Jan2222

Op andere forums zie ik veel vergelijkbare klachten/problemen met de interne memory van deze telefoon. Maar weinig voor mij begrijpelijke oplossingen. Is er iemand die kan helpen ? Zo niet, dan ook svp aangeven, dan zal ik verder zoeken. Bvd

Op zich is HTC Wildfire S een prima telefoon. Echter het interne geheugen is belachelijk klein (512Mb) en wordt ook nog eens door niet-verplaatsbare voor-geinstalleerde apps beperkt, zodat er maar 150 Mb "vrij" is. En dit is met een paar apps (die ook niet altijd naar de SD verplaatst kunnen worden) snel vol. Vaak zelfs te vol zodat updates (ook van HTC) al niet meer kunnen draaien. Het "manage apps" en andere standaard HTC aanpakken brengen geen oplossing. En overal zie je klacthen over dit onmogelijk kleine interne geheugen. Op andere forums lees ik dat er d.m.v. trucs een "vergroot" intern geheugen (tot 2 Gb) op de SD kaart te creeren is. Bijv. op Achteraf het interne geheugen vergroten Wildfire S Nou moet je hiervoor de SD card partitioneren (dat kan ik nog wel), tools? als app2sd gebruiken (wat doet dit?), en Data2SD flashen (hier wordt het moeilijker voor mij ...), etc. Zouden jullie mij een 'handleiding' met stappen kunnen geven wat en hoe te doen ? Veel dank alvast.

Beste, Ik moet toegeven ik ben begonnen op een maagdelijke PC (nooit eerder TomTom geinstalleerd gehad) en kreeg het niet voor elkaar (misschien omdat ik t niet in de standaard directory wilde zetten). Daarna geen enkele opschoning/installatie werkte. Jouw complete cleanup werkte wel ! Zowaar is het me nu gelukt om TTH geinstalleerd te krijgen ! Veel dank.

Beste, Ik heb geen Norton. Wel Panda ... maar na de post hier heb ik verder (ook USA) gecheckt, en het lijkt er op dat TomTom Home bijna nooit goed werkt met de 64 bit versie Windows7. Ofwel de installatie hangt halverwege (HP Compaq desktop) of wel uiteindelijk geinstalleerd (Dell D6400) maar met bovengemelde fout melding bij opstarten van de applicatie. Ook heb ik vele 'bypasses' geprobeerd: - run-as-admin - installeren in C:\progr~2 directory - etc Allemaal zonder effect. Tenzij als jullie een slimme truc weten ?

Beste, Op mijn pc wil ik TomTom Home2 installeren (v.2.8). Als al op vele andere forums aangegeven het lijkt er op dat TTH niet goed werkt met W7 64 bit. Inmiddels vele keren geprobeerd (install - uninstall), maar ook bij 1e poging werkt het niet. TTH wil wel installeren (uiteindelijk) maar wil niet opstarten: error message zie onder. Wie weet raad ? Ik heb al vele opties geprobeerd: - oudere versies (v.2.5) werkt ook niet - DEP uitschakelen werkt ook niet - Run as Admin werkt ook niet Wat te doen ? ERROR: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIProperties.get]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://tthome/content/logic/settings.js :: anonymous :: line 282" data: no] in chrome://tthome/content/logic/settings.js:282 Stack: 0. chrome://tthome/content/logic/settings.js:282 this._dataDir = directoryService.get("Pers", CI.nsIFile); 1. chrome://tthome/content/logic/settings.js:257 this._initAppDirectories(); 2. chrome://tthome/content/logic/app.js:38 this.settings.start(); 3. chrome://tthome/content/ui/mainwin/mainWin.js:44 gApplication.start(); 4. function onLoad chrome://tthome/content/ui/mainwin/mainWin.js:14 gMainWindow.start(); 5. function onload chrome://tthome/content/ui/mainwin/mainWin.xul:1 <?xml version="1.0"?> Time: Wed, 20 Jun 2012 18:17:02 GMT

W7 herinstallatie uitgevoerd, succesvol. Registry is die exe nu ook kwijt. Alles doet het weer gewoon. En de programma's die ik kwijt was of leek te zijn, moet ik gewoon opnieuw installeren. Desktop HP Compag CQ5340nl, met Windows7. Overigens prima pc, geen problemen. Dank voor de support en de tips ! Ga zo door.

