Deze website maakt gebruik van cookies. Waarom? Klik hier voor ons privacy- en cookiebeleid. Door op akkoord te klikken of door gebruik te blijven maken van deze website geeft u aan akkoord te zijn met het gebruik van cookies.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

[Hijackthis] Herhaaldelijke foutmelding

Abraham54
12 antwoorden
  • Hallo, mijn systeem heeft nu zo'n week last van om de paar tellen foutmeldingen te geven in de vorm van '' Mozilla Firefox has stopped working '' en '' Windows Explorer has stopped working ''. Het gebeurt voornamelijk bij het openen van mappen of items in mappen.

    Heb mijn PC meerdere malen gescand en waar nodig gefixt, maar dit probleem blijft zich voordoen. Veranderen van browser helpt niet.

    Hierbij de HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:48:44 PM, on 7/3/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    C:\Users\ALEX\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kurs.ru/index0.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [HKLM] C:\Program Files (x86)\Adobe\reader.exe
    O4 - HKCU\..\Run: [HKCU] C:\Program Files (x86)\Adobe\reader.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9525 bytes
  • We beginnen met MBAM:

    [b:f460c05f38]Welk programma[/b:f460c05f38]: [b:f460c05f38]Malwarebytes MBAM[/b:f460c05f38][/color:f460c05f38]
    [b:f460c05f38]Waarvoor/waarom[/b:f460c05f38]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:f460c05f38]Moeilijkheidsgraad[/b:f460c05f38]: geen.

    [b:f460c05f38]Download Malwarebytes MBAM via één van deze locaties[/b:f460c05f38]:
    [list:f460c05f38][*:f460c05f38][b:f460c05f38]Softpedia.com[/b:f460c05f38][*:f460c05f38][b:f460c05f38]Majorgeeks.com[/b:f460c05f38][/list:u:f460c05f38]
    [b:f460c05f38]Allereerst[/b:f460c05f38]:[list:f460c05f38][*:f460c05f38] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:f460c05f38] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:f460c05f38]
    [b:f460c05f38]Malwarebytes MBAM opstarten[/b:f460c05f38]:
    [list:f460c05f38][*:f460c05f38] [b:f460c05f38]Sluit nu eerst alle nog openstaande programmavensters![/color:f460c05f38][/b:f460c05f38]
    [list:f460c05f38][*:f460c05f38][b:f460c05f38]Windows 2000[/color:f460c05f38][/b:f460c05f38] en [b:f460c05f38]Windows XP[/b:f460c05f38][/color:f460c05f38]: start MBAM middels dubbelklik op de snelkoppeling.
    [*:f460c05f38][b:f460c05f38]Windows Vista[/b:f460c05f38][/color:f460c05f38] en [b:f460c05f38]Windows 7[/b:f460c05f38][/color:f460c05f38]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:f460c05f38][/list:u:f460c05f38]
    [list:f460c05f38][*:f460c05f38][b:f460c05f38]Let op:[/b:f460c05f38]
    [list:f460c05f38][*:f460c05f38]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:f460c05f38]Bij de eerstse start kijg je de mogelijkheid de volledige versie tijdelijk te gebruiken of de gratis versie.
    [*:f460c05f38]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:f460c05f38]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:f460c05f38]
    [img:f460c05f38]http://img30.imageshack.us/img30/3928/mbam2.png[/img:f460c05f38]

    [*:f460c05f38][b:f460c05f38]Doe ook nog het volgende:[/b:f460c05f38]
    [list:f460c05f38][*:f460c05f38]Zodra het programma gestart is, ga dan naar het tabblad "[b:f460c05f38]Instellingen[/b:f460c05f38]".
    [*:f460c05f38]Vink hier aan: "[b:f460c05f38]Sluit Internet Explorer tijdens verwijdering van malware[/b:f460c05f38]".[/list:u:f460c05f38][/list:u:f460c05f38]

    [b:f460c05f38]Scannen[/b:f460c05f38]:
    [list:f460c05f38][*:f460c05f38] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:f460c05f38]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:f460c05f38]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:f460c05f38]
    [b:f460c05f38]Infecties gevonden[/b:f460c05f38]:
    [list:f460c05f38][*:f460c05f38]Klik nu eerst op OK om de melding weg te klikken
    [*:f460c05f38]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:f460c05f38]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:f460c05f38]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:f460c05f38]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:f460c05f38]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:f460c05f38]
    [b:f460c05f38]MBAM-Log[/b:f460c05f38]:
    [list:f460c05f38][*:f460c05f38] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:f460c05f38]
    [b:f460c05f38]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:f460c05f38][/color:f460c05f38]
  • Bij deze:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    ALEX :: ALEX-PC [administrator]

