anoniem Geplaatst: 24 augustus 2013 Delen Geplaatst: 24 augustus 2013 Ik heb al eens eerder met succes gebruikt gemaakt van dit forum; kijken of dit nu weer lukt: Sinds een paar dagen loopt mijn laptop (Vista, ongeveer 5 jaar oud) vast. Reageert dan ook niet meer op normaal afsluiten. dit doe ik dan met de aan/uit knop. Veilige modus gaat goed. Als de laptop vast loopt en ik probeer taakbeheer op te starten, dan komt er een foutmelding: Het maken van het dialoogvester voor beveiligingsopties door het proces voor aan...(meer tekst past niet in het kader) Ik druk op OK; krijg een zwart scherm en sta weer vast. Heb verschillende scanners gedraaid: Avast, CCleaner, SuperAntispyware, Malwarebytes. De laatstgenoemde vond niets, dus niet nodig een logje te plaatsen. Heb een Hijackthis log gemaakt. Ik hoop dat er iemand is die hier na wil kijken en mij kan helpen! : Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 8:13:42, on 24-8-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16502) CHROME: 29.0.1547.57 Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hijackthis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: (no name) - {f230d1cd-647f-4856-8538-8c0d39e5ecf2} - (no file) O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user') O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8581 bytes (Ik weet het, de laptop verouderd, harde schijf loopt vol.... Maar misschien valt er nog wat te verbeteren alvorens een nieuw exemplaar aan te schaffen) Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 In Veilige modus heb je wel beeld? Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 Ja, gelukkig wel. Anders kan ik jou niet meer bereiken! :D Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 [b:6ea8386486]Download [img:6ea8386486]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:6ea8386486][color=#008000:6ea8386486][b] ComboFix[/b:6ea8386486][/color:6ea8386486] via één van deze locaties[/B]: [list:6ea8386486][*:6ea8386486][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:6ea8386486]Bleepingcomputer[/b:6ea8386486][/url] [*:6ea8386486][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:6ea8386486]ForoSpyware[/b:6ea8386486][/url] [*:6ea8386486][url=http://subs.geekstogo.com/ComboFix.exe][b:6ea8386486]Geekstogo[/b:6ea8386486][/url][/list:u:6ea8386486] [b:6ea8386486]Downloadlokatie[/b:6ea8386486]: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen! [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:6ea8386486][color=#0000FF:6ea8386486]Hier[/color:6ea8386486][/b:6ea8386486][/url] vind je extra informatie over ComboFix. [color=#FF0000:6ea8386486][b:6ea8386486]Antivirusprogramma en actieve malwarescanners dienen al voor je [b]ComboFix[/b:6ea8386486] start gedeaktiveert zijn![/b][/color:6ea8386486] [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:6ea8386486][color=#0000FF:6ea8386486]Hier[/color:6ea8386486][/b:6ea8386486][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:6ea8386486][color=#0000FF:6ea8386486]hier[/color:6ea8386486][/b:6ea8386486][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:6ea8386486]Opmerkingen[/b:6ea8386486]: [list:6ea8386486][*:6ea8386486]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:6ea8386486] [b:6ea8386486]ComboFix opstarten[/b:6ea8386486]: [list:6ea8386486][*:6ea8386486][color=#0000FF:6ea8386486][b:6ea8386486]Windows Vista[/b:6ea8386486][/color:6ea8386486], [color=#0000FF:6ea8386486][b:6ea8386486]Windows 7[/b:6ea8386486][/color:6ea8386486] en [color=#0000FF:6ea8386486][b:6ea8386486]Windows 8[/b:6ea8386486][/color:6ea8386486]: via rechtsklik op [b:6ea8386486]ComboFix.exe[/b:6ea8386486] en kies voor "Als Administrator uitvoeren".[/list:u:6ea8386486] [b:6ea8386486]ComboFix is opgestart[/b:6ea8386486]: [list:6ea8386486][*:6ea8386486]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:6ea8386486]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:6ea8386486]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:6ea8386486]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:6ea8386486]Post de inhoud van dit logbestand in je volgende bericht. [*:6ea8386486]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:6ea8386486] [b:6ea8386486]Belangrijke opmerking[/b:6ea8386486]: [list:6ea8386486][*:6ea8386486][b:6ea8386486][color=#0000FF:6ea8386486]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6ea8386486][/b:6ea8386486] [*:6ea8386486][b:6ea8386486][color=#FF0000:6ea8386486]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:6ea8386486][/b:6ea8386486] [*:6ea8386486][b:6ea8386486][color=#008000:6ea8386486]Start dan de computer opnieuw op.