Ga naar inhoud

elboujoufi

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    68

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door elboujoufi

  1. elboujoufi
    Dat klopt, zowel linkermuisknop als scrollknop openen alle links op hetzelfde venster, ik begin te denken dat internet explorer 9, alle links op hetzelfde vensters openen, alleen als ik rechterknopmuis klik en optie "openen in nieuw venster" de links in een venster openen, is het een optie om internet explorer 8 te installeren i.p.v. 9 ?
  2. elboujoufi
    Hallo Gerjannn Ik heb dat gedaan zoals je zei, een vinkje gezet, maar daarna klik ik op een link met de scrollknop, maar de website website opent zich op hetzelfde venster
  3. elboujoufi
    Ja, het werkt, maar alleen verschijnen die sites niet direct op mijn scherm, maar bovenin de taakbalk, dan moet ik er op klikken dan verschijnt de site pas tevoorschijn, niet echt een verbetering, maar beter dan niets
  4. elboujoufi
    Ik neem aan dat je bedoelt de scroll-knop van de muis, heb dit geprobeerd , ik klik erop maar gebeurt niets
  5. elboujoufi
    Ik heb dit gedaan, de problemen met de bewegende beelden (GiF's) zijn opgelost, alleen wanneer ik op de links klik, opent de website nog steeds op hetzelfde venster, is dit standaard in IE9 ?
  6. elboujoufi
    Sinds ik de nieuwste Internet Explorer 9 heb geinstalleerd (denk ik), kan ik alle websites niet openen op een nieuw scherm, deze openen altijd op hetzelfde scherm, dit was ik normaal niet gewend, nou heb ik een aantaal wijzigingen aangebracht bij internet-opties, maar zonder resultaat, toen was ik erachter gekomen dat als ik op rechterknop-muis klik en op "openen in nieuw venster" klik deze ook in een nieuw venster worden geopend, maar dit lijkt mij zeer onhandig, is er een andere oplossing mogelijk? Ook kan ik geen bewegende plaatjes (GIF's) zien op website's, moet ik hiervoor iets downloaden ?
  7. elboujoufi
    Mij computer gedraagt zich best goed de laatste dagen, geen vastlopers, denk ook hierbij dat het probleem is opgelost, wil hierbij iedereen bedanken die mij geholpen heeft om het:top: probleem op te lossen
  8. elboujoufi
    De computer is lekker vlot nu, alleen liep mijn computer gisteravond toevallig vast, dus ik weet niet 100% hoe hij nu voortaan gaat gedragen, maar de computer loopt nu lekker
  9. elboujoufi
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:02:03, on 15-11-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\mebec\Desktop\HiJackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5394 bytes
  10. elboujoufi
    Heb de tekens handmatig uit het register verwijderd, het lijkt erop dat het nu goed uitziet ComboFix 11-11-14.03 - mebec 15-11-2011 12:35:13.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.560 [GMT 1:00] Gestart vanuit: c:\users\mebec\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))) . . 2011-11-15 11:45 . 2011-11-15 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-15 10:24 . 2011-11-15 10:24 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D776AE-FABD-40D4-8E41-746257C114B5}\MpKslcafcb866.sys 2011-11-15 10:24 . 2011-11-15 10:24 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D776AE-FABD-40D4-8E41-746257C114B5}\offreg.dll 2011-11-14 18:24 . 2011-10-06 18:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D776AE-FABD-40D4-8E41-746257C114B5}\mpengine.dll 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\programdata\Malwarebytes 2011-11-13 20:39 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 20:29 . 2011-11-13 20:57 -------- d-----w- c:\program files\MemTurbo 4 2011-11-13 15:45 . 2011-11-13 15:45 -------- d-----w- c:\program files\Trend Micro 2011-11-13 14:57 . 2011-11-13 14:57 -------- d-----w- c:\program files\Common Files\Java 2011-11-13 14:56 . 2011-11-13 14:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-13 14:56 . 2011-11-13 14:56 -------- d-----w- c:\program files\Java 2011-11-13 14:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2011-11-13 14:47 . 2011-11-13 14:48 -------- d--h--w- c:\windows\msdownld.tmp 2011-11-08 21:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-08 21:37 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-08 21:37 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-10-21 02:46 . 2011-10-21 10:58 -------- d-----w- C:\Casino 2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Windows Portable Devices 2011-10-20 03:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-10-20 03:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-10-20 03:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-10-20 03:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-10-20 03:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-10-20 03:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-10-20 03:04 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2011-10-20 03:04 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2011-10-20 03:04 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2011-10-20 03:04 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2011-10-20 03:04 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2011-10-20 03:04 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2011-10-20 03:04 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2011-10-20 02:29 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-20 02:29 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-20 02:29 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-20 02:29 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-20 02:29 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-10-20 02:29 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-10-20 02:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-10-20 02:28 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-10-20 02:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-10-20 02:28 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-20 02:28 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-20 02:28 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-20 02:28 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-20 02:28 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-20 02:27 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-20 02:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-20 02:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-19 17:33 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-19 17:33 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-19 17:33 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-19 17:33 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-19 17:33 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-19 17:33 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-19 17:33 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-19 17:33 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-19 17:32 . 2011-10-19 17:32 -------- d-----w- C:\NVIDIA 2011-10-19 12:57 . 2011-10-19 12:57 98816 ----a-w- c:\windows\system32\mfps.dll 2011-10-19 12:53 . 