Ga naar inhoud

KEVIN1984

Lid
  • Items

    14
  • Registratiedatum

  • Laatst bezocht

KEVIN1984's prestaties

  1. In Bijlage de gevraagde tekst. Maar ik kan niet onder administrator vallen ( pc werk) ipconfig.txt
  2. ComboFix 12-08-05.02 - vermeirssen 06/08/2012 10:48:24.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.948 [GMT 2:00] Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))) . . 2012-08-06 06:34 . 2012-08-06 06:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2012-08-06 06:31 . 2012-08-06 06:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll 2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll 2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll 2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll 2012-08-06 06:25 . 2006-03-02 07:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll 2012-08-06 06:25 . 2006-03-02 07:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll 2012-08-06 06:25 . 2006-03-02 07:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll 2012-08-06 06:25 . 2006-03-02 07:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll 2012-08-06 06:07 . 2012-08-06 08:51 -------- d--h--r- c:\documents and settings\vermeirssen\Onlangs geopend 2012-08-03 07:51 . 2012-08-03 07:51 276 ----a-w- C:\cc_20120803_095103.reg 2012-08-03 07:50 . 2012-08-03 07:50 4750 ----a-w- C:\cc_20120803_095038.reg 2012-08-03 07:49 . 2012-08-03 07:49 389754 ----a-w- C:\cc_20120803_094855.reg 2012-08-03 06:40 . 2012-08-03 06:40 -------- d-----w- c:\program files\CCleaner 2012-08-03 05:58 . 2012-08-06 05:51 118784 ----a-w- c:\windows\system32\chg.exe 2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun 2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle 2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll 2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender 2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan 2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials 2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities 2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment 2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics 2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS 2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore 2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache 2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE 2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache 2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8 2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll 2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera 2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2012-07-05 10:31 772544 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe 2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472] "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CISVC *NewlyCreated* - SNMP *NewlyCreated* - SNMPTRAP . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . . ------- Bijkomende Scan ------- . TCP: DhcpNameServer = 10.7.2.1 195.238.2.21 . . ------- Bestandsassociaties ------- . .txt= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-06 10:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(688) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(744) c:\program files\Bonjour\mdnsNSP.dll . - - - - - - - > 'explorer.exe'(18132) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-08-06 10:55:37 ComboFix-quarantined-files.txt 2012-08-06 08:55 . Pre-Run: 175.420.039.168 bytes beschikbaar Post-Run: 175.412.600.832 bytes beschikbaar . - - End Of File - - 9C07CC398DEB282AF1F5BD5F3C4CC3C7
  3. Google werkt terug niet meer. Heb met Ccleaner de vorige stap herhaald en er worden geen problemen meer gevonden.
  4. Ik heb WIndows XP en kan op deze manier combofix niet verwijderen en vind ook niet direct hoe anders. IK krijg soms ook volgende melding bij chrome = ad-emea.doubleclick.net
  5. Ik heb Windows XP en zo kan ik combofix / Uninstall niet vinden. Ik krijg ook soms wachten op ad-emea.doubleclick.net
  6. Google werkt nog steeds niet. Internet begint ook op sommige sites trager te werken. Wachten op Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics
  7. ComboFix 12-07-31.03 - vermeirssen 02/08/2012 16:37:50.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.979 [GMT 2:00] Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\vermeirssen\Bureaublad\CFScript.txt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_dexjpcxo . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun 2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle 2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll 2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender 2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan 2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials 2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities 2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment 2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics 2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS 2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore 2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache 2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE 2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache 2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8 2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll 2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera 2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla 2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe 2012-07-05 10:31 . 2012-07-05 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask 2012-07-05 10:31 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-05 10:29 . 2012-07-12 11:49 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\HpUpdate 2012-07-05 10:29 . 2012-07-05 10:29 -------- d-----w- c:\windows\Hewlett-Packard . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2006-03-02 02:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2006-03-02 02:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-02_09.22.20 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-02 14:56 . 2012-08-02 14:56 16384 c:\windows\Temp\Perflib_Perfdata_8ec.dat + 2012-08-02 14:53 . 2012-08-02 14:53 16384 c:\windows\Temp\Perflib_Perfdata_758.dat + 2012-07-31 05:59 . 2012-08-02 14:53 215193 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472] "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344] S2 gupdate;Google Updateservice (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536] S3 gupdatem;Google Update-service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . . ------- Bijkomende Scan ------- . TCP: DhcpNameServer = 10.7.2.1 195.238.2.21 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-02 16:56 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(748) c:\program files\Bonjour\mdnsNSP.dll . - - - - - - - > 'explorer.exe'(5568) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\progra~1\MICROS~3\OFFICE11\MCPS.DLL . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\inetsrv\iisrstas.exe c:\windows\system32\iisreset.exe c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 17:02:09 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 15:01 ComboFix2.txt 2012-08-02 09:27 . Pre-Run: 172.229.685.248 bytes beschikbaar Post-Run: 172.224.212.992 bytes beschikbaar . - - End Of File - - 17CF397B55F3BA8181B6A96681CEC4FD