[/color:6ea8386486][/b:6ea8386486][/list:u:6ea8386486] Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 ComboFix 13-08-25.01 - Annelie 25-08-2013 21:06:59.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2346 [GMT 2:00] Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-25 to 2013-08-25 )))))))))))))))))))))))))))))) . . 2013-08-25 19:15 . 2013-08-25 19:16 -------- d-----w- c:\users\Annelie\AppData\Local\temp 2013-08-25 19:15 . 2013-08-25 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-25 18:58 . 2013-08-25 19:03 -------- d-----w- c:\windows\system32\catroot2 2013-08-25 17:03 . 2013-08-25 17:03 -------- d-----w- C:\RegBackup 2013-08-25 16:40 . 2013-08-25 16:40 -------- d-----w- c:\program files\Tweaking.com 2013-08-25 11:38 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-08-25 11:38 . 2013-08-25 11:38 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-08-25 11:38 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-08-25 11:38 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-08-25 11:37 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-25 11:37 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-25 11:36 . 2013-08-25 11:36 -------- d-----w- c:\program files\AVAST Software 2013-08-24 12:13 . 2013-08-24 12:13 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2013-08-24 12:06 . 2013-08-24 12:06 -------- d-----w- c:\program files\HitmanPro 2013-08-24 12:05 . 2013-08-24 12:12 -------- d-----w- c:\programdata\HitmanPro 2013-08-24 08:33 . 2013-08-24 08:33 -------- d-----w- c:\windows\ERUNT 2013-08-24 08:12 . 2013-08-24 08:23 -------- d-----w- C:\AdwCleaner 2013-08-23 13:40 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DB44C6-14A4-427F-951C-DFDB1E73128C}\mpengine.dll 2013-08-22 19:06 . 2013-08-22 19:06 -------- d-----w- c:\program files\Youda Mystery The Stanwick Legacy 2013-08-22 18:01 . 2013-08-22 18:01 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-08-22 17:57 . 2013-08-22 18:00 -------- d-----w- c:\users\Annelie\AppData\Roaming\Wise Registry Cleaner 2013-08-22 17:56 . 2013-08-22 17:56 -------- d-----w- c:\program files\Wise 2013-08-22 15:19 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-08-19 19:38 . 2013-08-19 19:38 -------- d-----w- c:\users\Annelie\AppData\Local\iLinc 2013-08-17 07:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-17 07:47 . 2013-08-17 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-08-15 19:14 . 2013-08-15 19:14 -------- d-----w- c:\users\Annelie\AppData\Roaming\DieselPuppet 2013-08-14 13:12 . 2013-08-14 13:12 -------- d-----w- C:\Intel 2013-08-14 13:08 . 2013-08-14 13:08 80488 ----a-w- c:\windows\system32\RtNicProp32.dll 2013-08-14 13:08 . 2013-08-14 13:08 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2013-08-14 13:04 . 2013-08-14 13:04 852824 ----a-w- c:\windows\system32\RTKSMSettingsIPC.dll 2013-08-14 12:25 . 2013-07-25 02:42 149656 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-08-14 12:19 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 12:19 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 12:19 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 12:19 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 12:19 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 12:19 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 12:19 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 12:19 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 12:18 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 12:18 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 12:18 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 12:18 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-09 19:51 . 2013-08-09 19:51 -------- d-----w- c:\users\Annelie\AppData\Roaming\AlawarEntertainment . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-25 11:38 . 2013-03-05 06:06 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-25 11:38 . 2011-04-29 16:02 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-14 13:09 . 2009-07-17 14:48 268832 ----a-w- c:\windows\system32\igfxsrvc.exe 2013-08-14 13:09 . 2009-07-17 14:48 138784 ----a-w- c:\windows\system32\igfxtray.exe 2013-08-14 13:09 . 2008-08-19 11:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll 2013-08-14 13:09 . 2008-08-19 11:04 261632 ----a-w- c:\windows\system32\igfxTMM.dll 2013-08-14 13:09 . 