Ga naar inhoud

acer73

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    22

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door acer73

  1. acer73
    ik wil nog niet opgeven.. is dr nog iets wat ik kan doen.. iets laten runnen.. anti malware ... search and distroy.. iets??
  2. acer73
    heb jij een windows xp disk?? mag ik je dat vragen??
  3. acer73
    ik hoorde iemand zegge.. alles dr afdonderen en xp opnieuw instaleren.. maar ik heb geen disk met xp professionl dr op.. zou dit alles wel het probleem oplossen??
  4. acer73
    kape, ooo wat erg dit allemaal.. het lukt niet... de F8 toets doet niets als ik dat zwarte scherm in het begin zie.. er popt niets op.. na de start zijn alle files wederom verdwenen.. valt die POST ook na het opstarten op te roepen?? zie jij nog een uitweg??
  5. acer73
    Bij het opstarten geeft ie dit aan: Windows cannot load the locally stored profile, insufficiant security right. en Windows cannot find the locally profile and is login you to a temporaly file.
  6. acer73
    deze blijft maar opkomen bij ccleaner. Unused file extension {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79 Registry key HKCR/80b8c23c etc etc.. heb deze handmatig moeten overnemen hierboven copy c en copy v werkte niet. heb combofix niet kunnen vinden.. op desktop was die al weer weggevaagd.. toen ik Qoobox intoetste kwamen daar ook files van combofix, die heb ik handmatig verwijderd. en vanuit de recyclebin ook verwijderd.. bij het opstarten vd computer verdwijnt googlechrome nog steeds en andere..??? pppfff tjesusnogantoe!
  7. acer73
    Dit is het log van evenger, na het heropstarten van mn computer waren wederom een aantal zaken vd desktop verdwenen. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\system32\drivers\inpirbui.sys" not found! Deletion of file "c:\windows\system32\drivers\inpirbui.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\njud.sys" not found! Deletion of file "c:\windows\system32\drivers\njud.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "zysfmrom" deleted successfully. Driver "inpirbui" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  8. acer73
    uitkomst: ComboFix 11-07-12.04 - Rob 19-07-2011 22:10:01.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.462 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\system32\drivers\inpirbui.sys" "c:\windows\system32\drivers\njud.sys" . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 16:15 . 2011-07-19 16:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys 2011-07-19 16:14 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\mpengine.dll 2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft 2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKslf4020c74;MpKslf4020c74;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys [19-7-2011 18:15 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF4020C74 . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003UA.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 22:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2744) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-19 22:18:25 ComboFix-quarantined-files.txt 2011-07-19 20:18 ComboFix2.txt 2011-07-19 12:03 ComboFix3.txt 2011-07-19 11:49 ComboFix4.txt 2011-07-19 09:18 . Pre-Run: 9.578.541.056 bytes free Post-Run: 9.569.624.064 bytes free . - - End Of File - - F031576398A239DA71FE15364462D20B
  9. acer73
    Kape, is dit een uitzonderlijk probleem? weet even niet wat ik moet doen. hoop dat je me kan genezen! ben me ervan bewust dat we nu best lang bezig zijn al. ben vast niet de enige met problemen. ---------- Post toegevoegd om 16:44 ---------- Vorige post was om 16:39 ---------- zo ziet hijack er nu uit. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:44:25, on 19-7-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\PixArt\PAC7311\Monitor.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- End of file - 9358 bytes
  10. acer73
    hoop dat ik alles goed doe zo! dit is het log wat eruit kwam.. ComboFix 11-07-12.04 - Rob 19-07-2011 13:57:51.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.452 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt..txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\system32\ConduitEngine.tmp" "c:\windows\system32\drivers\inpirbui.sys" "c:\windows\system32\drivers\njud.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft 2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe 2011-07-19 06:29 . 2011-07-19 06:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys 2011-07-18 19:47 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\mpengine.dll 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [2011-05-17 1736000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKsle511d34b;MpKsle511d34b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys [19-7-2011 8:29 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPFILTERDRIVER *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSERVICE *NewlyCreated* - MPKSLE511D34B . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 13:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-07-19 14:03:32 ComboFix-quarantined-files.txt 2011-07-19 12:03 ComboFix2.txt 2011-07-19 11:49 ComboFix3.txt 2011-07-19 09:18 . Pre-Run: 9.001.283.584 bytes free Post-Run: 8.986.345.472 bytes free . - - End Of File - - C12AC9BE1B54083AF21571DEC4DAD063
  11. acer73
    speciall, ik begrijp niet wat je bedoelt, ben wel een leek hier Kape heeft me tot dusver geholpen.. het laatste wat ik gedaan heb is het log opgestuurd.. zie je daar wat raars aan??
  12. acer73
