Ga naar inhoud

mybookface.net redirect =(

snoeck

Door snoeck
in Archief Internet & Netwerk

 Delen

Aanbevolen berichten

snoeck Bijdrager

snoeck

Geplaatst:
Geplaatst:

Hallo iedereen,

sinds kort als ik op Facebook zit word ik ongevraagd uit het niets omgeleid naar MyBookFace (Powered by phpFoX). Dit komt soms als ik op een link in facebook klik of zelf gewoon als facebook even openstaat en ik er na een half uurtje naar terugkeer het MyBookFace (Powered by phpFoX) is geworden.

Mijn pc al gescanned met McAfee, deze had 3 threads gevonden maar allemaal kunnen repareren of verwijderen en het probleem blijft. Ook al paar keer gegoogled maar snap niet veel van al

Weet iemand hoe ik dit kan oplossen ? het is echt zeer vervelend :frown:

alvast bedankt,

Thomas.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht,

Link naar reactie
Delen op andere sites
snoeck Bijdrager

snoeck

Geplaatst:
  • Auteur
Geplaatst:

Hmm, heb de scan gedaan maar er is niets gevonden ?

Malwarebytes' Anti-Malware 1.44

Database versie: 3568

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

15/01/2010 12:33:33

mbam-log-2010-01-15 (12-33-33).txt

Scan type: Volledige Scan (C:\|D:\|E:\|F:\|H:\|)

Objecten gescand: 341165

Verstreken tijd: 3 hour(s), 24 minute(s), 44 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Wat kan het dan zijn ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Volgende poging :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites
snoeck Bijdrager

snoeck

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 10-01-15.01 - Thomas 15/01/2010 20:54:08.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3039.1481 [GMT 1:00]

Gestart vanuit: c:\users\Thomas\Desktop\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-1116315698-4157991779-3819976658-500

c:\$recycle.bin\S-1-5-21-2529244228-3794066734-3372794877-500

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-15 to 2010-01-15 ))))))))))))))))))))))))))))))

.

2010-01-15 20:08 . 2010-01-15 20:08 -------- d-----w- c:\users\Thomas\AppData\Local\temp

2010-01-15 20:08 . 2010-01-15 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes

2010-01-15 07:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\programdata\Malwarebytes

2010-01-15 07:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\users\Thomas\AppData\Local\HandBrake

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\users\Thomas\AppData\Roaming\HandBrake

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\program files\Handbrake

2010-01-13 07:41 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 07:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 21:09 . 2010-01-12 21:09 -------- d-----w- c:\windows\system32\Adobe

2010-01-05 07:32 . 2010-01-05 07:32 -------- d-----w- c:\program files\CCleaner

2010-01-03 21:41 . 2010-01-14 15:44 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-01-03 21:41 . 2010-01-14 15:44 214816 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-01-03 21:41 . 2010-01-03 21:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-01-03 21:30 . 2010-01-03 21:30 -------- d-----w- c:\users\Thomas\AppData\Local\PunkBuster

2010-01-03 21:17 . 2010-01-08 14:16 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory

2010-01-03 20:34 . 2010-01-03 20:35 -------- d-----w- c:\users\Thomas\.installjammer

2010-01-03 20:34 . 2010-01-03 20:34 -------- d--h--w- c:\program files\InstallJammer Registry

2010-01-03 20:34 . 2010-01-03 20:34 -------- d-----w- c:\program files\InstallJammer

2009-12-29 10:40 . 2009-08-17 17:56 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe

2009-12-29 09:40 . 2009-12-29 09:40 -------- d-----w- c:\users\Thomas\AppData\Roaming\HPAppData

2009-12-29 08:26 . 2009-12-29 09:27 23211 ----a-w- c:\windows\hpqins15.dat

2009-12-21 16:21 . 2009-12-21 16:46 -------- d-----w- c:\users\Thomas\AppData\Roaming\ImgBurn

2009-12-21 16:21 . 2009-12-21 16:21 -------- d-----w- c:\program files\ImgBurn

2009-12-21 12:17 . 2009-12-21 12:17 -------- d-----w- c:\users\Thomas\AppData\Local\WBFSManager

2009-12-21 12:16 . 2009-12-21 12:16 -------- d-----w- c:\program files\WBFS

2009-12-20 13:58 . 2009-12-20 14:17 -------- d-----w- C:\GMouse20

2009-12-20 13:58 . 1996-01-09 09:38 283648 ----a-w- c:\windows\uninst.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 16:51 . 2009-09-17 19:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent

2010-01-14 19:59 . 2009-09-17 11:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\vlc

2010-01-14 19:27 . 2009-11-23 13:20 -------- d-----w- c:\program files\JDownloader

2010-01-14 05:14 . 2009-09-15 19:27 -------- d-----w- c:\programdata\Microsoft Help

2010-01-13 22:47 . 2009-08-18 04:26 757040 ----a-w- c:\windows\system32\perfh013.dat

2010-01-13 22:47 . 2009-08-18 04:26 154634 ----a-w- c:\windows\system32\perfc013.dat

2010-01-08 22:31 . 2009-10-31 14:06 -------- d-----w- c:\users\Thomas\AppData\Roaming\BSplayer

2010-01-08 15:57 . 2009-09-22 15:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-01-08 15:57 . 2009-09-22 15:12 -------- d-----w- c:\program files\DVDVideoSoft

2010-01-06 20:27 . 2009-09-18 15:50 -------- d-----w- c:\program files\McAfee

2010-01-06 17:47 . 2009-11-10 07:28 -------- d-----w- c:\program files\VP Suite 4.0

2010-01-05 08:22 . 2009-09-28 18:00 -------- d-----w- c:\users\Thomas\AppData\Roaming\HpUpdate

2009-12-23 17:15 . 2009-12-23 17:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2009-12-22 10:32 . 2009-09-15 21:54 -------- d-----w- c:\users\Thomas\AppData\Roaming\Apple Computer

2009-12-22 10:03 . 2009-09-15 21:48 -------- d-----w- c:\programdata\Apple

2009-12-22 06:59 . 2008-11-24 18:13 -------- d-----w- c:\program files\Google

2009-12-16 09:19 . 2009-12-14 17:46 -------- d-----w- c:\program files\Steam

2009-12-15 21:49 . 2009-09-15 19:28 -------- d-----w- c:\program files\Microsoft.NET

2009-12-15 21:48 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft SQL Server

2009-12-15 18:07 . 2009-11-14 13:46 120696 ----a-w- c:\users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-15 11:36 . 2009-12-15 11:36 -------- d-----w- c:\programdata\Codemasters

2009-12-15 11:27 . 2009-12-15 11:27 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-15 11:27 . 2009-12-15 11:27 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2009-12-15 11:27 . 2009-12-15 11:27 -------- d-----w- c:\program files\OpenAL

2009-12-15 11:19 . 2009-12-15 11:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-12-15 10:56 . 2009-10-21 05:32 -------- d-----w- c:\program files\Codemasters

2009-12-14 21:31 . 2009-12-14 17:46 -------- d-----w- c:\program files\Common Files\Steam

2009-12-14 21:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2009-12-14 21:21 . 2009-12-14 21:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-12-12 17:44 . 2009-12-12 17:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22D5.tmp.exe

2009-12-08 21:55 . 2009-12-08 21:55 -------- d-----w- c:\program files\Elaborate Bytes

2009-12-08 06:30 . 2009-09-30 16:53 -------- d-----w- c:\users\Thomas\AppData\Roaming\Skype

2009-12-07 23:05 . 2009-09-30 17:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\skypePM

2009-12-05 16:44 . 2009-12-05 16:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb910C.tmp.exe

2009-12-04 18:47 . 2009-12-04 18:47 -------- d-----w- c:\program files\sges-v3-prelude

2009-12-04 18:44 . 2009-12-04 18:33 -------- d-----w- c:\program files\NetBeans 6.7.1

2009-12-01 05:15 . 2009-09-16 19:42 -------- d-----w- c:\programdata\FLEXnet

2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll

2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe

2009-11-25 16:32 . 2009-11-25 16:32 -------- d-----w- c:\program files\VirtualDJ

2009-11-25 10:23 . 2009-09-19 16:10 1710720 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe

2009-11-25 10:23 . 2009-05-26 16:43 1639552 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE

2009-11-20 15:15 . 2008-11-24 18:13 -------- d-----w- c:\programdata\Sony Corporation

2009-11-20 15:01 . 2009-11-20 14:57 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2009-11-20 15:01 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft Synchronization Services

2009-11-20 15:01 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-20 14:57 . 2009-11-20 14:57 -------- d-----w- c:\program files\Microsoft SDKs

2009-11-20 10:11 . 2009-11-20 10:11 -------- d-----w- c:\program files\Common Files\Deterministic Networks