2009-07-17 14:48 86016 ----a-w- c:\windows\system32\igfxrnld.lrc 2013-08-14 13:09 . 2008-08-19 11:04 828928 ----a-w- c:\windows\system32\igfxress.dll 2013-08-14 13:09 . 2009-07-17 14:48 173600 ----a-w- c:\windows\system32\igfxpers.exe 2013-08-14 13:09 . 2009-07-17 14:48 172064 ----a-w- c:\windows\system32\hkcmd.exe 2013-08-14 13:09 . 2008-08-19 11:04 95232 ----a-w- c:\windows\system32\hccutils.dll 2013-08-14 13:08 . 2009-11-12 06:24 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2013-08-14 13:04 . 2008-11-19 13:01 3237448 ----a-w- c:\windows\system32\RtkAPO.dll 2013-07-25 07:46 . 2013-07-25 07:46 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-07-14 07:47 . 2012-03-30 05:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-14 07:47 . 2011-05-24 13:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 18:19 . 2013-06-27 18:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-27 18:19 . 2012-06-24 15:01 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-27 18:19 . 2010-06-05 13:13 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-04 01:50 . 2013-07-10 06:07 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06 . 2013-07-10 06:07 505344 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-14 11930696] "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 138784] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 172064] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 173600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk backup=c:\windows\pss\OpenOffice.org 3.0 .lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2013-08-17 08:09 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2013-03-22 04:07 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO] 2010-10-26 13:00 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:47] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ mStart Page = hxxp://alawar.co.nl mSearch Bar = hxxp://www.google.com Trusted Zone: microsoft.com\www TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-RunOnce-<NO NAME> - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-25 21:16 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2013-08-25 21:18:15 ComboFix-quarantined-files.txt 2013-08-25 19:18 ComboFix2.txt 2013-08-24 09:19 . Pre-Run: 17.614.893.056 bytes beschikbaar Post-Run: 17.416.466.432 bytes beschikbaar . - - End Of File - - 79EFCBBC980087A1ED7D0A686C3D5B0E 5C616939100B85E558DA92B899A0FC36 Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 Verwijder HitmanPro via Configuratiescherm>Programma's en onderdelen. En probeer dan of je weer gewoon kan opstarten? Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 Hitman Pro komt niet voor in die lijst... Quote Link naar reactie
0 anoniem Geplaatst: 25 augustus 2013 Auteur Delen Geplaatst: 25 augustus 2013 Dan doen we het middels ComboFix: Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:851758dd89]Kladblok (of Notepad)[/b:851758dd89]". Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster. [code:1:851758dd89][B][color=#0000FF]ClearJavaCache:: File:: c:\windows\system32\drivers\hitmanpro37.sys Folder:: c:\program files\HitmanPro c:\programdata\HitmanPro Driver:: hitmanpro37 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" [/COLOR][/B][/code:1:851758dd89] Sla dit kladblokbestand op je bureaublad op als [b:851758dd89]CFScript.txt[/b:851758dd89]. [b:851758dd89][color=#FF0000:851758dd89]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:851758dd89][/b:851758dd89] [color=#008000:851758dd89][b:851758dd89]Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.[/b:851758dd89][/color:851758dd89] Sleep CFScript.txt in ComboFix.exe [img:851758dd89]http://crew.nucia.eu/smeenk/CFScript.gif[/img:851758dd89] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix-log dat na het opnieuw starten wordt. Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in [b:851758dd89]C:\Combofix.txt[/b:851758dd89] [b:851758dd89]Belangrijke opmerking[/b:851758dd89]: [list:851758dd89][*:851758dd89][b:851758dd89][color=#0000FF:851758dd89]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:851758dd89][/b:851758dd89] [*:851758dd89][b:851758dd89][color=#FF0000:851758dd89]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:851758dd89][/b:851758dd89] [*:851758dd89][b:851758dd89][color=#008000:851758dd89]Start dan de computer opnieuw op.[/color:851758dd89][/b:851758dd89][/list:u:851758dd89] Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 ComboFix 13-08-25.01 - Annelie 26-08-2013 7:37.