2011-10-19 12:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-10-19 12:53 . 2011-10-19 12:53 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-10-19 12:53 . 2011-10-19 12:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-10-19 12:53 . 2011-10-19 12:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-10-19 12:53 . 2011-10-19 12:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-10-19 12:53 . 2011-10-19 12:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-10-19 12:53 . 2011-10-19 12:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-10-19 11:05 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-10-19 11:05 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\ca-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\eu-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\vi-VN 2011-10-19 02:37 . 2011-10-19 02:37 -------- d-----w- c:\programdata\WindowsSearch 2011-10-19 02:14 . 2011-10-19 02:14 -------- d-----w- c:\windows\system32\EventProviders 2011-10-19 01:35 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2011-10-19 01:28 . 2011-10-19 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-19 01:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-10-19 01:14 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll 2011-10-19 01:14 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll 2011-10-19 01:07 . 2009-04-11 06:28 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2011-10-19 01:06 . 2009-04-11 06:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll 2011-10-19 01:05 . 2009-04-11 06:28 90112 ----a-w- c:\windows\system32\wshext.dll 2011-10-19 01:04 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\fdSSDP.dll 2011-10-19 01:03 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2011-10-19 01:03 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-10-19 01:03 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2011-10-19 01:03 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2011-10-19 01:03 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-10-19 01:02 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2011-10-19 01:02 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2011-10-19 01:02 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2011-10-19 01:00 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2011-10-19 00:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-10-19 00:59 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-10-19 00:59 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-10-19 00:59 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-10-19 00:59 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-10-19 00:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-10-19 00:44 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll 2011-10-19 00:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-10-19 00:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-10-19 00:38 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-10-19 00:38 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-10-19 00:38 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-10-19 00:38 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-10-19 00:38 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-10-19 00:38 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-10-19 00:37 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-10-19 00:37 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2011-10-19 00:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-10-19 00:37 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-10-19 00:37 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-10-19 00:37 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-10-19 00:37 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-10-19 00:37 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-10-19 00:37 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-10-19 00:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-10-19 00:36 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2011-10-19 00:36 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2011-10-19 00:36 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 12:53 . 2011-10-19 12:53 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui 2011-10-19 00:06 . 2006-12-19 23:29 1312 ----a-w- c:\windows\CLEANUP.CMD 2011-10-18 21:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-10-18 21:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-10-18 19:41 . 2011-10-18 19:41 40960 ----a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui 2011-10-18 16:56 . 2011-10-18 16:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R1 MpKsl2f71d926;MpKsl2f71d926;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKsl2f71d926.sys [x] R1 MpKslb7afa5e1;MpKslb7afa5e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EAAE700-E125-42DE-BD16-F8544F2EDDB2}\MpKslb7afa5e1.sys [x] R1 MpKslccb2cecb;MpKslccb2cecb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKslccb2cecb.sys [x] R1 MpKslea1d90ec;MpKslea1d90ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB166539-200A-4AF3-ACEE-C204B05A01C9}\MpKslea1d90ec.sys [x] R1 MpKslfaa32357;MpKslfaa32357;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DE3B93-CC3F-44D9-8289-87621E11CA47}\MpKslfaa32357.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 MpKslcafcb866;MpKslcafcb866;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93D776AE-FABD-40D4-8E41-746257C114B5}\MpKslcafcb866.sys [2011-11-15 28752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLCAFCB866 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.mebec.weblinker.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-11-15 12:45 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5AF05168-A292-98C4-0BA2-9C5E23DC0016}*] "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhagfhcklnp"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhamfehmiok"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhaffcekicd"=hex:63, 62,6f,6a,68,61,62,6c,6f,68,6b,65,70,6e,66,6b,64,64,6e,6f,6c,6d,66,6e,65,6e,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1440) c:\windows\system32\MsnChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\ShowErrMsg.dll . Voltooingstijd: 2011-11-15 12:49:08 ComboFix-quarantined-files.txt 2011-11-15 11:49 ComboFix2.txt 2011-11-14 17:21 ComboFix3.txt 2011-11-14 16:08 . Pre-Run: 80.135.401.472 bytes beschikbaar Post-Run: 80.122.904.576 bytes beschikbaar . - - End Of File - - 0B233A40703E50805261614FE090C557
  11. elboujoufi
    ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6002, Service Pack 2) Tue Nov 15 11:22:40 2011 11:22:34: Error: Invalid registry syntax in command: "[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 11:22:36: Error: Invalid registry syntax in command: ""????r"="" [?]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 11:22:38: Error: Invalid registry syntax in command: ""?????????"="??????????????e" [?]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate.