Het is hardnekkig. In de registry het proberen te verwijderen blijkt niet mogelijk "unable to delete all specified values"; geldt voor alle 3 items (default, recycle, kb..) in beide locaties. Uw stap hierna het verwijderen van KB828131.exe lukt ook niet, deze file is niet aanwezig op genoemde dir, maar ook nergens in C:\Windows. Het zit kennelijk allemaal erg diep en onaantastbaar. Als eerder gemeld, ik wil W7 herinstallatie gaan doen, dan heb ik tenminste weer schone lei. Echter, weet ik dan zeker dat dit probleem ook echt weg is ? Dwz. bijv. wordt er dan een geheel nieuwe Registry opgebouwd ? Of moet ik een bepaald soort herinstallatie doen ? Veel dank voor de pogingen en de support !

OK, gedaan. Bij de eerste vond hij 2 hits (in dezelfde 'run', eerst bij 'default' de 2e bij 4Y3...etc). Dus intotaal 3 exports: (Als ik hierna iets in de registry moet doen, geen probleem heb ik wel eens eerder moeten doen) Windows Registry Editor Version 5.00 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "4Y3Y0C3AWF7W0VWDBNJJC"="C:\\Recycle.Bin\\B6232F3AFAD.exe /q" "KB828131.exe"="\"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\KB828131.exe\"" Key Name: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 14-Sep-11 - 19:55 Value 0 Name: 4Y3Y0C3AWF7W0VWDBNJJC Type: REG_SZ Data: C:\Recycle.Bin\B6232F3AFAD.exe /q Value 1 Name: KB828131.exe Type: REG_SZ Data: "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" Key Name: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 14-Sep-11 - 19:55 Value 0 Name: 4Y3Y0C3AWF7W0VWDBNJJC Type: REG_SZ Data: C:\Recycle.Bin\B6232F3AFAD.exe /q Value 1 Name: KB828131.exe Type: REG_SZ Data: "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe"

Avenger leek gewerkt te hebben (geen vaudmeldingen bijv). Maar geen txt file aangemaakt noch te vinden. Daarom maar een nieuwe Hijackthis, maar hier komt de file C:\Recycle.Bin\B6232F3AFAD.exe nog steeds terug (lijkt onuitroeibaar; maar is deze file schadelijk zo vraag ik me af), en mijn diverse progamma's zijn ook nog steeds onvinbaar. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:13:42, on 14-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Talsbak\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [KB828131.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8347 bytes

Als ik Kill.bat opstart, krijg ik reactie in een message.txt file "Unsupported version". In de file uitgepakt zijn er verder nog files zoals: smwncv.exe swreg.exe reboot.exe process.exe regdacl.exe restart.exe Wat moet ik anders doen om het programmatje te laten lopen ?

Hierbij de Hijacklog: Ik begrijp dat je zegt dat de combofix er goed uitziet, maar vele exe prgrammas zowel via start als direct via explorer blijven onvindbaar. Is op dit moment niet de betere oplossing een W7 herinstallatie en herinstallatie van mijn diverese programmas ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:50:11, on 13-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Users\Talsbak\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [KB828131.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8223 bytes