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2379 [GMT 2:00] Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Annelie\Desktop\CFScript.txt..txt . FILE :: "c:\windows\system32\drivers\hitmanpro37.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Annelie\AppData\Local\Temp\ppcrlui_1748_2 c:\windows\system32\drivers\hitmanpro37.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_HITMANPRO37 -------\Service_hitmanpro37 . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))) . . 2013-08-26 05:46 . 2013-08-26 05:55 -------- d-----w- c:\users\Annelie\AppData\Local\temp 2013-08-26 05:46 . 2013-08-26 05:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-25 18:58 . 2013-08-25 19:03 -------- d-----w- c:\windows\system32\catroot2 2013-08-25 17:03 . 2013-08-25 17:03 -------- d-----w- C:\RegBackup 2013-08-25 16:40 . 2013-08-25 16:40 -------- d-----w- c:\program files\Tweaking.com 2013-08-25 11:38 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-08-25 11:38 . 2013-08-25 11:38 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-08-25 11:38 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-08-25 11:38 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-08-25 11:37 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-25 11:37 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-25 11:36 . 2013-08-25 11:36 -------- d-----w- c:\program files\AVAST Software 2013-08-24 12:06 . 2013-08-24 12:06 -------- d-----w- c:\program files\HitmanPro 2013-08-24 12:05 . 2013-08-24 12:12 -------- d-----w- c:\programdata\HitmanPro 2013-08-24 08:33 . 2013-08-24 08:33 -------- d-----w- c:\windows\ERUNT 2013-08-24 08:12 . 2013-08-24 08:23 -------- d-----w- C:\AdwCleaner 2013-08-23 13:40 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DB44C6-14A4-427F-951C-DFDB1E73128C}\mpengine.dll 2013-08-22 19:06 . 2013-08-22 19:06 -------- d-----w- c:\program files\Youda Mystery The Stanwick Legacy 2013-08-22 18:01 . 2013-08-22 18:01 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-08-22 17:57 . 2013-08-22 18:00 -------- d-----w- c:\users\Annelie\AppData\Roaming\Wise Registry Cleaner 2013-08-22 17:56 . 2013-08-22 17:56 -------- d-----w- c:\program files\Wise 2013-08-22 15:19 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2013-08-19 19:38 . 2013-08-19 19:38 -------- d-----w- c:\users\Annelie\AppData\Local\iLinc 2013-08-17 07:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-17 07:47 . 2013-08-17 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-08-15 19:14 . 2013-08-15 19:14 -------- d-----w- c:\users\Annelie\AppData\Roaming\DieselPuppet 2013-08-14 13:12 . 2013-08-14 13:12 -------- d-----w- C:\Intel 2013-08-14 13:08 . 2013-08-14 13:08 80488 ----a-w- c:\windows\system32\RtNicProp32.dll 2013-08-14 13:08 . 2013-08-14 13:08 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2013-08-14 13:04 . 2013-08-14 13:04 852824 ----a-w- c:\windows\system32\RTKSMSettingsIPC.dll 2013-08-14 12:25 . 2013-07-25 02:42 149656 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-08-14 12:19 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 12:19 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll 2013-08-14 12:19 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 12:19 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 12:19 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 12:19 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 12:19 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 12:19 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 12:18 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 12:18 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 12:18 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 12:18 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-09 19:51 . 2013-08-09 19:51 -------- d-----w- c:\users\Annelie\AppData\Roaming\AlawarEntertainment . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-25 11:38 . 2013-03-05 06:06 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-25 11:38 . 2011-04-29 16:02 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-14 13:09 . 2009-07-17 14:48 268832 ----a-w- c:\windows\system32\igfxsrvc.exe 2013-08-14 13:09 . 2009-07-17 14:48 138784 ----a-w- c:\windows\system32\igfxtray.exe 2013-08-14 13:09 . 2008-08-19 11:04 57856 ----a-w- c:\windows\system32\igfxsrvc.dll 2013-08-14 13:09 . 2008-08-19 11:04 261632 ----a-w- c:\windows\system32\igfxTMM.dll 2013-08-14 13:09 . 