2009-11-19 23:45 . 2009-11-19 23:42 -------- d-----w- c:\users\Thomas\AppData\Roaming\ISP Monitor

2009-11-19 23:42 . 2009-11-19 23:42 737280 ----a-w- c:\windows\iun6002.exe

2009-11-16 23:04 . 2009-09-19 14:59 167481 ----a-w- c:\windows\hpoins38.dat

2009-11-14 17:21 . 2009-11-07 19:16 207904 ----a-w- c:\windows\hpoins31.dat

2009-11-14 15:50 . 2009-11-14 15:50 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2009-11-14 15:39 . 2009-11-14 15:39 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{51CBB909-7A5D-1B81-2F79-219231F0C7A6}\ARPPRODUCTICON.exe

2009-11-14 14:23 . 2009-11-14 14:23 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-11-14 13:18 . 2009-11-14 13:18 21552 ------w- c:\windows\system32\emptyregdb.dat

2009-11-14 12:36 . 2009-11-14 12:36 0 ----a-w- c:\windows\ativpsrm.bin

2009-11-14 10:49 . 2008-11-24 09:43 12 ----a-w- c:\windows\bthservsdp.dat

2009-11-08 13:46 . 2009-11-08 13:44 336 ----a-w- c:\users\Thomas\AppData\Roaming\settings.dat

2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll

2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-10-31 15:31 . 2009-10-31 15:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-30 09:59 . 2009-10-30 09:59 532 ----a-w- c:\windows\eReg.dat

2009-10-29 21:39 . 2009-10-29 21:36 139611 ----a-w- c:\windows\hpoins21.dat

2009-10-29 07:22 . 2009-11-26 11:45 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-21 05:20 . 2009-10-21 05:20 721904 ------w- c:\windows\system32\drivers\sptd.sys

2009-11-03 06:17 . 2009-11-03 06:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-06-16 16:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-21 7596576]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-21 1833504]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-03 30192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2009-09-15 24576]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-11-20 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-08-04 07:58 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [26/08/2009 8:43 176128]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/01/2010 18:35 93320]

R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [14/11/2009 17:25 303104]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 19:09 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [24/11/2008 11:23 102400]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [22/07/2009 15:03 642920]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [14/11/2009 17:06 468264]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [15/09/2009 20:20 17920]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [8/09/2009 8:02 4231680]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [24/11/2008 19:24 9344]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21/10/2009 6:20 721904]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/11/2009 16:53 135664]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [26/06/2009 11:25 362992]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [15/09/2009 20:20 104960]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14/11/2009 17:42 29472]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/11/2008 19:13 30192]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [26/06/2009 11:25 313840]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [14/11/2009 17:17 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [14/11/2009 17:17 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [14/11/2009 17:17 427304]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [14/11/2009 17:17 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [14/11/2009 17:17 91432]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [14/11/2009 17:09 83240]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [14/07/2009 1:18 17920]

S3 yukonw7;NDIS6.2 Minipoortstuurprogramma voor Marvell Yukon Ethernet-controller;c:\windows\System32\drivers\yk62x86.sys [13/07/2009 23:02 311296]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 1:28 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 3:09 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 3:23 366936]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - PNKBSTRK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 15:52]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 15:52]

2010-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ejf5apeq.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2010-01-15 21:11:09

ComboFix-quarantined-files.txt 2010-01-15 20:11

Pre-Run: 77.609.525.248 bytes beschikbaar

Post-Run: 77.317.111.808 bytes beschikbaar

- - End Of File - - 0ED11403532F8F634147CCEEABB7AEDE

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MarketingTools"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites
snoeck Bijdrager

snoeck

Geplaatst:
  • Auteur
Geplaatst:

Oke, hier alletwee de logjes:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:35:17, on 16/01/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\sony\Marketing Tools\MarketingTools.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\sony\Network Utility\LANUtil.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe

O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe

O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 14796 bytes

combofix:

ComboFix 10-01-15.05 - Thomas 16/01/2010 11:19:52.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3039.1921 [GMT 1:00]

Gestart vanuit: c:\users\Thomas\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Thomas\Desktop\CFScript.txt.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-12-16 to 2010-01-16 ))))))))))))))))))))))))))))))

.

