Vraag & Antwoord

Beveiliging & privacy

.dll instaleren...???

Anoniem
None
51 antwoorden
  • Laptop van een bekende, elke keer bij opstarten komt er een melding dat er een poging wordt gedaan een .dll te installeren.
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:25:43, on 11-3-2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\beheerder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7I12O31\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
    R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: SCANKD~1.DLL
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v1026/Navigram.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe


    End of file - 10412 bytes
  • Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.03.11.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    beheerder :: BEHEERDER1 [administrator]

    11-3-2012 9:36:37
    mbam-log-2012-03-11 (09-36-37).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 191390
    Verstreken tijd: 4 minuut/minuten, 56 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Hallo Anjo, twee opdrachten.

  • OTL logfile created on: 11-3-2012 10:20:28 - Run 1
    OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\beheerder\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,93 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,77% Memory free
    6,07 Gb Paging File | 4,13 Gb Available in Paging File | 68,12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142,09 Gb Total Space | 68,09 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
    Drive D: | 143,00 Gb Total Space | 43,57 Gb Free Space | 30,47% Space Free | Partition Type: NTFS

    Computer Name: BEHEERDER1 | User Name: beheerder | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • OTL Extras logfile created on: 11-3-2012 10:20:28 - Run 1
    OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\beheerder\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,93 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,77% Memory free
    6,07 Gb Paging File | 4,13 Gb Available in Paging File | 68,12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142,09 Gb Total Space | 68,09 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
    Drive D: | 143,00 Gb Total Space | 43,57 Gb Free Space | 30,47% Space Free | Partition Type: NTFS

    Computer Name: BEHEERDER1 | User Name: beheerder | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • Er is iets weggevallen bij OTL-log.

    Graag het hoofdlog nogmaals posten, maar dan geheel!
  • OTL logfile created on: 11-3-2012 10:20:28 - Run 1
    OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\beheerder\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,93 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,77% Memory free
    6,07 Gb Paging File | 4,13 Gb Available in Paging File | 68,12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142,09 Gb Total Space | 68,09 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
    Drive D: | 143,00 Gb Total Space | 43,57 Gb Free Space | 30,47% Space Free | Partition Type: NTFS

    Computer Name: BEHEERDER1 | User Name: beheerder | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • jaja, nu is die compleet!

    [b:7c3ace930a]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:7c3ace930a]

    Start OTL[list:7c3ace930a][*:7c3ace930a]Plak de volgende (vetgedrukte, blauwe tekst) onder
  • All processes killed
    ========== OTL ==========
    ADS C:\ProgramData\Temp:07BF512B deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: beheerder
    ->Temp folder emptied: 34988858 bytes
    ->Temporary Internet Files folder emptied: 128561112 bytes
    ->Java cache emptied: 56716 bytes
    ->Flash cache emptied: 470 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21849514 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 177,00 mb


    [EMPTYFLASH]

    User: All Users

    User: beheerder
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.36.3 log created on 03112012_123458

    Files\Folders moved on Reboot…

    Registry entries deleted on Reboot…
  • Goed gedaan.

    [b:4c560e9c40]Welk programma[/b:4c560e9c40]: "aswMBR.exe'
    [b:4c560e9c40]Waarvoor/waarom[/b:4c560e9c40]: MBR-Rootkitscanner
    [b:4c560e9c40]Moeilijkheidsgraad[/b:4c560e9c40]: geen
    [b:4c560e9c40]Downloadlokatie[/b:4c560e9c40]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen!
    [b:4c560e9c40]Download[/b:4c560e9c40] [b:4c560e9c40]aswMBR.exe[/b:4c560e9c40] [b:4c560e9c40]hier[/b:4c560e9c40].


