Ga naar inhoud

roelonzo

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    10

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door roelonzo

  1. roelonzo
    Hoi Kape, CPU gebruik is terug zoals het was. erg rustig. Volgens mij is het probleem zo goed als verholpen. Hier het logje : ComboFix 11-08-28.01 - Roel 29/08/2011 18:19:26.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1179 [GMT 2:00] Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe Command switches used :: c:\documents and settings\Roel\Bureaublad\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 ))))))))))))))))))))))))))))))) . . 2011-08-29 09:18 . 2011-08-29 09:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-29 09:18 . 2011-08-29 09:18 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-29 09:18 . 2011-08-29 09:18 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-29 09:18 . 2011-08-29 09:18 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-29 09:18 . 2011-08-29 09:18 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-29 09:18 . 2011-08-29 09:18 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-29 09:18 . 2011-08-29 09:18 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-29 09:18 . 2011-08-29 09:18 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-29 07:42 . 2011-08-29 07:42 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Temp 2011-08-29 07:29 . 2011-08-29 07:29 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Solid State Networks 2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro 2011-08-28 14:53 . 2011-08-29 08:36 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft 2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel 2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony 2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared 2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install 2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony 2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony 2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys 2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe 2011-08-29 09:18 . 2011-08-29 09:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-29_06.54.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-29 08:34 . 2011-08-29 08:34 16384 c:\windows\Temp\Perflib_Perfdata_748.dat + 2009-05-20 12:34 . 2011-08-29 08:38 93752 c:\windows\system32\perfc013.dat - 2009-05-20 12:34 . 2011-08-29 06:45 93752 c:\windows\system32\perfc013.dat + 2009-05-20 12:34 . 2011-08-29 08:38 73980 c:\windows\system32\perfc009.dat - 2009-05-20 12:34 . 2011-08-29 06:45 73980 c:\windows\system32\perfc009.dat + 2008-04-14 00:10 . 2008-04-15 12:00 96512 c:\windows\system32\drivers\atapi.sys - 2008-04-14 00:10 . 2008-04-13 22:10 96512 c:\windows\system32\drivers\atapi.sys + 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2009-05-20 12:34 . 2011-08-29 06:45 514470 c:\windows\system32\perfh013.dat + 2009-05-20 12:34 . 2011-08-29 08:38 514470 c:\windows\system32\perfh013.dat + 2009-05-20 12:34 . 2011-08-29 08:38 446348 c:\windows\system32\perfh009.dat - 2009-05-20 12:34 . 2011-08-29 06:45 446348 c:\windows\system32\perfh009.dat - 2009-05-23 09:18 . 2011-08-29 06:42 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-05-23 09:18 . 2011-08-29 08:13 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2011-08-29 07:36 . 2011-08-29 07:36 2309120 c:\windows\Installer\2eb4e7.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}" [HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288] . c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760] . c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\ haal.exe [2011-3-9 154331] laocle.exe [2011-2-3 153680] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009 . R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 76519709 *Deregistered* - 76519709 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kdxcqejy . Contents of the 'Scheduled Tasks' folder . 2011-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 193.109.184.72 193.109.184.75 FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox FF - prefs.js: network.proxy.type - 4 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-29 18:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\tgwsaflx.dll . - - - - - - - > 'explorer.exe'(2220) c:\windows\system32\tgwsaflx.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-29 18:34:59 ComboFix-quarantined-files.txt 2011-08-29 16:34 ComboFix2.txt 2011-08-29 08:56 ComboFix3.txt 2011-08-29 08:20 ComboFix4.txt 2011-08-29 06:58 . Pre-Run: 19,350,441,984 bytes beschikbaar Post-Run: 19,346,563,072 bytes beschikbaar . - - End Of File - - 8B447E038199DDA36881F11755C428B8 Bedankt ! Roel.