2010-01-16 10:26 . 2010-01-16 10:26 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-01-16 10:26 . 2010-01-16 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-15 23:30 . 2010-01-15 23:30 -------- d-----w- c:\program files\Hobbyist Software

2010-01-15 22:06 . 2010-01-15 22:06 -------- d-----w- c:\users\Thomas\AppData\Roaming\Ringtone Expressions

2010-01-15 22:06 . 2010-01-15 22:06 -------- d-----w- c:\program files\Ringtone Expressions

2010-01-15 20:11 . 2010-01-16 10:27 -------- d-----w- c:\users\Thomas\AppData\Local\temp

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes

2010-01-15 07:48 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 07:48 . 2010-01-15 07:48 -------- d-----w- c:\programdata\Malwarebytes

2010-01-15 07:48 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\users\Thomas\AppData\Local\HandBrake

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\users\Thomas\AppData\Roaming\HandBrake

2010-01-14 01:11 . 2010-01-14 01:11 -------- d-----w- c:\program files\Handbrake

2010-01-13 07:41 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 07:41 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll

2010-01-12 21:09 . 2010-01-12 21:09 -------- d-----w- c:\windows\system32\Adobe

2010-01-05 07:32 . 2010-01-05 07:32 -------- d-----w- c:\program files\CCleaner

2010-01-03 21:41 . 2010-01-14 15:44 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-01-03 21:41 . 2010-01-14 15:44 214816 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-01-03 21:41 . 2010-01-03 21:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-01-03 21:30 . 2010-01-03 21:30 -------- d-----w- c:\users\Thomas\AppData\Local\PunkBuster

2010-01-03 21:17 . 2010-01-08 14:16 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory

2010-01-03 20:34 . 2010-01-03 20:35 -------- d-----w- c:\users\Thomas\.installjammer

2010-01-03 20:34 . 2010-01-03 20:34 -------- d--h--w- c:\program files\InstallJammer Registry

2010-01-03 20:34 . 2010-01-03 20:34 -------- d-----w- c:\program files\InstallJammer

2009-12-29 10:40 . 2009-08-17 17:56 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe

2009-12-29 09:40 . 2009-12-29 09:40 -------- d-----w- c:\users\Thomas\AppData\Roaming\HPAppData

2009-12-29 08:26 . 2009-12-29 09:27 23211 ----a-w- c:\windows\hpqins15.dat

2009-12-21 16:21 . 2009-12-21 16:46 -------- d-----w- c:\users\Thomas\AppData\Roaming\ImgBurn

2009-12-21 16:21 . 2009-12-21 16:21 -------- d-----w- c:\program files\ImgBurn

2009-12-21 12:17 . 2009-12-21 12:17 -------- d-----w- c:\users\Thomas\AppData\Local\WBFSManager

2009-12-21 12:16 . 2009-12-21 12:16 -------- d-----w- c:\program files\WBFS

2009-12-20 13:58 . 2009-12-20 14:17 -------- d-----w- C:\GMouse20

2009-12-20 13:58 . 1996-01-09 09:38 283648 ----a-w- c:\windows\uninst.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-15 23:34 . 2009-09-17 11:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\vlc

2010-01-15 21:23 . 2009-09-17 19:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent

2010-01-15 20:20 . 2009-08-18 04:26 757040 ----a-w- c:\windows\system32\perfh013.dat

2010-01-15 20:20 . 2009-08-18 04:26 154634 ----a-w- c:\windows\system32\perfc013.dat

2010-01-14 19:27 . 2009-11-23 13:20 -------- d-----w- c:\program files\JDownloader

2010-01-14 05:14 . 2009-09-15 19:27 -------- d-----w- c:\programdata\Microsoft Help

2010-01-08 22:31 . 2009-10-31 14:06 -------- d-----w- c:\users\Thomas\AppData\Roaming\BSplayer

2010-01-08 15:57 . 2009-09-22 15:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-01-08 15:57 . 2009-09-22 15:12 -------- d-----w- c:\program files\DVDVideoSoft

2010-01-06 20:27 . 2009-09-18 15:50 -------- d-----w- c:\program files\McAfee

2010-01-06 17:47 . 2009-11-10 07:28 -------- d-----w- c:\program files\VP Suite 4.0

2010-01-05 08:22 . 2009-09-28 18:00 -------- d-----w- c:\users\Thomas\AppData\Roaming\HpUpdate

2009-12-23 17:15 . 2009-12-23 17:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2009-12-22 10:32 . 2009-09-15 21:54 -------- d-----w- c:\users\Thomas\AppData\Roaming\Apple Computer

2009-12-22 10:03 . 2009-09-15 21:48 -------- d-----w- c:\programdata\Apple

2009-12-22 06:59 . 2008-11-24 18:13 -------- d-----w- c:\program files\Google

2009-12-16 09:19 . 2009-12-14 17:46 -------- d-----w- c:\program files\Steam

2009-12-15 21:49 . 2009-09-15 19:28 -------- d-----w- c:\program files\Microsoft.NET