    [b:4c560e9c40]aswMBR.exe gebruiken[/b:4c560e9c40]:
    [list:4c560e9c40][*:4c560e9c40]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe".
    [*:4c560e9c40]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:4c560e9c40]Als Administrator uitvoeren[/b:4c560e9c40].[/list:u:4c560e9c40]

    [list:4c560e9c40][*:4c560e9c40] Klik in het volgende venster op "[b:4c560e9c40]Nee[/b:4c560e9c40]"[/list:u:4c560e9c40]
    [img:4c560e9c40]http://www.imgdumper.nl/uploads4/4e4115af00b45/4e4115af00378-aswmbrno.png[/img:4c560e9c40]

    [img:4c560e9c40]http://www.imgdumper.nl/uploads4/4db3f87694fe9/4db3f87693886-aswmbrscan.gif[/img:4c560e9c40]
    [list:4c560e9c40][*:4c560e9c40] Klik nu in het zwarte scherm op de knop [b:4c560e9c40]Scan[/b:4c560e9c40]
    [*:4c560e9c40] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:4c560e9c40]Save log[/b:4c560e9c40][/list:u:4c560e9c40]
    [img:4c560e9c40]http://www.imgdumper.nl/uploads4/4db3f8e71343a/4db3f8e71288d-aswmbrsavelog.gif[/img:4c560e9c40]
    [list:4c560e9c40][*:4c560e9c40] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen.
    [*:4c560e9c40] Tevens vindt je nu op het bureaublad ook het bestand [b:4c560e9c40]MBR.dat[/b:4c560e9c40]!
    [*:4c560e9c40] [b:4c560e9c40]MBR.dat[/b:4c560e9c40] is een backupbestand, bewaar dat dus voorlopig.
    [*:4c560e9c40] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:4c560e9c40]aswMBR.txt[/b:4c560e9c40][*:4c560e9c40] Post de inhoud van [b:4c560e9c40]aswMBR.txt[/b:4c560e9c40] in jouw volgende bericht.[/list:u:4c560e9c40]

    N.B.: zorg er voor dat externe HD's/USB-sticks eerst worden verwijderd.
  • aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
    Run date: 2012-03-11 12:55:03
    —————————–
    12:55:03.361 OS Version: Windows 6.0.6002 Service Pack 2
    12:55:03.361 Number of processors: 2 586 0xF0D
    12:55:03.362 ComputerName: BEHEERDER1 UserName: beheerder
    12:55:04.787 Initialize success
    12:55:18.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:55:18.810 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    12:55:18.823 Disk 0 MBR read successfully
    12:55:18.826 Disk 0 MBR scan
    12:55:18.830 Disk 0 unknown MBR code
    12:55:18.837 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
    12:55:18.858 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145497 MB offset 27265024
    12:55:18.876 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146434 MB offset 325242880
    12:55:18.881 Disk 0 scanning sectors +625139712
    12:55:18.964 Disk 0 scanning C:\Windows\system32\drivers
    12:55:26.453 Service scanning
    12:55:43.089 Modules scanning
    12:55:47.886 Disk 0 trace - called modules:
    12:55:47.908 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    12:55:47.914 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86299268]
    12:55:47.920 3 CLASSPNP.SYS[8ada78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x857e4028]
    12:55:47.925 Scan finished successfully
    12:56:07.331 Disk 0 MBR has been saved successfully to "C:\Users\beheerder\Desktop\MBR.dat"
    12:56:07.337 The log file has been saved successfully to "C:\Users\beheerder\Desktop\aswMBR.txt"
  • De MBR is in orde:

    Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 - dit is de recovery-partitie!

    Doe het volgende: download de [b:48c4ea4ccf][/b:48c4ea4ccf] naar het bureaublad en pak het [b:48c4ea4ccf]ZIP[/b:48c4ea4ccf] bestand uit.
    [list:48c4ea4ccf]
    [*:48c4ea4ccf] Open de map "[b:48c4ea4ccf]EmsisoftEmergencyKit[/b:48c4ea4ccf]" en dubbelklik op "[b:48c4ea4ccf]Start.exe[/b:48c4ea4ccf]"
    [*:48c4ea4ccf] Klik nu op "[b:48c4ea4ccf]Emergency Kit Scanner[/b:48c4ea4ccf]" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "[b:48c4ea4ccf]Ja[/b:48c4ea4ccf]"
    [img:48c4ea4ccf]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK11.jpg[/img:48c4ea4ccf]
    [*:48c4ea4ccf] Als de update gereed is en de melding "[b:48c4ea4ccf]Update process is succesvol afgerond[/b:48c4ea4ccf]" verschijnt klikt u op "[b:48c4ea4ccf]menu[/b:48c4ea4ccf]" en dan op "[b:48c4ea4ccf]Scan PC[/b:48c4ea4ccf]"
    [*:48c4ea4ccf] Selecteer de optie "[b:48c4ea4ccf]Diep[/b:48c4ea4ccf]" als deze niet standaard al zo is ingesteld.
    [*:48c4ea4ccf] Klik Nu op de knop "[b:48c4ea4ccf]Scan[/b:48c4ea4ccf]" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
    [*:48c4ea4ccf] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.