  2. roelonzo
    Het lukte me niet om een rapportje te maken van TDSSkiller, ik heb het EXE bestand wel uitgevoerd en het programma had 1 rootkit infection gevonden en gemaakt. daarna opgestart en een combofix scan gedaan. hier de log van combofix : ComboFix 11-08-28.01 - Roel 29/08/2011 10:48:21.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1293 [GMT 2:00] Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 ))))))))))))))))))))))))))))))) . . 2011-08-29 07:42 . 2011-08-29 07:42 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Temp 2011-08-29 07:29 . 2011-08-29 07:29 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Solid State Networks 2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro 2011-08-28 14:53 . 2011-08-29 08:36 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft 2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel 2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony 2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared 2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install 2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony 2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony 2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys 2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-29_06.54.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-29 08:34 . 2011-08-29 08:34 16384 c:\windows\Temp\Perflib_Perfdata_748.dat + 2009-05-20 12:34 . 2011-08-29 08:38 93752 c:\windows\system32\perfc013.dat - 2009-05-20 12:34 . 2011-08-29 06:45 93752 c:\windows\system32\perfc013.dat + 2009-05-20 12:34 . 2011-08-29 08:38 73980 c:\windows\system32\perfc009.dat - 2009-05-20 12:34 . 2011-08-29 06:45 73980 c:\windows\system32\perfc009.dat + 2008-04-14 00:10 . 2008-04-15 12:00 96512 c:\windows\system32\drivers\atapi.sys - 2008-04-14 00:10 . 2008-04-13 22:10 96512 c:\windows\system32\drivers\atapi.sys + 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2009-05-23 09:18 . 2011-08-29 08:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-05-23 09:18 . 2011-08-29 06:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-05-20 12:34 . 2011-08-29 08:38 514470 c:\windows\system32\perfh013.dat - 2009-05-20 12:34 . 2011-08-29 06:45 514470 c:\windows\system32\perfh013.dat - 2009-05-20 12:34 . 2011-08-29 06:45 446348 c:\windows\system32\perfh009.dat + 2009-05-20 12:34 . 2011-08-29 08:38 446348 c:\windows\system32\perfh009.dat - 2009-05-23 09:18 . 2011-08-29 06:42 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-05-23 09:18 . 2011-08-29 08:13 131072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2011-08-29 07:36 . 2011-08-29 07:36 2309120 c:\windows\Installer\2eb4e7.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}" [HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288] . c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760] . c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\ haal.exe [2011-3-9 154331] laocle.exe [2011-2-3 153680] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009 . R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 76519709 *Deregistered* - 76519709 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kdxcqejy . Contents of the 'Scheduled Tasks' folder . 2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 193.109.184.72 193.109.184.75 FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-29 10:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\tgwsaflx.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-29 10:56:44 ComboFix-quarantined-files.txt 2011-08-29 08:56 ComboFix2.txt 2011-08-29 08:20 ComboFix3.txt 2011-08-29 06:58 . Pre-Run: 19,370,962,944 bytes beschikbaar Post-Run: 19,381,702,656 bytes beschikbaar . - - End Of File - - CC32B6098C2CAE3BD51CEE36DF3B4626 Als ik zoek naar conhost.exe dat vind mijn pc 1 bestandje "conhost.exe.vir" in de map C:\Qoobox\Quarantine\C\Windows\Temp Nogmaals bedankt voor de hulp ! Roel.
  3. roelonzo
    ComboFix 11-08-28.01 - Roel 29/08/2011 8:43.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.1648 [GMT 2:00] Running from: c:\documents and settings\Roel\Bureaublad\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\NetworkService\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\NetworkService\Application Data\Adobe\plugs c:\documents and settings\Roel\Application Data\Adobe\plugs c:\documents and settings\Roel\Application Data\Adobe\shed c:\documents and settings\Roel\Application Data\Beyxu c:\documents and settings\Roel\Application Data\Beyxu\yxeb.roa c:\windows\system32\Thumbs.db c:\windows\TEMP\conhost.exe . . \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected . \\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive1 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive2 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive3 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive4 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive5 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive6 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive7 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive8 - Bootkit Whistler was found and disinfected \\.\PhysicalDrive9 - Bootkit Whistler was found and disinfected . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 ))))))))))))))))))))))))))))))) . . 2011-08-28 17:22 . 2011-08-28 17:22 388096 ----a-r- c:\documents and settings\Roel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-28 17:22 . 2011-08-28 17:22 -------- d-----w- c:\program files\Trend Micro 2011-08-28 14:54 . 2011-08-28 19:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar 2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Application Data\Sammsoft 2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\Ask.com 2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\AskToolbar 2011-08-28 14:53 . 