2009-07-17 14:48 86016 ----a-w- c:\windows\system32\igfxrnld.lrc 2013-08-14 13:09 . 2008-08-19 11:04 828928 ----a-w- c:\windows\system32\igfxress.dll 2013-08-14 13:09 . 2009-07-17 14:48 173600 ----a-w- c:\windows\system32\igfxpers.exe 2013-08-14 13:09 . 2009-07-17 14:48 172064 ----a-w- c:\windows\system32\hkcmd.exe 2013-08-14 13:09 . 2008-08-19 11:04 95232 ----a-w- c:\windows\system32\hccutils.dll 2013-08-14 13:08 . 2009-11-12 06:24 100896 ----a-w- c:\windows\system32\RTNUninst32.dll 2013-08-14 13:04 . 2008-11-19 13:01 3237448 ----a-w- c:\windows\system32\RtkAPO.dll 2013-07-25 07:46 . 2013-07-25 07:46 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-07-14 07:47 . 2012-03-30 05:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-14 07:47 . 2011-05-24 13:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 18:19 . 2013-06-27 18:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-27 18:19 . 2012-06-24 15:01 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-27 18:19 . 2010-06-05 13:13 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-04 01:50 . 2013-07-10 06:07 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 04:06 . 2013-07-10 06:07 505344 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-14 11930696] "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 138784] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 172064] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 173600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk] path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk backup=c:\windows\pss\OpenOffice.org 3.0 .lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2013-08-17 08:09 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2013-03-22 04:07 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO] 2010-10-26 13:00 1050072 ----a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2013-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:47] . 2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . 2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ mStart Page = hxxp://alawar.co.nl mSearch Bar = hxxp://www.google.com Trusted Zone: microsoft.com\www TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-RunOnce-<NO NAME> - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-26 07:54 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2013-08-26 08:00:35 - machine werd herstart ComboFix-quarantined-files.txt 2013-08-26 06:00 ComboFix2.txt 2013-08-25 19:18 ComboFix3.txt 2013-08-24 09:19 . Pre-Run: 17.441.263.616 bytes beschikbaar Post-Run: 17.169.281.024 bytes beschikbaar . - - End Of File - - AA7868241637BA4C1834A141187FEEDB 5C616939100B85E558DA92B899A0FC36 Zie nog steeds hitmanpro op het bureaublad staan Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Dat is vermoedelijk de setup, mag je handmatig verwijderen. En kan je inmiddels weer naar de desktop opstarten? Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Ja, kan weer normaal opstarten. Alleen géén Int Expl. Heb al geprobeerd deze opnieuw in te stellen zoals jij zei, maar doet het nog steeds niet. En ik heb de virusscanner van Avast er nog niet op; dan loopt de boel weer vast, ben ik bang. Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 [b:91389fcfac]Download[/b:91389fcfac] [img:91389fcfac]http://www.imgdumper.nl/uploads7/5207507ebb657/5207507eb6836-SecurityCheck_cannednieuw.jpg[/img:91389fcfac] [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:91389fcfac]Security Check[/b:91389fcfac][/url] [b:91389fcfac]Downloadlokatie[/b:91389fcfac]: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen! [b:91389fcfac]TFC opstarten[/b:91389fcfac]: [list:91389fcfac][*:91389fcfac][color=#0000FF:91389fcfac][b:91389fcfac]Windows 2000[/b:91389fcfac][/color:91389fcfac] en [color=#0000FF:91389fcfac][b:91389fcfac]Windows XP[/b:91389fcfac][/color:91389fcfac]: dubbelklik op [b:91389fcfac]TFC.exe[/b:91389fcfac]. [*:91389fcfac][color=#0000FF:91389fcfac][b:91389fcfac]Windows Vista[/b:91389fcfac][/color:91389fcfac], [color=#0000FF:91389fcfac][b:91389fcfac]Windows 7[/b:91389fcfac][/color:91389fcfac] en [color=#0000FF:91389fcfac][b:91389fcfac]Windows 8[/b:91389fcfac][/color:91389fcfac] rechtsklik op [b:91389fcfac]TFC.exe[/b:91389fcfac] en kies "Als Administrator uitvoeren". [*:91389fcfac]Let op de instrukties in het zwarte venster. [*:91389fcfac]Een Kladblok document genaamd [b:91389fcfac]checkup.txt[/b:91389fcfac] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:91389fcfac]Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:91389fcfac] Post de inhoud van [b:91389fcfac]checkup.txt [/b:91389fcfac]in jouw volgende post. Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Results of screen317's Security Check version 0.99.73 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 [b:1ec66e2c0c][u:1ec66e2c0c]``````````````Antivirus/Firewall Check:``````````````[/b:1ec66e2c0c][/u:1ec66e2c0c] [size=1:1ec66e2c0c]WMI entry may not exist for antivirus; attempting automatic update.[/size:1ec66e2c0c] [b:1ec66e2c0c][u:1ec66e2c0c]`````````Anti-malware/Other Utilities Check:`````````[/b:1ec66e2c0c][/u:1ec66e2c0c] Adobe Flash Player 11.8.800.94 Google Chrome 28.0.1500.95 Google Chrome 29.0.1547.57 [b:1ec66e2c0c][u:1ec66e2c0c]````````Process Check: objlist.exe by Laurent````````[/b:1ec66e2c0c][/u:1ec66e2c0c] Online Games Manager ogmservice.exe [b:1ec66e2c0c][u:1ec66e2c0c]`````````````````System Health check`````````````````[/b:1ec66e2c0c][/u:1ec66e2c0c] Total Fragmentation on Drive C: % [b:1ec66e2c0c][u:1ec66e2c0c]````````````````````End of Log``````````````````````[/b:1ec66e2c0c][/u:1ec66e2c0c] Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Waarom ben je bang om Avast te installeren? Want zonder antivirus internetten is niet bevorderlijk. Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Ik dacht dat Avast een probleem zou veroorzaken omdat dat eerder ook gebeurde. Maar ik heb hem opnieuw geinstalleerd en nu is het gelukt :D Alleen Internet Expl werkt nog niet. Krijg waarschuwing: Er wordt geprobeerd webinhoud te openen met dit programma op uw computer. (windows probleemrapportage) Wel of niet toestaan maakt niet uit. Moet in beide gevallen IE afsluiten Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 We herhalen een aantal scans. [color=#008000:73b9ac6da8][b:73b9ac6da8]Stap •1•[/b:73b9ac6da8][/color:73b9ac6da8] [b:73b9ac6da8]Download[/b:73b9ac6da8] [img:73b9ac6da8]http://www.imgdumper.nl/uploads7/52186926184c4/52186926180a1-adwcleaner_nieuw.png[/img:73b9ac6da8][url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][b:73b9ac6da8] AdwCleaner by Xplode[/b:73b9ac6da8][/url]. [b:73b9ac6da8]Downloadlokatie[/b:73b9ac6da8]: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen! [b:73b9ac6da8]Opmerkingen[/b:73b9ac6da8]: [list:73b9ac6da8]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:73b9ac6da8] [b:73b9ac6da8]AdwCleaner opstarten[/b:73b9ac6da8]: [list:73b9ac6da8][*:73b9ac6da8][b:73b9ac6da8][color=#0000FF:73b9ac6da8]Windows 2000[/color:73b9ac6da8][/b:73b9ac6da8] en [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows XP[/b:73b9ac6da8][/color:73b9ac6da8]: dubbelklik op adwcleaner.exe. [*:73b9ac6da8][color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows Vista[/b:73b9ac6da8][/color:73b9ac6da8], [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows 7[/b:73b9ac6da8][/color:73b9ac6da8] en [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows 8[/b:73b9ac6da8][/color:73b9ac6da8]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:73b9ac6da8] [b:73b9ac6da8]AdwCleaner is opgestart[/b:73b9ac6da8]: [list:73b9ac6da8][*:73b9ac6da8]Klik op de knop [b:73b9ac6da8]Scan[/b:73b9ac6da8] [*:73b9ac6da8]Is de scan gereed, klik dan op de knop [b:73b9ac6da8]Clean[/b:73b9ac6da8] [*:73b9ac6da8]Klik bij [b:73b9ac6da8]AdwCleaner – Afsluiting van de programma's[/b:73b9ac6da8] op [b:73b9ac6da8]OK[/b:73b9ac6da8] [*:73b9ac6da8]Klik bij [b:73b9ac6da8]AdwCleaner – Herstarten noodzakelijk[/b:73b9ac6da8] op [b:73b9ac6da8]OK[/b:73b9ac6da8][/list:u:73b9ac6da8] [b:73b9ac6da8]AdwCleaner logbestand[/b:73b9ac6da8]: [list:73b9ac6da8][*:73b9ac6da8]Nadat de PC opnieuw is opgestart, opent een logfile. [*:73b9ac6da8]Ingeval het log niet opent, is dit alsnog terug te vinden in C:\AdwCleaner\[b:73b9ac6da8]AdwCleaner[R1].txt[/b:73b9ac6da8] [*:73b9ac6da8]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:73b9ac6da8] [color=#008000:73b9ac6da8][b:73b9ac6da8]Stap •2•[/b:73b9ac6da8][/color:73b9ac6da8] [b:73b9ac6da8]Download[/b:73b9ac6da8] [img:73b9ac6da8]http://www.imgdumper.nl/uploads7/51e281a62c587/51e281a62c183-Junkware_Removal_Tool_icon_Canned_1351185104.png.jpg[/img:73b9ac6da8] [url=http://thisisudax.org/downloads/JRT.exe][b:73b9ac6da8]Junkware Removal Tool by Thisisu[/b:73b9ac6da8][/url]. [b:73b9ac6da8]Downloadlokatie[/b:73b9ac6da8]: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen! [b:73b9ac6da8]Opmerkingen[/b:73b9ac6da8]: [list:73b9ac6da8][*:73b9ac6da8]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:73b9ac6da8]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.: [*:73b9ac6da8][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:73b9ac6da8][color=#0000FF:73b9ac6da8]Hier[/color:73b9ac6da8][/b:73b9ac6da8][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:73b9ac6da8][color=#0000FF:73b9ac6da8]hier[/color:73b9ac6da8][/b:73b9ac6da8][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [*:73b9ac6da8]Dat tijdens de scan van [b:73b9ac6da8]JRT.exe[/b:73b9ac6da8] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:73b9ac6da8] [b:73b9ac6da8]Junkware Removal Tool by Thisisu opstarten[/b:73b9ac6da8]: [list:73b9ac6da8][*:73b9ac6da8][b:73b9ac6da8][color=#0000FF:73b9ac6da8]Windows 2000[/color:73b9ac6da8][/b:73b9ac6da8] en [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows XP[/b:73b9ac6da8][/color:73b9ac6da8]: dubbelklik op [b:73b9ac6da8]JRT.exe[/b:73b9ac6da8]. [*:73b9ac6da8][color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows Vista[/b:73b9ac6da8][/color:73b9ac6da8], [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows 7[/b:73b9ac6da8][/color:73b9ac6da8] en [color=#0000FF:73b9ac6da8][b:73b9ac6da8]Windows 8[/b:73b9ac6da8][/color:73b9ac6da8]: via rechtsklik op [b:73b9ac6da8]JRT.exe[/b:73b9ac6da8] en kies voor "Als Administrator uitvoeren". [*:73b9ac6da8][b:73b9ac6da8]JRT.exe[/b:73b9ac6da8] zal daarna Windows gaan scannen. [*:73b9ac6da8]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig. [*:73b9ac6da8]Indien de scan voltooid is, zal een logje ([b:73b9ac6da8]JRT.txt[/b:73b9ac6da8]) op het bureaublad opgeslagen worden en automatisch openen. [*:73b9ac6da8]Post de inhoud van dit log in je volgende bericht.[/list:u:73b9ac6da8] Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 # AdwCleaner v3.000 - Report created 24/08/2013 at 10:22:52 # Updated 20/08/2013 by Xplode # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Username : Annelie - PC_VAN_BOUIUS # Running from : C:\Users\Annelie\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\SoftSafe Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\ProgramData\Alawar Stargaze Folder Deleted : C:\ProgramData\AlawarWrapper Folder Deleted : C:\ProgramData\Brrowse2save Folder Deleted : C:\Program Files\Bandoo Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\iMesh Applications Folder Deleted : C:\Program Files\Trymedia Folder Deleted : C:\Users\Annelie\AppData\Local\Conduit Folder Deleted : C:\Users\Annelie\AppData\Local\iMesh Folder Deleted : C:\Users\Annelie\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Annelie\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Annelie\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\Annelie\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\Annelie\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Annelie\AppData\LocalLow\MyAshampoo Folder Deleted : C:\Users\Annelie\AppData\Roaming\DriverCure Folder Deleted : C:\Users\Annelie\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\Annelie\AppData\Roaming\iWin Folder Deleted : C:\Users\Annelie\AppData\Roaming\ParetoLogic Folder Deleted : C:\Users\Annelie\AppData\Roaming\Systweak Folder Deleted : C:\Users\Annelie\AppData\Roaming\Alawar Stargaze Folder Deleted : C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\Extensions\p9n9_awgb@avmav-.net File Deleted : C:\Windows\system32\roboot.exe File Deleted : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [p9n9_awgb@avmav-.net] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\AppID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\CLSID\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\Interface\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2DB9E23-17E8-4A40-BF7F-BC17D974E1DD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED736C84-975C-4D72-A847-0AB2199C8CB6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}] Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\ Key Deleted : HKCU\Software\ Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\MyAshampoo\toolbar Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\ Key Deleted : HKLM\Software\MyAshampoo Key Deleted : HKLM\Software\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] -\\ Mozilla Firefox v [ File : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [11539 octets] - [24/08/2013 10:12:11] AdwCleaner[R1].txt - [11600 octets] - [24/08/2013 10:21:08] AdwCleaner[S0].txt - [8265 octets] - [24/08/2013 