Hi, Bijgaand de log van combofix, en ook alvast daarna de laatste log van hijackthis. Maar ik zie wel dat die C:\Recycle.Bin\B6232F3AFAD.exe erg hardnekkig is, het is er nog steeds. En de diverse programmas in Startmenu staan nog steeds op <empty> en ook nog steeds onvindbar in explorer. Kan het zijn dat de diverse .exe files toch gewoon gewist zijn ? NB. Ik had in begin gemeld dat 'ik' wel bij het eerste optreden van het virus perongeluk die S.M.A.R.T. had opgestart, kan dat de oorzaak zijn ? Veel dank voor de hulp ! ComboFix 12-05-11.03 - Talsbak 11-May-12 21:54:47.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2112 [GMT 2:00] Running from: c:\users\Talsbak\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marit\Documents\~WRL0099.tmp c:\users\Marit\Documents\~WRL0394.tmp c:\users\Talsbak\AppData\Roaming\Adobe\plugs c:\users\Talsbak\AppData\Roaming\Adobe\shed c:\users\Talsbak\WINDOWS c:\windows\SysWow64\Temp c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1327273388.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1331767812.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_beforeDec_1331767810.dat . . ((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))) . . 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Tessa\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Marit\AppData\Local\temp 2012-05-10 20:10 . 2012-05-10 20:10 -------- d-----w- c:\program files\CCleaner 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\users\Talsbak\AppData\Roaming\Malwarebytes 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\programdata\Malwarebytes 2012-05-08 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 23:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8763E0E7-C835-47C2-8A06-E6E51174CF18}\mpengine.dll 2012-05-06 22:50 . 2012-05-06 23:07 -------- d-----w- c:\windows\system32\MpEngineStore 2012-05-02 11:48 . 2012-05-02 11:48 -------- d-----w- c:\users\Tessa\.jordan 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\users\Talsbak\AppData\Local\Google 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\program files (x86)\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 15:20 . 2012-03-01 15:20 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-23 08:18 . 2010-08-30 19:44 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\0 programs\Apple iTunes\iTunesHelper.exe" [2011-11-12 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\0 programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vtcdrv;GoGear Recovery Mode;c:\windows\system32\DRIVERS\vtcdrv_amd64.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800] S2 MBAMService;MBAMService;c:\0 programs\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: softpedia.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) Wow6432Node-HKU-Default-Run-4Y3Y0C3AWF7W0VWDBNJJC - c:\recycle.bin\B6232F3AFAD.exe Wow6432Node-HKU-Default-Run-KB828131.exe - c:\windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\java.exe c:\windows\SysWOW64\ping.exe c:\windows\SysWOW64\ping.exe . ************************************************************************** . Completion time: 2012-05-11 22:13:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-11 20:13 . Pre-Run: 183,856,726,016 bytes free Post-Run: 184,425,504,768 bytes free . - - End Of File - - 5D4F8681D1CBE14F874570C530FA13A1 ComboFix 12-05-11.03 - Talsbak 11-May-12 21:54:47.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2112 [GMT 2:00] Running from: c:\users\Talsbak\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marit\Documents\~WRL0099.tmp c:\users\Marit\Documents\~WRL0394.tmp c:\users\Talsbak\AppData\Roaming\Adobe\plugs c:\users\Talsbak\AppData\Roaming\Adobe\shed c:\users\Talsbak\WINDOWS c:\windows\SysWow64\Temp c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1327273388.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1331767812.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_beforeDec_1331767810.dat . . ((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))) . . 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Tessa\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Marit\AppData\Local\temp 2012-05-10 20:10 . 2012-05-10 20:10 -------- d-----w- c:\program files\CCleaner 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\users\Talsbak\AppData\Roaming\Malwarebytes 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\programdata\Malwarebytes 2012-05-08 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 23:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8763E0E7-C835-47C2-8A06-E6E51174CF18}\mpengine.dll 2012-05-06 22:50 . 2012-05-06 23:07 -------- d-----w- c:\windows\system32\MpEngineStore 2012-05-02 11:48 . 2012-05-02 11:48 -------- d-----w- c:\users\Tessa\.jordan 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\users\Talsbak\AppData\Local\Google 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\program files (x86)\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 15:20 . 2012-03-01 15:20 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-23 08:18 . 2010-08-30 19:44 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\0 programs\Apple iTunes\iTunesHelper.exe" [2011-11-12 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\0 programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vtcdrv;GoGear Recovery Mode;c:\windows\system32\DRIVERS\vtcdrv_amd64.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800] S2 MBAMService;MBAMService;c:\0 programs\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: softpedia.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) Wow6432Node-HKU-Default-Run-4Y3Y0C3AWF7W0VWDBNJJC - c:\recycle.bin\B6232F3AFAD.exe Wow6432Node-HKU-Default-Run-KB828131.exe - c:\windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\java.exe c:\windows\SysWOW64\ping.exe c:\windows\SysWOW64\ping.exe . ************************************************************************** . Completion time: 2012-05-11 22:13:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-11 20:13 . Pre-Run: 183,856,726,016 bytes free Post-Run: 184,425,504,768 bytes free . - - End Of File - - 5D4F8681D1CBE14F874570C530FA13A1