    oke, heb even verder gekeken, moest op buroblad geinstalleerd worden. hier bij het log wat dr uit kwam: ComboFix 11-07-12.04 - Rob 19-07-2011 11:11:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.482 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 06:29 . 2011-07-19 06:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys 2011-07-18 19:47 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\mpengine.dll 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:37 . 2011-07-12 07:37 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKsle511d34b;MpKsle511d34b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys [19-7-2011 8:29 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPFILTERDRIVER *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSERVICE *NewlyCreated* - MPKSLE511D34B . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe MSConfigStartUp-AntiMalware - c:\program files\AntiMalware\antimalware.exe MSConfigStartUp-QuickDownloadPack - c:\program files\QuickDownloadPack\qdpack.exe MSConfigStartUp-Spontania Video Collaboration - c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e - c:\program files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe AddRemove-Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 - c:\program files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 11:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(180) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-19 11:18:58 ComboFix-quarantined-files.txt 2011-07-19 09:18 . Pre-Run: 8.831.782.912 bytes free Post-Run: 9.044.918.272 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E3C396B096258467C4121AAACE469659
  13. acer73
    Avira uitgeschakeld en microsoft security essentials..anti malwarebites krijg ik niet uigeschakeld als ik nu combifix download en laat runne begint ie te scannen ik krijg m niet op mn desktop geinstalleerd.. dan krijg ik een melding dat ik combifix niet als combifix 1 mag noemen.. alles wat dan openstaat op mn desktop verdwijnt dan... ---------- Post toegevoegd om 10:59 ---------- Vorige post was om 10:53 ---------- ik krijg dus: you cannot rename combofix as combofix (1) please use another name preferably madeup of alphanumeric caracter
  14. acer73
    ben dr inderdaad mee bezig,heb hijack nogmaals laten lopen, krijg deze niet verwijderd: O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) zal nu avira proberen uit te schakelen en doen wat je zegt. spreek je zo weer. ---------- Post toegevoegd om 10:10 ---------- Vorige post was om 09:58 ---------- Kape, krijg deze niet verwijderd! heb avira op deactivated gezet. O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
  15. acer73
    heb net mn computer opnieuw opgestart, wederom mn desktop leeg met dingen die dr gedownload waren.. mmmm raar hor. hoop dat je me nog een aantal handvaten kan geven! Mvg, Robert.
  16. acer73
    he het volgende op het scherm nu: your files should now be visible, if you are still missing start menu items please temporaraely disable your anti virus or security programms and then try again in the event that they interferred with the restoral process weet nu even niet wat ik moet doen?? mn computer opnieuw opstarten?? ---------- Post toegevoegd om 23:24 ---------- Vorige post was om 23:19 ---------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:23:42, on 18-7-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\PixArt\PAC7311\Monitor.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnHost] c:\mKbfv.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MsnHost] c:\mKbfv.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10224 bytes
  17. acer73
    Kape, dit staat in het log na wederom een scan: Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 7192 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18-7-2011 22:34:24 mbam-log-2011-07-18 (22-34-24).txt Scan type: Quick scan Objects scanned: 196424 Time elapsed: 30 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------- Post toegevoegd om 22:44 ---------- Vorige post was om 22:35 ---------- kape, de 018 heb ik wederom bekeken, deze blijft staan op de hijack, krijg deze niet verwijderd.
  18. acer73
    was deze vergeten...mmmm slim ...O18 - Filter hijack: text/html, ga even opnieuw alles doen.. system check en verwijderen..
  19. acer73
    ik ga nu alles even opnieuw bekijken.
  20. acer73
    Hey Kape, Heb alles gedaan wat je me opgedragen hebt.. nadat er 4 infections waren gevonden heb ik deze verwijderd, computer opnieuw opgestart.. wederom waren er dingen op de desktop verdwenen incl. google chrome.. heb deze wederoom moeten herinstaleren.. malware anti virus is wel op de desktop blijven staan.. kan ik nog meer doen?? hoopso!!
  21. acer73
    Hallo, via het pc helpforum ben ik tot zover gekomen, wat kurtt de moderator mij vertelde.. ik heb het hijack gedeelte hieronder gekopierd.. zoals mij is gevraagd. ik hoop dat iemand iets ziet wat ik kan doen om mijn probleem op te lossen.. mvg, Robert. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:40:02, on 18-7-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\PixArt\PAC7311\Monitor.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: PHPNukeEN - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP0.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Msn] c:\mKbfv.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MsnMessendger] c:\mKbfv.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Msn] c:\mKbfv.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\system32\ O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10943 bytes
  22. acer73
    Hallo, Denk dat ik een virus heb, al mn data is verdwenen, foto's en documenten.. Nu staan er op mn desktop nog wel een aantal dingen, zoals internetexplorer, vlc media player, google earth. Als ik nu bv google chrome instaleer of een worddocument op mn desktop zet verdwijnt deze alle weer na het uitzetten van mn computer.. ook als ik iets download verdwijt dit alle weer..Internet explorer blijft wel gewoon staan.. Ik heb 2 virus scanners laten lopen, Avira en Spybot Search&distroy.. het zelfde blijft gebeuren.. alles wat ik doe verdwijnt?? Wat te doen
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.