  12. elboujoufi
    Het lijkt erop dat mijn computer sneller reageert dan eerst, bedankt ervoor, hier het logje ComboFix 11-11-14.02 - mebec 14-11-2011 18:09:51.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.490 [GMT 1:00] Gestart vanuit: c:\users\mebec\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\mebec\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))) . . 2011-11-14 17:18 . 2011-11-14 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-14 16:26 . 2011-11-14 16:26 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\MpKsl51480e48.sys 2011-11-14 16:26 . 2011-11-14 16:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\offreg.dll 2011-11-14 16:26 . 2011-10-06 18:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\mpengine.dll 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\programdata\Malwarebytes 2011-11-13 20:39 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 20:29 . 2011-11-13 20:57 -------- d-----w- c:\program files\MemTurbo 4 2011-11-13 15:45 . 2011-11-13 15:45 -------- d-----w- c:\program files\Trend Micro 2011-11-13 14:57 . 2011-11-13 14:57 -------- d-----w- c:\program files\Common Files\Java 2011-11-13 14:56 . 2011-11-13 14:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-13 14:56 . 2011-11-13 14:56 -------- d-----w- c:\program files\Java 2011-11-13 14:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2011-11-13 14:47 . 2011-11-13 14:48 -------- d--h--w- c:\windows\msdownld.tmp 2011-11-08 21:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-08 21:37 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-08 21:37 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-10-21 02:46 . 2011-10-21 10:58 -------- d-----w- C:\Casino 2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Windows Portable Devices 2011-10-20 03:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-10-20 03:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-10-20 03:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-10-20 03:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-10-20 03:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-10-20 03:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-10-20 03:04 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2011-10-20 03:04 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2011-10-20 03:04 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2011-10-20 03:04 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2011-10-20 03:04 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2011-10-20 03:04 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2011-10-20 03:04 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2011-10-20 02:29 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-20 02:29 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-20 02:29 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-20 02:29 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-20 02:29 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-10-20 02:29 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-10-20 02:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-10-20 02:28 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-10-20 02:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-10-20 02:28 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-20 02:28 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-20 02:28 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-20 02:28 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-20 02:28 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-20 02:27 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-20 02:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-20 02:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-19 17:33 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-19 17:33 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-19 17:33 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-19 17:33 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-19 17:33 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-19 17:33 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-19 17:33 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-19 17:33 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-19 17:32 . 2011-10-19 17:32 -------- d-----w- C:\NVIDIA 2011-10-19 12:57 . 2011-10-19 12:57 98816 ----a-w- c:\windows\system32\mfps.dll 2011-10-19 12:53 . 2011-10-19 12:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-10-19 12:53 . 2011-10-19 12:53 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-10-19 12:53 . 2011-10-19 12:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-10-19 12:53 . 2011-10-19 12:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-10-19 12:53 . 2011-10-19 12:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-10-19 12:53 . 2011-10-19 12:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-10-19 12:53 . 2011-10-19 12:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-10-19 11:05 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-10-19 11:05 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\ca-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\eu-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\vi-VN 2011-10-19 02:37 . 2011-10-19 02:37 -------- d-----w- c:\programdata\WindowsSearch 2011-10-19 02:14 . 2011-10-19 02:14 -------- d-----w- c:\windows\system32\EventProviders 2011-10-19 01:35 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2011-10-19 01:28 . 2011-10-19 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-19 01:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-10-19 01:14 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll 2011-10-19 01:14 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll 2011-10-19 01:07 . 2009-04-11 06:28 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2011-10-19 01:06 . 2009-04-11 06:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll 2011-10-19 01:05 . 