2011-08-28 14:53 -------- d-----w- c:\program files\ARO 2011 2011-08-28 12:28 . 2011-08-28 12:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2011-08-28 12:26 . 2011-08-28 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2011-08-27 21:44 . 2011-08-28 06:10 -------- d-----w- c:\windows\SxsCaPendDel 2011-08-26 12:56 . 2011-08-26 12:56 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Sony 2011-08-26 12:54 . 2011-08-26 12:54 -------- d-----w- c:\program files\Common Files\Sony Shared 2011-08-26 12:54 . 2011-08-26 12:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-26 12:46 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony Media Go Install 2011-08-26 12:43 . 2011-08-26 12:55 -------- d-----w- c:\documents and settings\Roel\Application Data\Sony 2011-08-26 12:43 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\Roel\Local Settings\Application Data\Downloaded Installations 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2011-08-26 12:42 . 2011-08-26 12:54 -------- d-----w- c:\program files\Sony 2011-08-02 08:22 . 2011-08-02 08:22 -------- d--h--w- c:\windows\PIF . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2009-05-20 12:34 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2009-05-20 12:34 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-02-11 13:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-02-11 13:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2009-05-20 10:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18 . 2009-05-20 12:34 670208 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18 . 2009-05-20 12:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-20 17:44 . 2009-05-20 12:34 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35 . 2009-05-20 12:34 1859072 ----a-w- c:\windows\system32\win32k.sys 2009-10-02 20:23 . 2009-10-02 20:22 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage] @="{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}" [HKEY_CLASSES_ROOT\CLSID\{614FC85D-CA23-47DB-CEE4-4CEE6E1B9456}] 2008-04-15 12:00 820224 ----a-w- c:\windows\system32\tgwsaflx.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-16 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-04 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-04-02 273544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe" [2011-08-26 240288] . c:\documents and settings\Roel\Menu Start\Programma's\Opstarten\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344] WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760] . c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\ haal.exe [2011-3-9 154331] laocle.exe [2011-2-3 153680] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52964:TCP"= 52964:TCP:@xpsp2res.dll,-22009 . R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe -k netsvcs [20/05/2009 2:34 PM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2011 3:10 PM 366640] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14/10/2009 2:31 PM 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 9:58 AM 20480] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/05/2009 3:38 AM 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2011 3:10 PM 22712] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/05/2009 4:09 PM 1684736] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [20/05/2009 4:10 PM 966912] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [20/05/2009 5:06 PM 232872] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/03/2009 7:35 PM 39040] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [13/04/2010 4:30 PM 11520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kdxcqejy . Contents of the 'Scheduled Tasks' folder . 2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-213511399-2898973907-1583842945-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . 2011-08-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2011-07-29 20:05] . . ------- Supplementary Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 193.109.184.72 193.109.184.75 FF - ProfilePath - c:\documents and settings\Roel\Application Data\Mozilla\Firefox\Profiles\cmjbxl9n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q= FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Support.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-SRS Premium Sound - c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-29 08:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat het bestand door een ander proces wordt gebruikt. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . Completion time: 2011-08-29 08:58:49 ComboFix-quarantined-files.txt 2011-08-29 06:58 . Pre-Run: 16,252,792,832 bytes beschikbaar Post-Run: 19,362,729,984 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 39C0C5206FE62F23583AD83311CCB690 Ik denk dat het nu wel gelukt is Hartelijk bedankt voor je hulp. Hoe wist je trouwens in post #5 welke regeltjes ik moest aanvinken bij hijack this ? of is dit moeilijk om uit te leggen aan een noob zoals mij ? groeten, Roel. ---------- Post toegevoegd om 09:18 ---------- Vorige post was om 09:06 ---------- hmm nee ik heb te vroeg victorie gekraaid... conhost.exe staat nog altijd bovenaan mijn processen met 98% CPU gebruik
  4. roelonzo
    Hallo, Ik heb dit geprobeerd zoals je zei maar conhost blijft vervelend doen... hier de logs: Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7594 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 28/08/2011 10:12:49 PM mbam-log-2011-08-28 (22-12-49).txt Scantype: Snelle scan Objecten gescand: 160952 Verstreken tijd: 6 minuut/minuten, 52 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:14:37 PM, on 28/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user') O4 - .DEFAULT User Startup: haal.exe (User 'Default user') O4 - .DEFAULT User Startup: laocle.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 8548 bytes groeten, Roel.