2009-12-15 21:48 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft SQL Server

2009-12-15 18:07 . 2009-11-14 13:46 120696 ----a-w- c:\users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT

2009-12-15 11:36 . 2009-12-15 11:36 -------- d-----w- c:\programdata\Codemasters

2009-12-15 11:27 . 2009-12-15 11:27 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-15 11:27 . 2009-12-15 11:27 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2009-12-15 11:27 . 2009-12-15 11:27 -------- d-----w- c:\program files\OpenAL

2009-12-15 11:19 . 2009-12-15 11:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2009-12-15 10:56 . 2009-10-21 05:32 -------- d-----w- c:\program files\Codemasters

2009-12-14 21:31 . 2009-12-14 17:46 -------- d-----w- c:\program files\Common Files\Steam

2009-12-14 21:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2009-12-14 21:21 . 2009-12-14 21:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-12-12 17:44 . 2009-12-12 17:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22D5.tmp.exe

2009-12-08 21:55 . 2009-12-08 21:55 -------- d-----w- c:\program files\Elaborate Bytes

2009-12-08 06:30 . 2009-09-30 16:53 -------- d-----w- c:\users\Thomas\AppData\Roaming\Skype

2009-12-07 23:05 . 2009-09-30 17:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\skypePM

2009-12-05 16:44 . 2009-12-05 16:44 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb910C.tmp.exe

2009-12-04 18:47 . 2009-12-04 18:47 -------- d-----w- c:\program files\sges-v3-prelude

2009-12-04 18:44 . 2009-12-04 18:33 -------- d-----w- c:\program files\NetBeans 6.7.1

2009-12-01 05:15 . 2009-09-16 19:42 -------- d-----w- c:\programdata\FLEXnet

2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll

2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe

2009-11-25 16:32 . 2009-11-25 16:32 -------- d-----w- c:\program files\VirtualDJ

2009-11-25 10:23 . 2009-09-19 16:10 1710720 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe

2009-11-25 10:23 . 2009-05-26 16:43 1639552 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE

2009-11-20 15:15 . 2008-11-24 18:13 -------- d-----w- c:\programdata\Sony Corporation

2009-11-20 15:01 . 2009-11-20 14:57 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2009-11-20 15:01 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft Synchronization Services

2009-11-20 15:01 . 2009-11-20 15:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-11-20 14:57 . 2009-11-20 14:57 -------- d-----w- c:\program files\Microsoft SDKs

2009-11-20 10:11 . 2009-11-20 10:11 -------- d-----w- c:\program files\Common Files\Deterministic Networks

2009-11-19 23:45 . 2009-11-19 23:42 -------- d-----w- c:\users\Thomas\AppData\Roaming\ISP Monitor

2009-11-19 23:42 . 2009-11-19 23:42 737280 ----a-w- c:\windows\iun6002.exe

2009-11-16 23:04 . 2009-09-19 14:59 167481 ----a-w- c:\windows\hpoins38.dat

2009-11-14 17:21 . 2009-11-07 19:16 207904 ----a-w- c:\windows\hpoins31.dat

2009-11-14 15:50 . 2009-11-14 15:50 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2009-11-14 15:39 . 2009-11-14 15:39 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{51CBB909-7A5D-1B81-2F79-219231F0C7A6}\ARPPRODUCTICON.exe

2009-11-14 14:23 . 2009-11-14 14:23 56 ---ha-w- c:\programdata\ezsidmv.dat

2009-11-14 13:18 . 2009-11-14 13:18 21552 ------w- c:\windows\system32\emptyregdb.dat

2009-11-14 12:36 . 2009-11-14 12:36 0 ----a-w- c:\windows\ativpsrm.bin

2009-11-14 10:49 . 2008-11-24 09:43 12 ----a-w- c:\windows\bthservsdp.dat

2009-11-08 13:46 . 2009-11-08 13:44 336 ----a-w- c:\users\Thomas\AppData\Roaming\settings.dat

2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll

2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-10-31 15:31 . 2009-10-31 15:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-30 09:59 . 2009-10-30 09:59 532 ----a-w- c:\windows\eReg.dat