    Opmerking:

    Als u deze melding ziet.

    [b:48c4ea4ccf]C:\Documents and Settings\username\Bureaublad\ComboFix.exe/$0\List.bat Verwijderd Virus.Win32.HTML!IK [/b:48c4ea4ccf]

    Wanneer het bestand in het venster met scanresultaten staat kun je rechtsklikken op die detectie en kiezen voor [b:48c4ea4ccf] "Versturen als vals alarm (False Positive)".[/b:48c4ea4ccf]


    [*:48c4ea4ccf] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "[b:48c4ea4ccf]verwijder geselecteerde[/b:48c4ea4ccf]" u zal nu de volgende melding krijgen maar klik hier op "[b:48c4ea4ccf]Ja[/b:48c4ea4ccf]"
    [img:48c4ea4ccf]http://i1103.photobucket.com/albums/g476/pcwebplus/EmsisoftEK2.jpg[/img:48c4ea4ccf]
    [*:48c4ea4ccf] Als het verwijderen gereed is klikt u op de knop "[b:48c4ea4ccf]View report[/b:48c4ea4ccf]" en selecteert u het tekstbestand van deze scan met de naam zoals: [b:48c4ea4ccf]a2scan_110730-111615.txt[/b:48c4ea4ccf]
    [*:48c4ea4ccf] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
    [*:48c4ea4ccf] Herstart nu de computer.[/list:u:48c4ea4ccf]
  • Ik ga ermee verder, moet zo weg, zal later op de dag deze machine remote overnemen en posten. Ook nu alweer!! bedankt
  • Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 11-3-2012 13:09:56

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 11-3-2012 13:10:16

    C:\Users\beheerder\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002500002h\MSTORE.EXE Ontdekt: Backdoor.SuspectCRC!IK
    C:\Users\beheerder\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE Ontdekt: Malware.Win32.AMN!A2

    Gescand

    Bestanden: 1009037
    Sporen: 405504
    Cookies: 17
    Processen: 95

    Gevonden

    Bestanden: 2
    Sporen: 0
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 11-3-2012 15:36:16
    Scantijd: 2:26:00
  • Gebruik de volgende scanner eens: [b:10b4756311]Download CKScanner by askey 127[/b:10b4756311] en sla het op je bureaublad op.
    Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.
    [list:10b4756311][*:10b4756311] Klik/dubbelklik op [b:10b4756311]CKScanner by askey 127[/b:10b4756311] om het tool te starten en klik op Search for Files.
    [*:10b4756311] Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
    [*:10b4756311] Een berichtvenster zal bevestigen dat het dokument is opgelagen.
    [*:10b4756311] Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.[/list:u:10b4756311]
  • AVG deed moeilijk, kon niet als admin draaien.
    Melding van .dll is weg
    Log
    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.FLNAUT
    —– EOF —–


    Ik weet jouw voorkeur voor Avast, maar eigenaar deze PC wil nog even AVG houden. Krijg nog wel meldingen van geblokkeerde opstartprogsels.

    Aparte gewaarwording, via Teamviewer de zaken regelen, eea loopt zeer vertraagd, LOL
  • Ik heb elders ook al dit geschreven:

    "Wat antivirus betreft, vreemd is het gegeven dat bij de laatste Antivirustests is gebleken dat AVG2012 momenteel de beste gratis antivirus is.
    Welnu het gros van de logs die ik hier en elders behandel, hebben als antivirus inderdaad een AVG-versie.