10:22:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8325 octets] ########## # AdwCleaner v3.001 - Report created 26/08/2013 at 17:41:40 # Updated 24/08/2013 by Xplode # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Username : Annelie - PC_VAN_BOUIUS # Running from : C:\Users\Annelie\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16502 -\\ Mozilla Firefox v [ File : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\prefs.js ] -\\ Google Chrome v29.0.1547.57 [ File : C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [12568 octets] - [24/08/2013 10:12:11] AdwCleaner[R1].txt - [11600 octets] - [24/08/2013 10:21:08] AdwCleaner[S0].txt - [9294 octets] - [24/08/2013 10:22:52] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9354 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.4 (08.22.2013:1) OS: Windows Vista (TM) Home Premium x86 Ran by Annelie on ma 26-08-2013 at 17:56:16,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3664994681-2771770649-958364049-1000\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C9CD969-5F4A-4C34-BBFD-9D1C83C01D01} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ma 26-08-2013 at 18:03:25,43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 En? Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Helaas, IE doet het nog steeds niet. Krijg nu alleen de melding: IE werkt niet meer, er is een probleem opgetreden bla bla bla... Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 [b:46ff14d977]Welk programma[/b:46ff14d977]: [img:46ff14d977]http://www.imgdumper.nl/uploads6/51c58e5decb73/51c58e5dea07b-Mbam_resized.png[/img:46ff14d977][color=#008000:46ff14d977][b:46ff14d977] Malwarebytes MBAM[/b:46ff14d977][/color:46ff14d977] [b:46ff14d977]Malwarebytes MBAM opstarten[/b:46ff14d977]: [list:46ff14d977][*:46ff14d977] [b:46ff14d977][color=#0000FF:46ff14d977]Sluit nu eerst alle nog openstaande programmavensters![/color:46ff14d977][/b:46ff14d977] [list:46ff14d977][*:46ff14d977][b:46ff14d977][color=#0000FF:46ff14d977]Windows 2000[/color:46ff14d977][/b:46ff14d977] en [color=#0000FF:46ff14d977][b:46ff14d977]Windows XP[/b:46ff14d977][/color:46ff14d977]: start MBAM middels dubbelklik op de snelkoppeling. [*:46ff14d977][color=#0000FF:46ff14d977][b:46ff14d977]Windows Vista[/b:46ff14d977][/color:46ff14d977], [color=#0000FF:46ff14d977][b:46ff14d977]Windows 7[/b:46ff14d977][/color:46ff14d977] en [color=#0000FF:46ff14d977][b:46ff14d977]Windows 8[/b:46ff14d977][/color:46ff14d977]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:46ff14d977][/list:u:46ff14d977] [b:46ff14d977]Let op:[/b:46ff14d977] [list:46ff14d977][*:46ff14d977]Malwarebytes MBAM nu eerst updaten[/list:u:46ff14d977] [b:46ff14d977]Scannen[/b:46ff14d977]: [list:46ff14d977][*:46ff14d977] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:46ff14d977]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:46ff14d977]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:46ff14d977] [b:46ff14d977]Infecties gevonden[/b:46ff14d977]: [list:46ff14d977][*:46ff14d977]Klik nu eerst op OK om de melding weg te klikken [*:46ff14d977]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:46ff14d977]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:46ff14d977]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:46ff14d977]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:46ff14d977]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:46ff14d977] [b:46ff14d977]MBAM-Log[/b:46ff14d977]: [list:46ff14d977][*:46ff14d977] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken.[/list:u:46ff14d977] [b:46ff14d977]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:46ff14d977] Quote Link naar reactie
0 anoniem Geplaatst: 26 augustus 2013 Auteur Delen Geplaatst: 26 augustus 2013 Niets gevonden! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.08.26.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Annelie :: PC_VAN_BOUIUS [administrator] 26-8-2013 19:04:32 mbam-log-2013-08-26 (19-04-32).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 229676 Verstreken tijd: 12 minuut/minuten, 15 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Quote Link naar reactie
Vraag
anoniem
Link naar reactie
Beste reacties voor deze vraag
75
Populaire dagen
26 aug
20
27 aug
16
24 aug
14
25 aug
14
Beste reacties voor deze vraag
anoniem 75 berichten
Populaire dagen
26 aug 2013
20 berichten
27 aug 2013
16 berichten
24 aug 2013
14 berichten
25 aug 2013
14 berichten
74 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen