d794]Avira Antivir Free
    [*:3059a7d794]Microsoft Security Essentials[/list:u:3059a7d794]
    Maaer deze versies beschikken niet over wat Avast als enigste gratis antivirusprogramma heeft en je verder alleen bij betaalde antivirusprogramma's vindt: een pro-alktieve module om nieuwe malware te herkennen!
  • Hoi Abraham54, Ik heb avast geinstalleerd en deze vond 66! besmettingen.
    De vermelding onderaan het log,hoort niet bij het log.Het hoort bij mijn forum account en is een onderschrift en verwijst naar een site waar mijn systeemconfiguratie staat.Hier mijn nieuwe log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:24:16, on 13-1-2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Users\Bert\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diesiedleronline.de/de/startseite
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player
    pdivx32.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player
    pdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [EPSON PX710W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SA89E.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Epson Stylus Photo PX710W(Netwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSE.EXE /FU "C:\Windows\TEMP\E_SF853.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DefSystem] C:\ProgramData\system.exe
    O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Bert\AppData\Local\Temp\Blq.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Bert\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  • Hoi Singer, dat ziet er inderdaad al een stuk beter uit!

    Waarom had je helemaal geen antivirusprogramma in Windows?
    Je zal inmiddels gemerkt hebben dat Avast vrijwel geen tot helemaal geen inbreuk maakt op je systeemsnelheid?


    Je mag ComboFix gaan doen!


    [b:75a7a3abc6]Welk programma[/b:75a7a3abc6]: ComboFix
    [b:75a7a3abc6]Waarvoor/waarom[/b:75a7a3abc6]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen.
    [b:75a7a3abc6]Moeilijkheidsgraad[/b:75a7a3abc6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:75a7a3abc6]Downloadlokatie[/b:75a7a3abc6]: Dit programma absoluut naar het bureaublad downloaden!
    [b:75a7a3abc6]Download ComboFix via één van deze locaties[/b:75a7a3abc6]:
    [list:75a7a3abc6][*:75a7a3abc6][b:75a7a3abc6]Bleepingcomputer[/b:75a7a3abc6]
    [*:75a7a3abc6][b:75a7a3abc6]ForoSpyware[/b:75a7a3abc6]
    [*:75a7a3abc6][b:75a7a3abc6]Geekstogo[/b:75a7a3abc6][/list:u:75a7a3abc6]
    [b:75a7a3abc6]Hier[/b:75a7a3abc6] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:75a7a3abc6]Hier[/b:75a7a3abc6] en [b:75a7a3abc6]hier[/b:75a7a3abc6] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:75a7a3abc6]Voor alle duidelijkheid nogmaals[/b:75a7a3abc6]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:75a7a3abc6]Opmerkingen[/b:75a7a3abc6]:
    [list:75a7a3abc6][*:75a7a3abc6] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:75a7a3abc6]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:75a7a3abc6]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:75a7a3abc6]
    [b:75a7a3abc6]ComboFix is opgestart[/b:75a7a3abc6]:
    [list:75a7a3abc6][*:75a7a3abc6]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:75a7a3abc6]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:75a7a3abc6]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:75a7a3abc6]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:75a7a3abc6]Post de inhoud van dit logbestand in je volgende bericht.
    [*:75a7a3abc6]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:75a7a3abc6]
    [b:75a7a3abc6]Belangrijke opmerking[/b:75a7a3abc6]:
    [list:75a7a3abc6][*:75a7a3abc6][b:75a7a3abc6]Indien er een error wordt getoond met de melding: "Illegal operation attempted on a registery key that has been marked for deletion." start dan de computer opnieuw op.[/b:75a7a3abc6][/color:75a7a3abc6][/list:u:75a7a3abc6]
  • Hoi Abraham54, hier mijn combifixlog.

    ComboFix 11-01-13.01 - Bert 14-01-2011 8:08.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.4095.2947 [GMT 1:00]
    Gestart vanuit: c:\users\Bert\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\system.exe
    c:\users\Bert\AppData\Roaming\AngryBirds.exe
    c:\users\Bert\AppData\Roaming\Local
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\videoplayback
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\videoplayback.ddp
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\videoplayback(2).ddr
    c:\users\Bert\AppData\Roaming\Local\Temp\DDM\Settings\videoplayback.ddr
    c:\users\Bert\AppData\Roaming\Microsoft\~DFK13b103b.tmp
    c:\users\Bert\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Bert\AppData\Roaming\Microsoft\bass.dll
    c:\users\Bert\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Bert\AppData\Roaming\Microsoft\mjcriu.dll
    c:\users\Bert\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Bert\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Bert\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\users\Bert\AppData\Roaming\SystemDriver.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_FreezeScreenSaver
    ——-\Service_RelevantKnowledge


    (((((((((((((((((((( Bestanden Gemaakt van 2010-12-14 to 2011-01-14 ))))))))))))))))))))))))))))))
    .