Hi, Ik vrees dat het niet veel opgelost heeft. De AMService bestond niet, dus ook geen gestopt/gedeleted. Hijack gedraaid, met fix en clean, CCclearner gedraaid, daarna ook nog Unhide, en ge-reboot. En tenslotte weer de Hijack, zie log hieronder. Echter bijv. de B6232F3AFAD.exe zit er nog steeds in (lijkt onuitroeibaar). En mijn files via Start menu, bijv LInkSys, bijv Panda zijn weg (empty). Maar als eerder gezegd ook via Windows Explorer zijn ook niet te vinden (ook niet na diverse Unhide's). Zouden ze echt geheel gedeleted kunnen zijn ? Bij het aanloggen van jullie site kreeg ik nu een MBAM foutmedling: ... malacious process attempting to start ... C:\USERS\TALSBAK\APPDATA\LOCAL\TEMP\0.9530072868350183.EXE EXPLOIT.DROP.4 Ik heb maar Quarantine gedaan. Dank voor de hulp ! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:32:58, on 10-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Windows\SysWOW64\java.exe C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\ping.exe C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\ping.exe C:\Users\Talsbak\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9919 bytes

SOrry, had ik vergeten te melden, Unhide had ik al een paar keer gedraaid, dit had weinig verbetering. De geschetste situatie en Hijack log is van na deze unhide. Dus ik ben nog steeds veel programmas in Start menu kwijt, en eigenlijk ook dus in de WIndows Explorers. Bijv. de panda exe is niet te vinden, is 'weg'.

Toch nog ff een derde reactie. Behalve eerder genoemde zaken: - mijn toolbar is weg - Panda antivirus lijkt compleet ge-de-installeerd (weg) Ook mijn Start > All Programs, bij vele programs is het opstart programma weg, bijv. Administrative Tools, bijv. Panda, bijv. iTunes, bijv. Linksys, bijv. Microsoft Silverlight, bijv. Roxio, bijv. Windows Live, etc etc. Sommige kan ik wel weer re-installeren, maar is er misschien een snellere / completere herstel van deze structuur ? Zijn de programma's er nog wel, of zijn deze echt gewist ? NB. We hebben bij de eerste keer optreden van het virus waarbij er Hard Disk problems gemeld werden geclickt op een 'analysis' button, of zoiets. Dus er is toen misschien wel iets geprocessed. Of is dit normaal gevolg van dit virus ? Met dank !

Nog een Hijackthis gedraaid. De 2 files die u wilde dat ik verwijderde die in de RecycleBin 'staan', zijn er nog altijd: B6232F3AFAD.exe En van hierboven genoemde 'dubieuze' applications die continue draaien zijn er twee me nu duidelijk, blijven nog over de volgende waarvoor te bepalen of deze normaal zijn of dubeieus: crss.exe dwm.exe nvvsvc.exe Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:02:44, on 09-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe C:\0 PROGRAMS\MS Office\Office\1033\msoffice.exe C:\Users\Talsbak\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -update activex O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [KB828131.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\gynhmg\setup.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9817 bytes

Het lijkt er op dat mijn PC in W7 normal mode goed lijkt te werken. Wel draaien er opeens 'continu' de volgende applicaties in Windows Task Manager: CPmonitor.exe crss.exe dwm.exe nvvsvc.exe remoterm.exe Alle zonder description, en ik moet zeggen ik heb deze nimmer eerder gezien. En ... - mijn toolbar is weg - Panda antivirus lijkt compleet ge-de-installeerd (weg) Op zich geen probleem om dit opnieuw te installeren, maar is dit normaal gevolg van dit virus ? Hoef ik de rest van de opschoning, dwz. de andere stappen (zoals u bij veel anderen heeft aangegeven) nu niet verder te doorlopen ? Met dank !

Hi, Dank voor de hulp. Bij het FIX zoals door u gevraagd wilde de 2 files die in Recycle Bin stonden niet weg. Ik had en heb Recycle bin leeg gemaakt, herstart, etc. en desondanks bleeft biij een volgende Hijack deze 2 files gewoon in de scan weer naar voren komen. Daarna toch maar de MBAM scan gedaan. Bijgaande de MBAM log en daaronder de HijackThis log van daarna. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.08.08 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 Talsbak :: TALSBAK-HPCOMPQ [administrator] Protection: Disabled 08-May-12 19:38:10 mbam-log-2012-05-08 (19-38-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 285634 Time elapsed: 8 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\ProgramData\iRrLnyaJqw.exe (Trojan.FakeAlert.DF) -> Quarantined and deleted successfully. C:\ProgramData\oiwfEBU2JxDIQI.exe (Trojan.FakeAlert.DF) -> Quarantined and deleted successfully. C:\ProgramData\UvKFkMkwGOOUyI.exe (Trojan.FakeAlert.DF) -> Quarantined and deleted successfully. C:\Users\Talsbak\AppData\Roaming\Uvalgi 00\ubetu. 00 exe 00 (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Marit\AppData\Local\Temp\hnszs0.exe (Rogue.FakeAV) -> Quarantined and deleted successfully. C:\Users\Marit\AppData\Local\Temp\Temp1_Picture13.JPG[1].zip\Picture13.JPG_www.facebook.com (Backdoor.Agent) -> Quarantined and deleted successfully. C:\Users\Talsbak\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully. (end) Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:59:08, on 08-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Users\Talsbak\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\gynhmg\setup.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9700 bytes