    7/4/2012 11:59:07 AM
    mbam-log-2012-07-04 (11-59-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206410
    Time elapsed: 2 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCR\CLSID\{8BIH02YO-2403-QO67-O280-W0EKGX473E73} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8BIH02YO-2403-QO67-O280-W0EKGX473E73} (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\Adobe\reader.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKLM (Backdoor.HMCPol.Gen) -> Data: C:\Program Files (x86)\Adobe\reader.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\ALEX\AppData\Roaming\9 1\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Adobe\reader.exe (Backdoor.HMCPol.Gen) -> Quarantined and deleted successfully.

    (end)
  • Je moet ervan uitgaan dat er zo mogelijk identiteitsdiefstal heeft plaatsgevonden!
    Daarbij moet je denken aan inlogwachtwoorden, jouw e-mailaccountgegegevens en meer.
    Heb je ook nog geïnternetbankiert, dan kunnen je bankgegevens ook gecompromitteerd zijn!


    [b:d09599ee0d]Welk programma[/b:d09599ee0d]: [b:d09599ee0d]ComboFix[/b:d09599ee0d][/color:d09599ee0d]
    [b:d09599ee0d]Waarvoor/waarom[/b:d09599ee0d]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:d09599ee0d]Moeilijkheidsgraad[/b:d09599ee0d]: Lees alles eerst goed vanwege de voorbereidingsfase.
    [b:d09599ee0d]Downloadlokatie[/b:d09599ee0d]: Dit programma absoluut naar het bureaublad downloaden!
    [b:d09599ee0d]Download ComboFix via één van deze locaties[/b:d09599ee0d]:
    [list:d09599ee0d][*:d09599ee0d][b:d09599ee0d]Bleepingcomputer[/b:d09599ee0d]
    [*:d09599ee0d][b:d09599ee0d]ForoSpyware[/b:d09599ee0d]
    [*:d09599ee0d][b:d09599ee0d]Geekstogo[/b:d09599ee0d][/list:u:d09599ee0d]
    [b:d09599ee0d]Hier[/b:d09599ee0d] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:d09599ee0d]Hier[/color:d09599ee0d][/b:d09599ee0d] of [b:d09599ee0d]hier[/b:d09599ee0d][/color:d09599ee0d] kan je lezen hoe je dat doet.