2009-04-11 06:28 90112 ----a-w- c:\windows\system32\wshext.dll 2011-10-19 01:04 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\fdSSDP.dll 2011-10-19 01:03 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2011-10-19 01:03 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-10-19 01:03 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2011-10-19 01:03 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2011-10-19 01:03 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-10-19 01:02 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2011-10-19 01:02 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2011-10-19 01:02 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2011-10-19 01:00 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2011-10-19 00:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-10-19 00:59 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-10-19 00:59 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-10-19 00:59 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-10-19 00:59 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-10-19 00:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-10-19 00:44 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll 2011-10-19 00:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-10-19 00:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-10-19 00:38 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-10-19 00:38 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-10-19 00:38 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-10-19 00:38 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-10-19 00:38 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-10-19 00:38 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-10-19 00:37 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-10-19 00:37 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2011-10-19 00:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-10-19 00:37 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-10-19 00:37 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-10-19 00:37 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-10-19 00:37 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-10-19 00:37 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-10-19 00:37 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-10-19 00:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-10-19 00:36 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2011-10-19 00:36 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2011-10-19 00:36 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 12:53 . 2011-10-19 12:53 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui 2011-10-19 00:06 . 2006-12-19 23:29 1312 ----a-w- c:\windows\CLEANUP.CMD 2011-10-18 21:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-10-18 21:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-10-18 19:41 . 2011-10-18 19:41 40960 ----a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui 2011-10-18 16:56 . 2011-10-18 16:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"="" [?] "?????????"="??????????????e" [?] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R1 MpKsl2f71d926;MpKsl2f71d926;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKsl2f71d926.sys [x] R1 MpKslb7afa5e1;MpKslb7afa5e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EAAE700-E125-42DE-BD16-F8544F2EDDB2}\MpKslb7afa5e1.sys [x] R1 MpKslccb2cecb;MpKslccb2cecb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKslccb2cecb.sys [x] R1 MpKslea1d90ec;MpKslea1d90ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB166539-200A-4AF3-ACEE-C204B05A01C9}\MpKslea1d90ec.sys [x] R1 MpKslfaa32357;MpKslfaa32357;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DE3B93-CC3F-44D9-8289-87621E11CA47}\MpKslfaa32357.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 MpKsl51480e48;MpKsl51480e48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38E508BC-705E-401E-BC32-D964ED0EF649}\MpKsl51480e48.sys [2011-11-14 28752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL51480E48 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.mebec.weblinker.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-11-14 18:18 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5AF05168-A292-98C4-0BA2-9C5E23DC0016}*] "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhagfhcklnp"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhamfehmiok"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhaffcekicd"=hex:63, 62,6f,6a,68,61,62,6c,6f,68,6b,65,70,6e,66,6b,64,64,6e,6f,6c,6d,66,6e,65,6e,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4708) c:\windows\system32\MsnChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\ShowErrMsg.dll . Voltooingstijd: 2011-11-14 18:21:49 ComboFix-quarantined-files.txt 2011-11-14 17:21 ComboFix2.txt 2011-11-14 16:08 . Pre-Run: 81.362.628.608 bytes beschikbaar Post-Run: 81.340.854.272 bytes beschikbaar . - - End Of File - - 20C3E6FF24934DD6C9D2F245C80D4A09
  13. elboujoufi
    ComboFix 11-11-14.01 - mebec 14-11-2011 16:53:47.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1022.505 [GMT 1:00] Gestart vanuit: c:\users\mebec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56SJOD3N\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))) . . 2011-11-14 16:04 . 2011-11-14 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-14 15:12 . 2011-11-14 15:12 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\MpKsl0ae1f584.sys 2011-11-14 15:11 . 2011-11-14 15:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\offreg.dll 2011-11-14 15:10 . 2011-10-06 18:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\mpengine.dll 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\programdata\Malwarebytes 2011-11-13 20:39 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-13 20:39 . 2011-11-13 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-13 20:29 . 2011-11-13 20:57 -------- d-----w- c:\program files\MemTurbo 4 2011-11-13 15:45 . 2011-11-13 15:45 -------- d-----w- c:\program files\Trend Micro 2011-11-13 14:57 . 2011-11-13 14:57 -------- d-----w- c:\program files\Common Files\Java 2011-11-13 14:56 . 2011-11-13 14:56 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-13 14:56 . 2011-11-13 14:56 -------- d-----w- c:\program files\Java 2011-11-13 14:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2011-11-13 14:47 . 