Beste, Ook bij mij heeft het FakeSysDef of S.M.A.R.T. virus toegeslagen. Problemen waren: onzichtbare files/folders/etc. Die heb ik met Unhide weer terug (in Safe mode). Maar mijn Panda virus is nog steeds onvindbaar, en mijn Windows Security Center is ook onmogelijk gemaakt te gebruiken. Ik heb het Microsoft Support Emergency Response Tool gedraaid, dat werkte wel, maar zo gauw ik weer in normale modus opstartte begon het feest van het virus weer. Dus ik ben weer terug bij af. Daarom graag jullie hulp om het helemaal (inclusief waarschijnlijk de Registry opschoning) op gelost te krijgen ? Bijgaand de HijackThis file. Alvast bedankt !! Jan Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:06:01, on 07-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode Running processes: C:\Users\Talsbak\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iRrLnyaJqw.exe] C:\ProgramData\iRrLnyaJqw.exe O4 - HKLM\..\Run: [LanzarP2012tmp] "C:\Users\Talsbak\AppData\Local\Temp\P2012tmp\Install.exe" /SETUP:"/l0x0009" O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKCU\..\Run: [{BC66BFEB-58C4-C038-AB91-38E6E9DE4211}] C:\Users\Talsbak\AppData\Roaming\Uvalgi\ubetu.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\gynhmg\setup.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9644 bytes

Het heeft even gewacht wegens ziekte, maar ik heb nu alle akties gedaan. Combofix eraf, Vundofix eraf, en CCleaner gedraaid. Wel viel me hierbij op dat de registry cleanup ook bij een 2e keer doen weer een lijst van op te schonen zaken opleverde (zie bijlage zip). Klopt dat ? Bijgaande 2x meldingen van Panda, iets wat ik voor deze problemen niet zozeer kende. Voor de rest lijkt alles het nu weer goed te doen. Dus veel dank. En status mag op "opgelost" ! cc_20080412_1352.zip

Nog ff een voorbeeld van de Panda message (ik kan geen jpg's attachen) die ik nog krijg (en eerder vóór mijn problemen nooit kreeg): Attempt to modify HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL\PROVIDER. Hierbij kies ik dan de optie "don't allow settings to be modified". Ik zal de cleanup doen en je laten weten.