    2011-01-14 07:12 . 2011-01-14 07:12 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-01-14 06:52 . 2010-11-16 11:01 8199504 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15AFD2E1-6A4C-4AE2-9D6C-619194F12635}\mpengine.dll
    2011-01-13 21:30 . 2011-01-13 08:37 20560 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-01-13 21:30 . 2011-01-13 08:41 273488 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 21:30 . 2011-01-13 08:37 29264 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 21:30 . 2011-01-13 08:40 51792 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 21:30 . 2011-01-13 08:47 237168 —-a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 21:30 . 2011-01-13 08:37 62032 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 21:29 . 2011-01-13 08:47 38848 —-a-w- c:\windows\avastSS.scr
    2011-01-13 21:29 . 2011-01-13 08:47 188216 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2011-01-13 21:29 . 2011-01-13 21:29 ——– d—–w- c:\programdata\Alwil Software
    2011-01-13 21:29 . 2011-01-13 21:29 ——– d—–w- c:\program files\Alwil Software
    2011-01-13 20:49 . 2011-01-13 20:49 ——– d—–w- c:\program files (x86)\VSTPlugins
    2011-01-13 20:37 . 2011-01-13 20:37 ——– d—–w- c:\program files\REAPER (x64)
    2011-01-13 20:37 . 2010-07-24 21:10 5670016 —-a-w- c:\temp\64bit\reaper3651_x64-install.exe
    2011-01-13 17:13 . 2011-01-13 17:13 388096 —-a-r- c:\users\Bert\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-13 17:13 . 2011-01-13 17:13 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-01-09 17:07 . 2011-01-09 17:12 ——– d—–w- c:\users\Bert\AppData\Local\Conduit
    2011-01-09 12:17 . 2011-01-09 12:48 ——– d—–w- c:\users\Bert\AppData\Roaming\GrabIt
    2011-01-05 16:43 . 2011-01-05 16:44 ——– d—–w- C:\Boot
    2011-01-05 16:13 . 2011-01-05 16:13 536870912 –sha-w- C:\WinPEpge.sys
    2011-01-05 15:10 . 2011-01-05 15:10 ——– d—–w- c:\users\Bert\AppData\Local\ElevatedDiagnostics
    2010-12-27 21:35 . 2010-12-27 21:35 ——– d—–w- c:\users\Bert\AppData\Roaming\PCF-VLC
    2010-12-27 21:31 . 2010-12-27 21:31 ——– d—–w- c:\users\Bert\AppData\Roaming\Participatory Culture Foundation
    2010-12-27 21:31 . 2010-12-27 21:31 ——– d—–w- c:\program files (x86)\Participatory Culture Foundation
    2010-12-24 09:12 . 2011-01-13 20:23 ——– d—–w- c:\users\Bert\AppData\Roaming\DivX
    2010-12-24 09:11 . 2010-12-24 09:11 ——– d—–w- c:\program files\DivX
    2010-12-24 09:11 . 2010-12-24 09:11 ——– d—–w- c:\program files (x86)\Common Files\DivX Shared
    2010-12-24 09:10 . 2010-12-24 09:12 ——– d—–w- c:\program files (x86)\DivX
    2010-12-24 09:09 . 2010-12-24 09:12 ——– d—–w- c:\programdata\DivX
    2010-12-23 11:35 . 2010-12-23 11:35 ——– d—–w- c:\program files (x86)\LucasArts
    2010-12-21 12:34 . 2010-12-21 12:34 ——– d—–w- c:\program files (x86)\ASIO4ALL v2