    MSE komt ook regelmatig voorbij en maar een enkele keer Avast Free of al helemaal sporadisch: Avira Antivir Free.

    Wat die laatste betreft: die gebruik ik ook, waarom?
    Avira heeft een van de beste ondemandscanners aan boord.
    En als enigste voorkomt Avira veranderingen aan de hostfile!
    Maar Avira heeft in de gratis versie geen e-mailscanner bijvoorbeeld."


    En probeer of het volgende wil lukken:

    [b:d5510bd7f4]Welk programma[/b:d5510bd7f4]: ComboFix
    [b:d5510bd7f4]Waarvoor/waarom[/b:d5510bd7f4]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:d5510bd7f4]Moeilijkheidsgraad[/b:d5510bd7f4]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:d5510bd7f4]Downloadlokatie[/b:d5510bd7f4]: Dit programma absoluut naar het bureaublad downloaden!
    [b:d5510bd7f4]Download ComboFix via één van deze locaties[/b:d5510bd7f4]:
    [list:d5510bd7f4][*:d5510bd7f4][b:d5510bd7f4]Bleepingcomputer[/b:d5510bd7f4]
    [*:d5510bd7f4][b:d5510bd7f4]ForoSpyware[/b:d5510bd7f4]
    [*:d5510bd7f4][b:d5510bd7f4]Geekstogo[/b:d5510bd7f4][/list:u:d5510bd7f4]
    [b:d5510bd7f4]Hier[/b:d5510bd7f4] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:d5510bd7f4]Hier[/b:d5510bd7f4] en [b:d5510bd7f4]hier[/b:d5510bd7f4] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:d5510bd7f4]Voor alle duidelijkheid nogmaals[/b:d5510bd7f4]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:d5510bd7f4]Opmerkingen[/b:d5510bd7f4]:
    [list:d5510bd7f4][*:d5510bd7f4] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:d5510bd7f4]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:d5510bd7f4]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:d5510bd7f4]
    [b:d5510bd7f4]ComboFix is opgestart[/b:d5510bd7f4]:
    [list:d5510bd7f4][*:d5510bd7f4]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:d5510bd7f4]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:d5510bd7f4]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:d5510bd7f4]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:d5510bd7f4]Post de inhoud van dit logbestand in je volgende bericht.
    [*:d5510bd7f4]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:d5510bd7f4]
    [b:d5510bd7f4]Belangrijke opmerking[/b:d5510bd7f4]:
    [list:d5510bd7f4][*:d5510bd7f4][b:d5510bd7f4]
  • ComboFix 12-03-11.01 - beheerder 11-03-2012 20:47:00.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3004.1636 [GMT 1:00]
    Gestart vanuit: c:\users\beheerder\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\beheerder\AppData\Roaming\Adobe\plugs
    c:\users\beheerder\AppData\Roaming\Adobe\shed
    c:\users\beheerder\AppData\Roaming\Microsoft\Windows\Recent\Mannen en vrouwen Een pagina over lichamelijke en geestelijke verschillen tussen mannen en vrouwen..url
    c:\windows\system32\roboot.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-02-11 to 2012-03-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-03-11 19:55 . 2012-03-11 19:55 ——– d—–w- c:\users\Public\AppData\Local\temp
    2012-03-11 19:55 . 2012-03-11 19:55 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-03-11 11:34 . 2012-03-11 11:34 ——– d—–w- C:\_OTL
    2012-03-11 11:03 . 2012-03-11 11:14 ——– d—–w- c:\users\beheerder\AppData\Roaming\TeamViewer
    2012-03-11 11:02 . 2012-03-11 11:02 ——– d—–w- c:\program files\TeamViewer
    2012-03-11 09:10 . 2012-03-11 09:10 ——– d—–w- c:\program files\backups
    2012-03-11 08:35 . 2012-03-11 08:35 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-11 08:35 . 2011-12-10 14:24 20464 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-11 08:18 . 2012-03-11 08:18 388608 —-a-w- c:\program files\HijackThis.exe
    2012-02-16 09:42 . 2011-12-14 16:17 680448 —-a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 09:42 . 2012-01-12 19:52 2044416 —-a-w- c:\windows\system32\win32k.sys
    2012-02-16 09:42 . 2011-12-20 10:56 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-17 09:24 . 2011-05-20 07:09 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-18 06:44 . 2012-01-18 06:44 540960 —-a-w- c:\windows\system32\LVUI2RC.dll
    2012-01-18 06:44 . 2012-01-18 06:44 4332960 —-a-w- c:\windows\system32\drivers\lvuvc.sys
    2012-01-18 06:44 . 2012-01-18 06:44 545056 —-a-w- c:\windows\system32\LVUI2.dll
    2012-01-18 06:44 . 2012-01-18 06:44 312096 —-a-w- c:\windows\system32\drivers\lvrs.sys
    2012-01-18 06:44 . 2012-01-18 06:44 307488 —-a-w- c:\windows\system32\lvcodec2.dll