Het duurde even omdat Combofix kennelijk 2x vastliep. Nu wel gelukt. Combofix log: ComboFix 08-03-30.2 - Jan-Edzard 2008-04-01 9:15:16.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.179 [GMT 2:00] Running from: G:\Software Downloads\Virus\ComboFix.exe Command switches used :: G:\Software Downloads\Virus\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\All Users\Application Data\gbmzwfqj.dll C:\WINDOWS\_delis32.ini C:\WINDOWS\system32\iizsylbg.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\gbmzwfqj.dll C:\VundoFix Backups C:\WINDOWS\_delis32.ini C:\WINDOWS\system32\iizsylbg.exe . ((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))) . 2008-03-30 20:47 . 2008-03-30 20:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-30 20:47 . 2008-03-30 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-30 01:13 . 2008-03-30 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-29 14:37 . 2008-03-29 14:42 <DIR> d-------- C:\Program Files\Windows Live 2008-03-29 14:37 . 2008-03-29 14:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-29 14:37 . 2008-03-29 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-29 14:36 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-03-29 14:36 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-03-29 14:36 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-03-29 14:36 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Program Files\Symantec 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-28 20:54 . 2008-03-28 20:54 24,576 --a------ C:\WINDOWS\system32\winzzr32.dll 2008-03-15 17:20 . 2008-03-15 17:20 77,312 --a------ C:\ROZ Woonruimte - Handleiding - okt 2005.doc 2008-03-01 11:46 . 2008-03-01 11:46 <DIR> d-------- C:\Program Files\Mindscape . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 28980-02-04 05:32 --------- d-----w C:\Program Files\microsoft frontpage 28980-02-04 05:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-03-31 19:26 214,928 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-03-31 19:26 214,928 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-03-31 19:26 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-03-31 19:26 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-03-01 09:46 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-02-16 11:12 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-01-04 19:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll 2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe 2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-30_23.13.57.75 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-30 20:33:59 59,268 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-31 19:30:07 59,268 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-30 20:33:59 393,638 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-31 19:30:07 393,638 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 33280 C:\WINDOWS\system32\rundll32.exe] "SoundMan"="SOUNDMAN.EXE" [2002-09-27 14:44 47104 C:\WINDOWS\SOUNDMAN.EXE] "PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 16:27 295001] "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ] "APVXDWIN"="D:\Panda\APVXDWIN.exe" [2007-03-30 15:52 329264] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Microsoft Office 2000\Office\OSA9.EXE [2000-01-21 10:15:54 65588] SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-09-23 18:36:30 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "DhGiivUbGS"= C:\WINDOWS\TEMP\win17.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoStartMenuPinnedList"= 0 (0x0) "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --a------ 2003-05-01 23:56 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2002-09-27 16:38 446464 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-12-27 11:57 98304 D:\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SENS"=2 (0x2) "RSVP"=3 (0x3) "SysmonLog"=3 (0x3) "mnmsrvc"=3 (0x3) "CiSvc"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Browser"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\WINDOWS\\explorer.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-04-02 19:43] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-04-02 19:43] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-03-12 17:45] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-04-02 19:43] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-03-22 18:12] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-03-12 17:27] R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-04-02 19:43] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-04-02 19:43] R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2006-10-27 13:27] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-02-19 14:21] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501G.sys [2004-07-29 13:55] R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [] R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2002-05-29 08:54] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-02 19:43] R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-03 00:05] S3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys [1998-07-01 13:58] *Newly Created Service* - CATCHME *Newly Created Service* - PAVDRV *Newly Created Service* - PAVSRV . Contents of the 'Scheduled Tasks' folder "2008-03-29 23:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-24 08:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 08:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 15:00:02 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 00:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 18:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 19:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 21:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 22:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 01:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 02:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 03:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 04:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 05:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 06:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 07:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\d0u418YA.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-01 09:24:41 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-01 9:26:50 ComboFix-quarantined-files.txt 2008-04-01 07:26:42 ComboFix2.txt 2008-03-30 21:15:31 Pre-Run: 7,418,908,672 bytes free Post-Run: 7,404,019,712 bytes free En een nieuwe HJT: Logfile of HijackThis v1.99.1 Scan saved at 9:36:59, on 01-Apr-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Panda\pavsrv51.exe D:\Panda\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe D:\Panda\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe d:\anti-spyware\a2 free\a2service.exe D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe D:\Panda\PsCtrls.exe D:\Panda\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe d:\panda\firewall\PSHOST.EXE D:\Panda\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\fxssvc.exe D:\Panda\ApvxdWin.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Microsoft Office 2000\Office\1033\msoffice.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Panda\WebProxy.exe C:\Program Files\MrSnappy95\snappy95.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Anti-Spyware\Spybot\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office 2000\Office\OSA9.EXE O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201816543913 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\anti-spyware\a2 free\a2service.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - D:\Panda\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\panda\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\Panda\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\Panda\TPSrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Systeem lijkt nu wel schoon in de zin dat ik geen rode popups en blauwe popups van SecurityAlert etc.(exact dezelfde als bij Jesse op 22/3) meer krijg, echter na de 1e schoonmaak kreeg ik nog wel vaak Panda-messages dat er blocks uitgevoerd worden omdat iets mijn registry .../searchURL, ..../provider, en ..../mainpage, etc. wil wijzigen. Deze meldingen krijg ik ook nog nu, nadat ik dus de laatste keer ComboFix heb gerund, nu net nog bij de reboot. Dus 't lijkt erop dat alles vrij schoon is maar dat toch ook kennelijk dat mijn pc nog aangevallen wordt ? Alvast bedankt voor de hulp !