2011-11-13 14:48 -------- d--h--w- c:\windows\msdownld.tmp 2011-11-08 21:38 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-08 21:37 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-08 21:37 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-10-21 02:46 . 2011-10-21 10:58 -------- d-----w- C:\Casino 2011-10-20 03:08 . 2011-10-20 03:08 -------- d-----w- c:\program files\Windows Portable Devices 2011-10-20 03:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2011-10-20 03:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2011-10-20 03:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-10-20 03:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2011-10-20 03:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2011-10-20 03:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2011-10-20 03:04 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2011-10-20 03:04 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2011-10-20 03:04 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-10-20 03:04 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2011-10-20 03:04 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2011-10-20 03:04 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2011-10-20 03:04 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2011-10-20 03:04 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2011-10-20 02:29 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-10-20 02:29 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-10-20 02:29 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-20 02:29 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-10-20 02:29 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-10-20 02:29 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-10-20 02:28 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-10-20 02:28 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-10-20 02:28 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-10-20 02:28 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-10-20 02:28 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-20 02:28 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-20 02:28 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2011-10-20 02:28 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2011-10-20 02:27 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-20 02:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-20 02:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-19 17:33 . 2011-08-03 11:50 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-19 17:33 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-19 17:33 . 2011-08-03 11:50 914024 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-19 17:33 . 2011-08-03 11:50 2391656 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-19 17:33 . 2011-08-03 11:50 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-19 17:33 . 2011-08-03 11:50 16595560 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-19 17:33 . 2011-08-03 11:50 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-19 17:33 . 2011-08-03 11:50 5404776 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-19 17:33 . 2011-08-03 11:50 17193576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-19 17:32 . 2011-10-19 17:32 -------- d-----w- C:\NVIDIA 2011-10-19 12:57 . 2011-10-19 12:57 98816 ----a-w- c:\windows\system32\mfps.dll 2011-10-19 12:53 . 2011-10-19 12:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2011-10-19 12:53 . 2011-10-19 12:53 252928 ----a-w- c:\windows\system32\dxdiag.exe 2011-10-19 12:53 . 2011-10-19 12:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2011-10-19 12:53 . 2011-10-19 12:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2011-10-19 12:53 . 2011-10-19 12:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-10-19 12:53 . 2011-10-19 12:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-10-19 12:53 . 2011-10-19 12:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-10-19 11:05 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-10-19 11:05 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\ca-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\eu-ES 2011-10-19 02:42 . 2011-10-19 02:42 -------- d-----w- c:\windows\system32\vi-VN 2011-10-19 02:37 . 2011-10-19 02:37 -------- d-----w- c:\programdata\WindowsSearch 2011-10-19 02:14 . 2011-10-19 02:14 -------- d-----w- c:\windows\system32\EventProviders 2011-10-19 01:35 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2011-10-19 01:28 . 2011-10-19 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-19 01:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-10-19 01:14 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll 2011-10-19 01:14 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll 2011-10-19 01:07 . 2009-04-11 06:28 729600 ----a-w- c:\windows\system32\IMJP10K.DLL 2011-10-19 01:06 . 2009-04-11 06:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll 2011-10-19 01:05 . 2009-04-11 06:28 90112 ----a-w- c:\windows\system32\wshext.dll 2011-10-19 01:04 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\fdSSDP.dll 2011-10-19 01:03 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2011-10-19 01:03 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-10-19 01:03 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2011-10-19 01:03 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2011-10-19 01:03 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2011-10-19 01:03 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-10-19 01:02 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2011-10-19 01:02 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2011-10-19 01:02 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2011-10-19 01:00 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2011-10-19 00:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-10-19 00:59 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-10-19 00:59 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-10-19 00:59 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-10-19 00:59 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-10-19 00:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-10-19 00:44 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll 2011-10-19 00:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-10-19 00:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-10-19 00:38 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-10-19 00:38 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-10-19 00:38 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-10-19 00:38 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-10-19 00:38 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-10-19 00:38 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-10-19 00:37 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-10-19 00:37 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2011-10-19 00:37 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-10-19 00:37 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-10-19 00:37 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-10-19 00:37 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-10-19 00:37 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-10-19 00:37 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-10-19 00:37 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-10-19 00:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-10-19 00:36 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2011-10-19 00:36 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2011-10-19 00:36 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-19 12:53 . 2011-10-19 12:53 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui 2011-10-19 00:06 . 2006-12-19 23:29 1312 ----a-w- c:\windows\CLEANUP.CMD 2011-10-18 21:35 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2011-10-18 21:35 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2011-10-18 19:41 . 2011-10-18 19:41 40960 ----a-w- c:\windows\system32\drivers\nl-NL\http.sys.mui 2011-10-18 16:56 . 2011-10-18 16:56 2560 ----a-w- c:\windows\apppatch\AcRes.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"="" [?] "?????????"="??????????????e" [?] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R1 MpKsl2f71d926;MpKsl2f71d926;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKsl2f71d926.sys [x] R1 MpKslb7afa5e1;MpKslb7afa5e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EAAE700-E125-42DE-BD16-F8544F2EDDB2}\MpKslb7afa5e1.sys [x] R1 MpKslccb2cecb;MpKslccb2cecb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441B239F-4F57-4F56-B76F-8A2DD48AE08D}\MpKslccb2cecb.sys [x] R1 MpKslea1d90ec;MpKslea1d90ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB166539-200A-4AF3-ACEE-C204B05A01C9}\MpKslea1d90ec.sys [x] R1 MpKslfaa32357;MpKslfaa32357;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7DE3B93-CC3F-44D9-8289-87621E11CA47}\MpKslfaa32357.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 MpKsl0ae1f584;MpKsl0ae1f584;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173DA92E-F429-4F34-A942-BECE34951FB4}\MpKsl0ae1f584.sys [2011-11-14 28752] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1170464] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL0AE1F584 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.mebec.weblinker.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file) HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-11-14 17:04 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1859406639-702596590-2520636958-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5AF05168-A292-98C4-0BA2-9C5E23DC0016}*] "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhagfhcklnp"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhamfehmiok"=hex:61, 61,00,6a "pdmpolklialigofkjgbeodcfpdapmknoljkgidabpbnplpmgiaenogdcbidjjgakcihjkpanemfjpfbpehlpalbiikhcnijpdkpkafdcpoaedhccfjjolfhaffcekicd"=hex:63, 62,6f,6a,68,61,62,6c,6f,68,6b,65,70,6e,66,6b,64,64,6e,6f,6c,6d,66,6e,65,6e,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5940) c:\windows\system32\MsnChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\ShowErrMsg.dll . Voltooingstijd: 2011-11-14 17:08:27 ComboFix-quarantined-files.txt 2011-11-14 16:08 . Pre-Run: 81.456.549.888 bytes beschikbaar Post-Run: 81.436.528.640 bytes beschikbaar . - - End Of File - - 2DBB7D92F92727149A74A9B1F4CCD4E9 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:16:40, on 14-11-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\mebec\Desktop\HiJackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1859406639-702596590-2520636958-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5442 bytes
  14. elboujoufi
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:24:44, on 14-11-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - Global Startup: Empowering Technology Launcher.lnk = ? O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5702 bytes
  15. elboujoufi
    Bedankt voor uw snelle reactie, heb de items op Hijackthis verwijdert zoals u vroeg maar bij een nieuwe scan kwamen ze weer terug maar dat terzijde dit zijn de scanresultaten Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8154 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 13-11-2011 21:47:06 mbam-log-2011-11-13 (21-47-06).txt Scantype: Snelle scan Objecten gescand: 166260 Verstreken tijd: 6 minuut/minuten, 22 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:51:30, on 13-11-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5947 bytes
  16. elboujoufi
    Het is mij uiteindelijk wel gelukt, hieronder de resultaten Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:29:57, on 13-11-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MEBEC Startpagina : Weblinker.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - Global Startup: Empowering Technology Launcher.lnk = ? O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 5777 bytes
  17. elboujoufi
    Het lukt me niet, hij geeft aan "Kan het bestand C:\Program Files\Trend Micro\HiJackThis\hijachthis.log niet vinden, Wilt u een nieuw bestand maken ?
  18. elboujoufi
    mijn computer loopt eens in de twee dagen helemaal vast, ik kan dan mijn muis niet bewegen, dit duurt van enkele seconden tot urenlang, ik moet dan de stekker erafhalen, dit gebeurt tot enkele keren per dag, ik geloof dat het steeds erger wordt
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.