    [b:d09599ee0d]Opmerkingen[/b:d09599ee0d]:
    [list:d09599ee0d][*:d09599ee0d][b:d09599ee0d]Voor alle duidelijkheid nogmaals[/b:d09599ee0d]: ComboFix dient vanaf het bureaublad gestart te worden.
    [*:d09599ee0d] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:d09599ee0d]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:d09599ee0d]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:d09599ee0d]
    [b:d09599ee0d]ComboFix is opgestart[/b:d09599ee0d]:
    [list:d09599ee0d][*:d09599ee0d]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:d09599ee0d]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:d09599ee0d]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:d09599ee0d]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:d09599ee0d]Post de inhoud van dit logbestand in je volgende bericht.
    [*:d09599ee0d]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:d09599ee0d]
    [b:d09599ee0d]Belangrijke opmerking[/b:d09599ee0d]:
    [list:d09599ee0d][*:d09599ee0d][b:d09599ee0d]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:d09599ee0d][/b:d09599ee0d]
    [*:d09599ee0d][b:d09599ee0d]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:d09599ee0d][/b:d09599ee0d]
    [*:d09599ee0d][b:d09599ee0d]Start dan de computer opnieuw op.[/color:d09599ee0d][/b:d09599ee0d][/list:u:d09599ee0d]
  • Ik kreeg inderdaad de melding dat de registersleutel verwijderd zou worden, heb mijn PC opnieuw opgestart en nu doet ie het (voorzover) weer als voorheen, zonder foutmeldingen. Opgelost dus. Heel erg bedankt!
  • Wil je het log alsnog posten.
    Want de infektie in jouw Windows en de maatregelen die je daarom moet nemen zijn niet mis.
  • In het begin heb ik je geadviseerd om de log te verplaatsen naar Beveiliging & Privacy als je geholpen wilde worden.
    Nu word je geholpen en als je denkt dat het al gebeurd is stop je terwijl de helper Abraham54 je nog vraagt om nog meer te onderzoeken, t.w. Combofix doe dat dan!!! Misschien moet er nog wel meer gedaan worden.
    En stop niet eerder dan dat je dat verteld wordt, veel succes verder.
  • Bij deze: ComboFix 12-07-04.01 - ALEX 07/04/2012 12:36:17.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.2874 [GMT 2:00]
    Running from: c:\users\ALEX\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\ALEX\AppData\Roaming\9 1
    c:\users\ALEX\AppData\Roaming\9 1\_ctypes.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_hashlib.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_socket.pyd
    c:\users\ALEX\AppData\Roaming\9 1\_ssl.pyd
    c:\users\ALEX\AppData\Roaming\9 1\bat.bat
    c:\users\ALEX\AppData\Roaming\9 1\boost_python-vc90-mt-1_39.dll
    c:\users\ALEX\AppData\Roaming\9 1\bt.lnk
    c:\users\ALEX\AppData\Roaming\9 1\bz2.pyd
    c:\users\ALEX\AppData\Roaming\9 1\j.exe
    c:\users\ALEX\AppData\Roaming\9 1\l3.lnk
    c:\users\ALEX\AppData\Roaming\9 1\library.zip
    c:\users\ALEX\AppData\Roaming\9 1\msvcp90.dll
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core._dotblas.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core._sort.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.multiarray.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.scalarmath.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.core.umath.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.fft.fftpack_lite.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.lib._compiled_base.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.linalg.lapack_lite.pyd
    c:\users\ALEX\AppData\Roaming\9 1
    umpy.random.mtrand.pyd
    c:\users\ALEX\AppData\Roaming\9 1\phatk.cl
    c:\users\ALEX\AppData\Roaming\9 1\pyopencl._cl.pyd
    c:\users\ALEX\AppData\Roaming\9 1\python26.dll
    c:\users\ALEX\AppData\Roaming\9 1\select.pyd
    c:\users\ALEX\AppData\Roaming\9 1\settings.txt
    c:\users\ALEX\AppData\Roaming\9 1\svchost.exe
    c:\users\ALEX\AppData\Roaming\9 1\svchost2.exe
    c:\users\ALEX\AppData\Roaming\9 1\unicodedata.pyd
    c:\users\ALEX\AppData\Roaming\9 1\w9xpopen.exe
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\users\ALEX\AppData\Roaming\Malwarebytes
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\programdata\Malwarebytes
    2012-07-04 09:57 . 2012-07-04 09:57 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 09:57 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 09:50 . 2012-07-03 09:50 ——– d—–w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-03 09:50 . 2012-07-03 09:50 770384 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-07-03 09:50 . 2012-07-03 09:50 421200 —-a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-07-03 09:50 . 2012-07-03 09:50 157608 —-a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-07-03 09:50 . 2012-07-03 09:50 113120 —-a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\windows\PCHEALTH
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft Sync Framework
    2012-07-01 20:08 . 2012-07-01 20:08 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2012-07-01 20:07 . 2012-07-01 20:07 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-07-01 20:06 . 2012-07-01 20:06 ——– d—–w- c:\program files\Microsoft Analysis Services
    2012-07-01 20:06 . 2012-07-01 20:06 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
    2012-07-01 20:05 . 2012-07-01 20:05 ——– d—–r- C:\MSOCache
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\users\ALEX\AppData\Local\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\programdata\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\users\ALEX\AppData\Roaming\GlobalSCAPE
    2012-06-28 22:24 . 2012-06-28 22:24 ——– d—–w- c:\program files (x86)\GlobalSCAPE
    2012-06-28 22:19 . 2012-06-28 22:20 ——– d—–w- c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021
    2012-06-28 22:19 . 2006-07-25 05:42 606293 —-a-w- c:\windows\SysWow64\wbocx.ocx
    2012-06-28 22:19 . 2006-07-25 05:42 50688 —-a-w- c:\windows\SysWow64\wbhelp2.dll
    2012-06-28 22:19 . 2012-06-28 22:19 ——– d—–w- c:\program files (x86)\Ipswitch
    2012-06-28 22:18 . 2005-11-13 21:22 757760 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
    2012-06-28 22:18 . 2005-11-13 21:22 69715 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
    2012-06-28 22:18 . 2005-11-13 21:21 274432 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
    2012-06-28 22:18 . 2005-11-13 21:20 204800 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
    2012-06-28 22:18 . 2005-11-13 21:19 65024 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
    2012-06-28 22:18 . 2005-11-13 21:19 5632 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-06-28 22:18 . 2012-06-28 22:18 331908 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
    2012-06-28 22:18 . 2012-06-28 22:18 200836 —-a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
    2012-06-24 18:59 . 2012-06-24 18:59 ——– d—–w- c:\users\ALEX\AppData\Local\Skyrim
    2012-06-24 18:53 . 2012-06-24 18:59 ——– d—–w- c:\program files (x86)\The Elder Scrolls V Skyrim
    2012-06-23 18:38 . 2012-07-01 16:14 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2012-06-23 18:38 . 2012-07-01 16:14 ——– d—–w- c:\program files (x86)\Spybot - Search & Destroy
    2012-06-23 18:31 . 2012-06-23 18:31 250 —-a-w- C:\user.js
    2012-06-22 22:38 . 2012-06-22 22:38 ——– d—–w- c:\programdata\Arturia
    2012-06-19 23:03 . 2012-06-19 23:03 ——– d—–w- c:\users\ALEX\AppData\Local\Mixed_In_Key_LLC
    2012-06-19 23:03 . 2012-06-19 23:03 ——– d—–w- c:\users\ALEX\AppData\Local\Mixed In Key
    2012-06-18 09:32 . 2012-06-18 09:32 ——– d—–w- c:\program files (x86)\Microsoft Chart Controls
    2012-06-16 02:15 . 2012-06-16 02:16 ——– d—–w- c:\users\ALEX\AppData\Local\SniperV2
    2012-06-16 02:08 . 2012-06-16 02:08 ——– d—–w- c:\program files (x86)\Rebellion
    2012-06-14 13:57 . 2012-06-14 13:57 ——– d—–w- c:\program files (x86)\Common Files\Software Update Utility
    2012-06-08 13:35 . 2012-06-08 13:35 ——– d—–w- c:\program files\CCleaner
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-23 22:02 . 2012-05-23 22:22 90888004 —-a-w- c:\program files (x86)\Samsung Kies.msi
    2012-05-15 21:43 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-05-15 21:43 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-03 904080]
    .
    c:\users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ALEX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-15 121832]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-15 364520]
    R3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2009-10-16 11264]
    R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
    R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-30 26752]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [2010-06-25 35344]
    R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS
    vnusbaudio.sys [2010-05-26 55296]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-13 279616]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
    S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
    S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
    .
    .
    — Other Services/Drivers In Memory —
    .
    *NewlyCreated* - WS2IFSL
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 —-a-w- c:\users\ALEX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Supplementary Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://kurs.ru/index0.html
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.254
    FF - ProfilePath - c:\users\ALEX\AppData\Roaming\Mozilla\Firefox\Profiles\83kx9hpq.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109868&tt=060612_8_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 4cfdaeef00000000000014dae9ec09e4
    FF - user.js: extensions.BabylonToolbar_i.hardId - 4cfdaeef00000000000014dae9ec09e4
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15514
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:31
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
    "ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* ¸ýh]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* ¸ýh\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*Í»ýh]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*Í»ýh\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-321171748-2839810000-1812142625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*zNAA\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Other Running Processes ————————
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 12:45:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 10:45
    .
    Pre-Run: 537,784,295,424 bytes free
    Post-Run: 537,435,807,744 bytes free
    .
    - - End Of File - - F96A15209F443C6199AF22539E55EDB0
  • Ga naar http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=5673 alwaar je kan lezen hoe Babylon uit Firefox te krijgen.