2009-10-29 21:39 . 2009-10-29 21:36 139611 ----a-w- c:\windows\hpoins21.dat

2009-10-29 07:22 . 2009-11-26 11:45 2048 ----a-w- c:\windows\system32\tzres.dll

2009-10-21 05:20 . 2009-10-21 05:20 721904 ------w- c:\windows\system32\drivers\sptd.sys

2009-11-03 06:17 . 2009-11-03 06:17 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_20.08.14 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:55 . 2010-01-14 05:31 48514 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2010-01-16 09:48 48514 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-11-14 12:37 . 2010-01-15 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-11-14 12:37 . 2010-01-16 09:48 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-11-14 12:37 . 2010-01-16 09:48 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 12:37 . 2010-01-15 20:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2010-01-16 09:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2010-01-15 20:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-14 13:45 . 2010-01-16 09:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-11-14 13:45 . 2010-01-14 05:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:34 . 2010-01-15 23:22 80384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-11-14 13:45 . 2010-01-16 09:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 13:45 . 2010-01-14 05:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 13:45 . 2010-01-14 05:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-14 13:45 . 2010-01-16 09:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-14 13:47 . 2010-01-16 09:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-11-14 13:47 . 2010-01-15 11:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-11-14 19:14 . 2010-01-16 10:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 19:14 . 2010-01-15 20:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 19:14 . 2010-01-15 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2009-11-14 19:14 . 2010-01-16 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat

- 2009-11-14 19:14 . 2010-01-15 20:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

+ 2009-11-14 19:14 . 2010-01-16 10:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat

- 2009-11-14 13:47 . 2010-01-15 20:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-11-14 13:47 . 2010-01-16 10:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-11-14 13:47 . 2010-01-14 05:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-14 13:47 . 2010-01-16 09:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-11-14 16:34 . 2010-01-16 09:44 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2010-01-16 09:45 . 2010-01-16 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-01-14 05:29 . 2010-01-14 05:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2010-01-14 05:29 . 2010-01-14 05:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-01-16 09:45 . 2010-01-16 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-11-15 13:48 . 2010-01-16 09:12 341206 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:05 . 2010-01-13 22:47 672502 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2010-01-15 20:20 672502 c:\windows\System32\perfh009.dat

- 2009-07-14 02:05 . 2010-01-13 22:47 127970 c:\windows\System32\perfc009.dat

+ 2009-07-14 02:05 . 2010-01-15 20:20 127970 c:\windows\System32\perfc009.dat

- 2009-07-14 02:03 . 2010-01-15 02:03 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:03 . 2010-01-16 09:59 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-15 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2009-08-10 284592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-21 7596576]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-08-21 1833504]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-03 30192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-11-20 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-08-04 07:58 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [26/08/2009 8:43 176128]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/01/2010 18:35 93320]

R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [14/11/2009 17:25 303104]

R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 19:09 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [24/11/2008 11:23 102400]

R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [15/09/2009 20:20 104960]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [22/07/2009 15:03 642920]

R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [14/11/2009 17:06 468264]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [15/09/2009 20:20 17920]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [8/09/2009 8:02 4231680]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [24/11/2008 19:24 9344]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21/10/2009 6:20 721904]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/11/2009 16:53 135664]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [26/06/2009 11:25 362992]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14/11/2009 17:42 29472]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/11/2008 19:13 30192]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [26/06/2009 11:25 313840]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [14/11/2009 17:17 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [14/11/2009 17:17 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [14/11/2009 17:17 427304]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [14/11/2009 17:17 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [14/11/2009 17:17 91432]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [14/11/2009 17:09 83240]

S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [14/07/2009 1:18 17920]

S3 yukonw7;NDIS6.2 Minipoortstuurprogramma voor Marvell Yukon Ethernet-controller;c:\windows\System32\drivers\yk62x86.sys [13/07/2009 23:02 311296]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 1:28 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 3:09 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 3:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Inhoud van de 'Gedeelde Taken' map

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 15:52]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 15:52]

2010-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 10:22]

.

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ejf5apeq.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3488)

c:\progra~1\mcafee\SITEAD~1\saHook.dll

.

Voltooingstijd: 2010-01-16 11:29:30

ComboFix-quarantined-files.txt 2010-01-16 10:29

ComboFix2.txt 2010-01-15 20:11

Pre-Run: 76.502.183.936 bytes beschikbaar

Post-Run: 76.440.547.328 bytes beschikbaar

- - End Of File - - 3BE5AC1D4AE50832299D433308DC213D

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

Klik op 'Fix checked' om de items te verwijderen.

En hoe staat het nu met de Facebook-omleidingen ?

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.