Resultaten zijn: VundoFix gaf geen "infections", dus log report is leeg. Toen maar ComboFix gedraaid (wat je bij Jesse op 22/3 ook had aanbevolen) en de log hiervan is: ComboFix 08-03-30.2 - Administrator 2008-03-30 23:01:07.2 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.376 [GMT 2:00] Running from: G:\Software Downloads\Virus\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Jan-Edzard\Application Data\install.dat C:\Documents and Settings\Jan-Edzard\Application Data\printer.exe C:\Program Files\Common Files\{30F35~1 C:\Program Files\Common Files\{70F35~1 C:\WINDOWS\system32\winpto32.dll . ---- Previous Run ------- . C:\WINDOWS\appatc~1 C:\WINDOWS\system32\unsvchosts.lzma . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-30 23:04 . 92,544 C:\WINDOWS\system32\drivers\av5flt.sys 2008-03-30 22:15 . 2008-03-30 22:15 <DIR> d-------- C:\VundoFix Backups 2008-03-30 20:47 . 2008-03-30 20:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-30 20:47 . 2008-03-30 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-30 01:13 . 2008-03-30 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-29 14:37 . 2008-03-29 14:42 <DIR> d-------- C:\Program Files\Windows Live 2008-03-29 14:37 . 2008-03-29 14:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-29 14:37 . 2008-03-29 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-29 14:36 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-03-29 14:36 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-03-29 14:36 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-03-29 14:36 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Program Files\Symantec 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-03-29 14:08 . 2008-03-29 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-29 10:21 . 2008-03-29 10:21 94,208 --a------ C:\Documents and Settings\All Users\Application Data\gbmzwfqj.dll 2008-03-29 10:21 . 2008-03-29 10:21 90,112 --a------ C:\WINDOWS\system32\iizsylbg.exe 2008-03-28 20:54 . 2008-03-28 20:54 24,576 --a------ C:\WINDOWS\system32\winzzr32.dll 2008-03-15 17:20 . 2008-03-15 17:20 77,312 --a------ C:\ROZ Woonruimte - Handleiding - okt 2005.doc 2008-03-01 11:46 . 2008-03-01 11:46 <DIR> d-------- C:\Program Files\Mindscape 2008-03-01 11:45 . 2008-03-01 11:45 272 --a------ C:\WINDOWS\_delis32.ini 2008-02-16 13:12 . 2008-02-16 13:12 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 28980-02-04 05:32 --------- d-----w C:\Program Files\microsoft frontpage 28980-02-04 05:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-03-30 21:06 214,928 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-03-30 21:06 214,928 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-03-30 21:06 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-03-30 21:06 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-03-01 09:46 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-01-04 19:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll 2007-12-31 10:06 162 ----a-w C:\install.dat 2007-12-26 20:21 737,280 ----a-w C:\WINDOWS\iun6002.exe 2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe 2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 33280 C:\WINDOWS\system32\rundll32.exe] "SoundMan"="SOUNDMAN.EXE" [2002-09-27 14:44 47104 C:\WINDOWS\SOUNDMAN.EXE] "PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.exe" [2004-07-02 16:27 295001] "hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ] "APVXDWIN"="D:\Panda\APVXDWIN.exe" [2007-03-30 15:52 329264] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Microsoft Office 2000\Office\OSA9.EXE [2000-01-21 10:15:54 65588] SpeedTouch 121g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe [2004-09-23 18:36:30 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "DhGiivUbGS"= C:\WINDOWS\TEMP\win17.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFavoritesMenu"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoUserNameInStartMenu"= 0 (0x0) "NoInstrumentation"= 0 (0x0) "NoStartMenuPinnedList"= 0 (0x0) "ForceStartMenuLogoff"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --a------ 2003-05-01 23:56 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2002-09-27 16:38 446464 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-12-27 11:57 98304 D:\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SENS"=2 (0x2) "RSVP"=3 (0x3) "SysmonLog"=3 (0x3) "mnmsrvc"=3 (0x3) "CiSvc"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "Browser"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\WINDOWS\\explorer.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-04-02 19:43] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-04-02 19:43] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-03-12 17:45] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-04-02 19:43] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-03-22 18:12] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys [2007-03-12 17:27] R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-04-02 19:43] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-04-02 19:43] R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2006-10-27 13:27] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-02-19 14:21] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\BT4501G.sys [2004-07-29 13:55] R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [] R3 EL910;3Com 3CSOHO100B-TX PCI;C:\WINDOWS\system32\DRIVERS\EL910N51.sys [2002-05-29 08:54] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-02 19:43] R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-03 00:05] S3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys [1998-07-01 13:58] *Newly Created Service* - PAVDRV *Newly Created Service* - PAVSRV . Contents of the 'Scheduled Tasks' folder "2008-03-29 23:00:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-24 08:00:00 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 08:00:00 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 09:00:03 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 10:00:00 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 11:00:00 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 12:00:00 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 13:00:00 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 14:00:00 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 15:00:02 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 16:00:00 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 00:00:00 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 18:00:00 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 19:00:00 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-30 19:00:00 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 21:00:00 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-29 22:00:00 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 01:00:00 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 02:00:00 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 03:00:00 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 04:00:00 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 05:00:00 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 06:00:00 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\d0u418YA.exe "2008-03-19 07:00:00 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\d0u418YA.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 23:05:16 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\Panda\pavsrv51.exe D:\Panda\AVENGINE.EXE D:\Panda\TPSrv.exe d:\anti-spyware\a2 free\a2service.exe D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe D:\Panda\PsCtrls.exe D:\Panda\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe d:\panda\firewall\PSHOST.EXE D:\Panda\PsImSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\fxssvc.exe C:\Microsoft Office 2000\Office\1033\msoffice.exe D:\Panda\WebProxy.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Completion time: 2008-03-30 23:15:28 - machine was rebooted [Jan-Edzard] ComboFix-quarantined-files.txt 2008-03-30 21:15:20 Pre-Run: 8,278,962,176 bytes free Post-Run: 8,012,132,352 bytes free En de niuewe HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 23:20:20, on 30-Mar-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Panda\pavsrv51.exe D:\Panda\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe D:\Panda\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe d:\anti-spyware\a2 free\a2service.exe D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe D:\Panda\PsCtrls.exe D:\Panda\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe d:\panda\firewall\PSHOST.EXE D:\Panda\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\fxssvc.exe D:\Panda\ApvxdWin.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Microsoft Office 2000\Office\1033\msoffice.exe C:\WINDOWS\explorer.exe D:\Panda\WebProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Anti-Spyware\Spybot\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office 2000\Office\OSA9.EXE O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201816543913 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\anti-spyware\a2 free\a2service.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - D:\Panda\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\panda\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\Panda\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\Panda\TPSrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Is het nu denk je opgelost ? Of zie je nog vreemde dingen ? Bij voorbaat dank !