    En doe ook het volgende:

    [b:83808df248]Welk programma[/b:83808df248]: [b:83808df248]Emsisoft Emergency Kit 1.0[/b:83808df248][/color:83808df248]
    [b:83808df248]Waarvoor/waarom[/b:83808df248]: Detecteert en verwijdert malware
    [b:83808df248]Moeilijkheidsgraad[/b:83808df248]: geen.
    Download: [b:83808df248]Emsisoft Emergency Kit[/color:83808df248][/b:83808df248]

    [b:83808df248]Opmerkingen[/b:83808df248]:[list:83808df248][*:83808df248]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:83808df248]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:83808df248]

    [b:83808df248]Emsisoft Emergency Kit opstarten[/b:83808df248] door de map "[b:83808df248]EmsisoftEmergencyKit[/b:83808df248]" te openen
    [list:83808df248][list:83808df248][*:83808df248][b:83808df248]Windows 2000[/color:83808df248][/b:83808df248] en [b:83808df248]Windows XP[/b:83808df248][/color:83808df248]: dubbelklik op "Start.exe".
    [*:83808df248][b:83808df248]Windows Vista[/b:83808df248][/color:83808df248] en [b:83808df248]Windows 7[/b:83808df248][/color:83808df248]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:83808df248][/list:u:83808df248]

    [b:83808df248]Scannen[/b:83808df248]:
    [list:83808df248][*:83808df248] Klik nu in het keuzescherm op "[b:83808df248]Emergency Kit Scanner[/b:83808df248]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:83808df248]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:83808df248]