  5. roelonzo
    Ow dat was snel hier het rapportje van HJT Bedankt voor je snelle reactie. Roel. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:23:45 PM, on 28/08/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\mc76395.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {614FC85D-CA23-47DB-CEE4-4CEE6E1B9456} - c:\windows\system32\tgwsaflx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe -rem O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user') O4 - .DEFAULT User Startup: haal.exe (User 'Default user') O4 - .DEFAULT User Startup: laocle.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Memory checker (MemChecker) - Unknown owner - C:\WINDOWS\mc76395.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 9532 bytes
  6. roelonzo
    Hallo beste forumleden, Sinds vandaag is mijn pc aan het trippen, conhost.exe gebruikt soms tot 99% CPU.... Ik heb een Malwarebytes scan gedaan maar die zegt dat niks geinfecteerd is... Ik heb hem zelfs nog ge-update vandaag. kunnen jullie me verder helpen ? hier alvast een DDS rapportje: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16 Run by Roel at 19:08:17 on 2011-08-28 Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1043.18.2039.673 [GMT 2:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe 4 C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe svchost.exe 4 C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\mc76395.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\TEMP\conhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/home?AF=14542 uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: : {614fc85d-ca23-47db-cee4-4cee6e1b9456} - c:\windows\system32\tgwsaflx.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex StartupFolder: c:\docume~1\roel\menust~1\progra~1\opstar~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Verzenden naar Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: DhcpNameServer = 193.109.184.72 193.109.184.75 TCP: Interfaces\{22F914DF-2C1C-446E-A6F9-52611E930C97} : DhcpNameServer = 193.109.184.72 193.109.184.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\roel\application data\mozilla\firefox\profiles\cmjbxl9n.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/firefox FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q= FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R2 kdxcqejy;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\system32\svchost.exe -k netsvcs [2009-5-20 14336] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-11 366640] R2 MemChecker;Memory checker;c:\windows\mc76395.exe [2011-2-11 172956] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-20 38912] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-11 22712] R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?] R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-20 1684736] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-5-20 966912] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-5-20 232872] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-3-21 39040] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-13 11520] . =============== Created Last 30 ================ . 2011-08-28 14:53:58 -------- d-----w- c:\documents and settings\roel\application data\Sammsoft 2011-08-28 14:53:46 -------- d-----w- c:\program files\Ask.com 2011-08-28 14:53:42 -------- d-----w- c:\documents and settings\roel\local settings\application data\AskToolbar 2011-08-28 14:53:26 -------- d-----w- c:\program files\ARO 2011 2011-08-28 12:28:28 -------- d-----w- c:\program files\PC Tools Security 2011-08-28 12:28:28 -------- d-----w- c:\program files\common files\PC Tools 2011-08-28 12:26:40 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2011-08-27 21:44:41 -------- d-----w- c:\windows\SxsCaPendDel 2011-08-26 12:56:10 -------- d-----w- c:\documents and settings\roel\local settings\application data\Sony 2011-08-26 12:54:51 -------- d-----w- c:\program files\common files\Sony Shared 2011-08-26 12:54:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-26 12:46:28 -------- d-----w- c:\program files\Sony Media Go Install 2011-08-26 12:43:17 -------- d-----w- c:\documents and settings\roel\local settings\application data\Downloaded Installations 2011-08-26 12:42:08 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation 2011-08-26 12:42:07 -------- d-----w- c:\program files\Sony 2011-08-02 08:22:05 -------- d--h--w- c:\windows\PIF . ==================== Find3M ==================== . 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:39 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:18:34 670208 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:18:34 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-06-20 17:44:48 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-06 11:35:33 1859072 ----a-w- c:\windows\system32\win32k.sys 2009-10-02 20:23:02 8742784 ----a-w- c:\program files\Firefox Setup 3.5.3.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat het bestand door een ander proces wordt gebruikt. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89D8D555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89d937b0]; MOV EAX, [0x89d9382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89DE0650] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000061[0x89DC23B8] 5 ACPI[0xB9F7E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89DA5028] \Driver\iaStor[0x89DCB818] -> IRP_MJ_CREATE -> 0x89D8D555 kernel: MBR read successfully _asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; STD ; CLD ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x620; } user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 19:10:16.42 =============== Is malwarebytes wel een goeie virusscanner ? normaalgesproken zou ie het toch gewoon moeten vinden ? Ik hoor het wel, Alvast bedankt voor de hulp Roel.
  7. roelonzo
    Ik heb de driver & de update geinstalleerd. opnieuw opgestart, maar hij herkent de kaart nog altijd niet ? op de kaart staat : SD HC Traveler high speed 4GB nog opties of kan mijn kaartlezer zulke volumes niet aan ? Roel.
  8. roelonzo
    hallo ,het type is W3650 alvast bedankt ! Roel.
  9. roelonzo
    Hallo iedereen, Ik heb zopas een SD-kaart gekocht in de Aldi (4GB). Mijn camera , een casio exilim herkent de kaart en schrijft de foto's erop weg. Als ik nu die SD kaart in de kaartlezer van m'n laptop steek dan herkent m'n laptop de kaart niet. ( Packard Bell easynote laptop) weet iemand hoe ik dit probleem kan oplossen ? Ik heb de foto's kunnen copieren naar mijn pc via de camera van m'n zus (met USB link kabel ). alvast bedankt !! Roel. ;-)
  10. roelonzo
    Hallo , mijn naam is Roel , ik ben nieuw hier op dit forum. momenteel hebben wij thuis Telenet als internet provider maar owv veel te weinig volume gaan we overschakelen op Dommel ( ADSL). nu, Dommel is aangevraagd, alles is betaald en ik zou nu moeten kunnen surfen op hun netwerk. mijn huidige installatie : motorola modem( Telenet) daarna een Dlink router. wat moet ik allemaal aanpassen om op Dommel te kunnen geraken ? een ADSL modem ? en waar moet ik dommel aansluiten ? op de huidige kabel die nu in de telenet modem steekt ? of via de telefoonkabel ( Belgacom). zoja moet er dan nog een splitter tussen die telefoonkabel om telefoon & internet te scheiden ? alvast hard bedankt voor jullie reply's Roel.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.