  8. ComboFix 12-07-31.03 - vermeirssen 02/08/2012 11:14:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.1031 [GMT 2:00] Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\1343381704.bdinstall.bin c:\documents and settings\All Users\Application Data\1343383381.2076.bin c:\documents and settings\All Users\Application Data\1343383381.2100.bin c:\documents and settings\All Users\Application Data\1343383381.4928.bin c:\documents and settings\All Users\Application Data\1343383381.4940.bin c:\documents and settings\All Users\Application Data\1343383381.5276.bin c:\documents and settings\All Users\Application Data\1343383381.5588.bin c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk C:\Thumbs.db c:\windows\IsUn0413.exe c:\windows\system32\Cache c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\SET9E.tmp c:\windows\system32\SETAA.tmp c:\windows\system32\SETEE.tmp c:\windows\system32\SETF2.tmp c:\windows\system32\SETF3.tmp c:\windows\system32\ui c:\windows\system32\ui\bdidntconp.ui c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\wpcap.dll D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))) . . 2012-08-02 09:20 . 2012-08-02 09:20 118784 ----a-w- c:\windows\system32\chg.exe 2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun 2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle 2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle 2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll 2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender 2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan 2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials 2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities 2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment 2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics 2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS 2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore 2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache 2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE 2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache 2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8 2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll 2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera 2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla 2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe 2012-07-05 10:31 . 2012-07-05 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask 2012-07-05 10:31 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-05 10:29 . 2012-07-12 11:49 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\HpUpdate 2012-07-05 10:29 . 2012-07-05 10:29 -------- d-----w- c:\windows\Hewlett-Packard . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2006-03-02 02:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2006-03-02 02:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472] "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344] S1 dexjpcxo;dexjpcxo;\??\c:\windows\system32\drivers\dexjpcxo.sys --> c:\windows\system32\drivers\dexjpcxo.sys [?] S2 gupdate;Google Updateservice (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536] S3 gupdatem;Google Update-service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . 2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job - c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22] . . ------- Bijkomende Scan ------- . TCP: DhcpNameServer = 10.7.2.1 195.238.2.21 . . ------- Bestandsassociaties ------- . .txt= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml HKLM-Run-beid - c:\program files\Belgium Identity Card\beid35gui.exe Notify-NavLogon - (no file) AddRemove-AND Route Europe - c:\windows\IsUn0413.exe AddRemove-AVS Audio Converter 6.3_is1 - c:\program files\AVS4YOU\AVSAudioConverter6\unins000.exe AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe AddRemove-MiniEvony Toolbar - c:\progra~1\MINIEV~1\UNINST~1.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-02 11:22 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(748) c:\program files\Bonjour\mdnsNSP.dll . - - - - - - - > 'explorer.exe'(8024) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-08-02 11:27:30 - machine werd herstart ComboFix-quarantined-files.txt 2012-08-02 09:27 . Pre-Run: 168.125.792.256 bytes beschikbaar Post-Run: 172.350.922.752 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - A3F164E8299BBDE05CAD4BFA80B3CF87
  9. Probleem nog steeds niet opgelost. Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.01.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 vermeirssen :: DTXP26 [administrator] Realtime bescherming: Ingeschakeld 1/08/2012 11:29:35 mbam-log-2012-08-01 (11-29-35).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 323516 Verstreken tijd: 7 minuut/minuten, 55 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Hijack file Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:43:24, on 1/08/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Hijack this\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml -o RemindLater O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342522376251 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = romarco-net.local O17 - HKLM\Software\..\Telephony: DomainName = romarco-net.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = romarco-net.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = romarco-net.local O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10129 bytes
  10. Kan iemand mij helpen met bovenstaand geval. Hieronder de logfile van Hijacked Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:46:24, on 31/07/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Hijack this\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml -o RemindLater O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342522376251 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = romarco-net.local O17 - HKLM\Software\..\Telephony: DomainName = romarco-net.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = romarco-net.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = romarco-net.local O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: LaunchProgram - Unknown owner - C:\Temp\Svcrunap.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 12149 bytes
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.