    [*:83808df248]Doe dit dan ook door te klikken op "[b:83808df248]Ja[/b:83808df248]"
    [*:83808df248]Wanneer het updaten gereed is volgt de melding "[b:83808df248]Update proces is succesvol afgerond[/b:83808df248]"
    [*:83808df248]Klik nu op"[b:83808df248]Menu[/b:83808df248]" en dan op "[b:83808df248]Scan PC[/b:83808df248]"
    [*:83808df248] Selecteer de optie "[b:83808df248]Diep[/b:83808df248]" als deze niet standaard al zo is ingesteld.
    [*:83808df248] Klik aansluitend op de knop "[b:83808df248]Scan[/b:83808df248]"
    [list:83808df248][*:83808df248]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:83808df248]
    [*:83808df248] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.


    [*:83808df248] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:83808df248]Verwijder geselecteerde[/b:83808df248]" - dan zal de volgende melding komen:

    [img:83808df248]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:83808df248]


    [*:83808df248]Klik aansluitend dus op "[b:83808df248]Ja[/b:83808df248]"
    [*:83808df248] Wanneer het verwijderen klaar is, klik dan op de knop "[b:83808df248]View report[/b:83808df248]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:83808df248]a2scan_110730-111615.txt[/b:83808df248]
    [*:83808df248] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:83808df248]
    [b:83808df248]Notabene:[/b:83808df248][/color:83808df248] Herstart nu de computer.
  • Bij deze: Emsisoft Emergency Kit - Version 2.0
    Last update: 7/4/2012 1:24:23 PM

    Scan settings:

    Scan type: Deep Scan
    Objects: Rootkits, Memory, Traces, C:\
    Scan archives: On
    ADS Scan: On

    Scan start: 7/4/2012 1:24:43 PM

    C:\Windows\SysWOW64\WgaTray.exe detected: Riskware.Crack.WgaTray!E2
    C:\Windows\System32\WgaTray.exe detected: Riskware.Crack.WgaTray!E2
    C:\Users\ALEX\Games\Unreal Tournament 2004\UT2004 Keygen (XP only).exe detected: Riskware.Keygen.UT2004!E2
    C:\Users\ALEX\Downloads\CuteFTP Pro v8.3.4 Cracked {projectmyskills}\CuteFTP Pro v8.3.4 Cracked {projectmyskills}.rar -> Get Your Software Here\Patch\patch.exe detected: possible-Thread.Patch.GC!E2
    C:\Qoobox\Quarantine\C\Users\ALEX\AppData\Roaming\9 1\svchost2.exe.vir detected: Trojan-Dropper.Win32.Injector!E2
    C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe detected: Win32.Delf!E2
    C:\Program Files (x86)\Native Instruments\FM8\FM8.exe detected: Backdoor.Win32.Ciadoor!E2
    C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Elektrik Piano 1.5.exe detected: Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\B4 II\B4 II.exe detected: Virus.Win32.Injector!E2

    Scanned 782192
    Found 9

    Scan end: 7/4/2012 2:29:46 PM
    Scan time: 1:05:03

    C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Elektrik Piano 1.5.exe Deleted Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\B4 II\B4 II.exe Deleted Virus.Win32.Injector!E2
    C:\Program Files (x86)\Native Instruments\FM8\FM8.exe Deleted Backdoor.Win32.Ciadoor!E2
    C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe Deleted Win32.Delf!E2
    C:\Qoobox\Quarantine\C\Users\ALEX\AppData\Roaming\9 1\svchost2.exe.vir Deleted Trojan-Dropper.Win32.Injector!E2
    C:\Users\ALEX\Downloads\CuteFTP Pro v8.3.4 Cracked {projectmyskills}\CuteFTP Pro v8.3.4 Cracked {projectmyskills}.rar -> Get Your Software Here\Patch\patch.exe Deleted possible-Thread.Patch.GC!E2
    C:\Users\ALEX\Games\Unreal Tournament 2004\UT2004 Keygen (XP only).exe Deleted Riskware.Keygen.UT2004!E2
    C:\Windows\SysWOW64\WgaTray.exe Deleted Riskware.Crack.WgaTray!E2

    Deleted 8
  • Wat overigens ook interessant is; bij het opstarten van sommige programma's (bijv. AIM) krijg ik een Print-venster voor mijn neus. Erg vreemd.
  • Ik kijk er dankzij het Emisoft log er niet van op dat er vreemde dingen in jouw Windows gebeuren.
    Feitelijk heb je het allemaal zelf veroorzaakt.
    Zo te zien is jouw Windows ook niet legaal!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.