Logfile of HijackThis v1.99.1 Scan saved at 21:19:24, on 30-Mar-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe D:\Panda\pavsrv51.exe D:\Panda\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe D:\Panda\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe d:\anti-spyware\a2 free\a2service.exe D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe D:\Panda\PsCtrls.exe D:\Panda\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe d:\panda\firewall\PSHOST.EXE D:\Panda\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\fxssvc.exe D:\Panda\ApvxdWin.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE C:\WINDOWS\system32\iizsylbg.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe C:\Microsoft Office 2000\Office\1033\msoffice.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\taskmgr.exe D:\Panda\WebProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Microsoft Office 2000\Office\WINWORD.EXE C:\Program Files\Webroot\Spy Sweeper\SSU.EXE D:\Anti-Spyware\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Anti-Spyware\Spybot\SDHelper.dll O2 - BHO: (no name) - {6A085CB6-F3F1-21CC-8F02-0A1B5B292914} - C:\WINDOWS\system32\ingawqpp.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [iizsylbg] C:\WINDOWS\system32\iizsylbg.exe O4 - HKLM\..\Run: [gbmzwfqj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gbmzwfqj.dll" O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office 2000\Office\OSA9.EXE O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201816543913 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: winpto32 - C:\WINDOWS\SYSTEM32\winpto32.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\anti-spyware\a2 free\a2service.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - D:\Panda\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Panda\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Panda\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - d:\panda\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - D:\Panda\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - D:\Panda\TPSrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Beste, Net als Jesse (22/3) - geholpen door Kape - heb ik ook sinds gisteren problemen met anti-spyware / virussen, zoals in elk geval WML.exe, winlogonhook, en trojans. De gebruikelijke anti-spyware pgms werken niet voldoende goed (A2, Spysweep, AVG) en het is mij ook een raadsel hoe het mijn panda voorbij is gekomen. Kan iemand mij helpen ? Jan