    2012-01-18 06:44 . 2012-01-18 06:44 196896 —-a-w- c:\windows\system32\lvci13311044.dll
    2012-01-18 06:44 . 2012-01-18 06:44 336408 —-a-w- c:\windows\system32\DevManagerCore.dll
    2012-01-18 06:44 . 2012-01-18 06:44 10920984 —-a-w- c:\windows\system32\LogiDPP.dll
    2012-01-18 06:44 . 2012-01-18 06:44 104472 —-a-w- c:\windows\system32\LogiDPPApp.exe
    2007-03-12 16:59 . 2007-03-12 16:59 299008 —-a-w- c:\program files\navigram_register.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-15 13:54 1811296 —-a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
    "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-15 939872]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\Sitecom\Bluetooth Software\BTTray.exe [2004-10-1 565309]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^F1U201.401.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\F1U201.401.lnk
    backup=c:\windows\pss\F1U201.401.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^beheerder^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk]
    path=c:\users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
    backup=c:\windows\pss\Samsung Auto Backup Guage.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^beheerder^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk]
    path=c:\users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
    backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^beheerder^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk]
    path=c:\users\beheerder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk
    backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-01-03 13:10 35736 —-a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
    2009-01-13 12:36 279552 —-a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2008-12-24 03:29 103720 ——w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2010-08-25 18:45 171032 —-a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2010-08-25 18:45 136216 —-a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 16:22 421736 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 14:54 50472 ——w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2010-08-25 18:45 170520 —-a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
    2009-10-24 01:18 597792 —-a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 13:28 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 14:52 91432 ——w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 —-a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 11:06 254696 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2012-01-23 04:43 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
    2008-12-03 13:15 218408 —-a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2009-02-25 05:40 218408 ——w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2008-01-04 02:02 222504 ——w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
    2008-12-03 13:15 218408 ——w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2009-03-12 11:35 210216 ——w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:35 202240 —-a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Verzenden naar &Bluetooth - c:\program files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-11 20:55
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-3967947940-1414231668-3034202555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-3967947940-1414231668-3034202555-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Microsoft Internet Mail Message"
    .
    [HKEY_USERS\S-1-5-21-3967947940-1414231668-3034202555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(4480)
    c:\windows\system32\BsMobileSDK.dll
    c:\windows\system32\BsLangInDepRes.dll
    c:\windows\system32\Bs2Res.dll
    c:\windows\system32\btncopy.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    Voltooingstijd: 2012-03-11 20:58:38
    ComboFix-quarantined-files.txt 2012-03-11 19:58
    ComboFix2.txt 2011-01-21 14:31
    .
    Pre-Run: 72.817.872.896 bytes beschikbaar
    Post-Run: 72.783.568.896 bytes beschikbaar
    .
    - - End Of File - - 1D3B1636D745E1951BA0CC9FA024F00F
  • Doe het volgende: download Farbar Service Scanner
    Zorg ervoor dat het tool vervolgens op het buraublad geplaatst wordt.

    [b:2e647229c0]"Farbar Service Scanner" gebruiken[/b:2e647229c0]:
    [list:2e647229c0][*:2e647229c0] [b:2e647229c0]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.