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 09:12 . 2010-10-11 09:28 314016 —-a-w- c:\windows\system32\drivers\atksgt.sys
    2010-11-30 09:12 . 2010-10-11 09:28 43680 —-a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-11-12 17:53 . 2010-06-02 17:34 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-12 00:44 . 2010-11-12 00:44 94208 —-a-w- c:\windows\SysWow64\dpl100.dll
    2010-11-11 23:25 . 2010-06-02 14:34 111928 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
    2010-11-09 03:55 . 2010-11-24 06:57 1502208 —-a-w- c:\windows\system32\inetcpl.cpl
    2010-11-09 03:52 . 2010-11-24 06:57 2381824 —-a-w- c:\windows\system32\mshtml.tlb
    2010-11-08 22:57 . 2010-11-08 22:57 353592 —-a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
    2010-11-01 23:03 . 2010-11-24 06:57 1448448 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59 . 2010-11-24 06:57 2381824 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2010-10-30 10:40 . 2010-10-30 10:40 53248 —-a-w- c:\windows\SysWow64\unrar.dll
    2010-10-19 09:41 . 2010-06-02 13:17 270720 ——w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-02 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-02 79360]
    R3 t3;Auzen X-Fi Bravura 7.1;c:\windows\system32\drivers\t3.sys [2009-12-07 637952]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-26 9600]

    .
    Inhoud van de 'Gedeelde Taken' map

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860015011-4189447042-970878400-1001Core.job
    - c:\users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 13:08]

    2011-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860015011-4189447042-970878400-1001UA.job
    - c:\users\Bert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 13:08]
    .

    ——— x86-64 ———–


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF14207.cfxxe" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.diesiedleronline.de/de/startseite
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube to Mp3 Converter - c:\users\Bert\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    FF - ProfilePath - c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\igja6yml.default\
    .
    - - - - ORPHANS VERWIJDERD - - - -

    URLSearchHooks-{22e03916-85c5-44b0-8dc9-1830c11238d9} - (no file)
    Wow6432Node-HKCU-Run-DefSystem - c:\programdata\system.exe
    Wow6432Node-HKLM-Run-SPIRunE - SPIRunE.dll
    HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Need For Speed - Porsche 2000 - c:\program files (x86)\Electronic Arts\Need For Speed - Porsche 2000\uninst.log
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
    AddRemove-S3 Gold - c:\bluebyte\Settlers3\Uninst.isu


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-860015011-4189447042-970878400-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:50,ed,89,68,92,55,94,8e,81,71,2c,1c,57,ef,e1,15,f4,93,09,12,12,dc,a5,
    b1,e9,b4,fc,b6,7b,f2,ad,96,72,ff,57,fd,47,b0,1f,c8,d4,9e,a4,04,da,37,e7,8b,\
    "??"=hex:c7,d5,09,86,33,71,d6,81,60,ce,4d,a8,82,e5,dc,c7

    [HKEY_USERS\S-1-5-21-860015011-4189447042-970878400-1001\Software\SecuROM\License information*]
    "datasecu"=hex:e6,b3,49,0b,97,3d,1c,2c,cb,c9,0b,67,c2,87,5f,a7,22,10,86,0d,79,
    c4,1e,6d,ec,c1,ed,3e,a4,51,57,14,20,a8,18,08,0e,bf,b9,f7,81,7e,d3,6b,ba,a2,\
    "rkeysecu"=hex:20,d6,03,3b,4a,2b,cd,c3,3b,f7,cb,e6,c0,e3,d0,b9

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*(*]
    "Description"="Cakewal"
    "HelpFilePath"=""
    "HelpFileTopic"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*6*]
    "Description"="Cakewal"
    "HelpFilePath"=""
    "HelpFileTopic"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\users\Bert\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-01-14 08:17:20 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-01-14 07:17

    Pre-Run: 481.105.371.136 bytes beschikbaar
    Post-Run: 480.856.694.784 bytes beschikbaar

    - - End Of File - - A637CA6017B8BD2B8FF40954547521FD
  • Hoi Singer, hoe draait jouw Windows inmiddels?

    Je mag het volgende gaan doen: open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:dd4634ae80]File::
    C:\WinPEpge.sys

    Folder::
    c:\users\Bert\AppData\Local\Conduit[/color:dd4634ae80][/b:dd4634ae80]


    Sla dit kladblokbestand op je bureaublad op als [b:dd4634ae80]CFScript.txt[/b:dd4634ae80].

    [b:dd4634ae80]Nu eerst de antivirus deaktiveren![/b:dd4634ae80]


    Sleep CFScript.txt in ComboFix.exe


    [img:dd4634ae80]http://home.kpn.nl/~stefsmeenk/CFScript.gif[/img:dd4634ae80]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.