KEVIN1984
-
Items
14 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door KEVIN1984
-
-
We hebben geen IT enkel een externe firma.
En dit heeft niet geholpen.
-
-
ComboFix 12-08-05.02 - vermeirssen 06/08/2012 10:48:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.948 [GMT 2:00]
Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-06 06:34 . 2012-08-06 06:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-08-06 06:31 . 2012-08-06 06:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-06 06:25 . 2006-03-02 07:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-06 06:25 . 2006-03-02 07:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-06 06:25 . 2006-03-02 07:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-06 06:25 . 2006-03-02 07:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-06 06:25 . 2006-03-02 07:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-06 06:07 . 2012-08-06 08:51 -------- d--h--r- c:\documents and settings\vermeirssen\Onlangs geopend
2012-08-03 07:51 . 2012-08-03 07:51 276 ----a-w- C:\cc_20120803_095103.reg
2012-08-03 07:50 . 2012-08-03 07:50 4750 ----a-w- C:\cc_20120803_095038.reg
2012-08-03 07:49 . 2012-08-03 07:49 389754 ----a-w- C:\cc_20120803_094855.reg
2012-08-03 06:40 . 2012-08-03 06:40 -------- d-----w- c:\program files\CCleaner
2012-08-03 05:58 . 2012-08-06 05:51 118784 ----a-w- c:\windows\system32\chg.exe
2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun
2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle
2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan
2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials
2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities
2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment
2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics
2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS
2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache
2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE
2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache
2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8
2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera
2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2012-07-05 10:31 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe
2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CISVC
*NewlyCreated* - SNMP
*NewlyCreated* - SNMPTRAP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 10.7.2.1 195.238.2.21
.
.
------- Bestandsassociaties -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-06 10:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(744)
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(18132)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-08-06 10:55:37
ComboFix-quarantined-files.txt 2012-08-06 08:55
.
Pre-Run: 175.420.039.168 bytes beschikbaar
Post-Run: 175.412.600.832 bytes beschikbaar
.
- - End Of File - - 9C07CC398DEB282AF1F5BD5F3C4CC3C7
-
Zowel op chrome als op internet explorer niet
-
Google werkt terug niet meer.
Heb met Ccleaner de vorige stap herhaald en er worden geen problemen meer gevonden.
-
Enorm bedankt voor het oplossen van mijn probleem
-
Ik heb WIndows XP en kan op deze manier combofix niet verwijderen en vind ook niet direct hoe anders.
IK krijg soms ook volgende melding bij chrome = ad-emea.doubleclick.net
-
Ik heb Windows XP en zo kan ik combofix / Uninstall niet vinden.
Ik krijg ook soms wachten op ad-emea.doubleclick.net
-
Google werkt nog steeds niet.
Internet begint ook op sommige sites trager te werken.
Wachten op Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics
-
ComboFix 12-07-31.03 - vermeirssen 02/08/2012 16:37:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.979 [GMT 2:00]
Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\vermeirssen\Bureaublad\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dexjpcxo
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun
2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle
2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan
2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials
2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities
2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment
2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics
2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS
2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache
2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE
2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache
2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8
2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera
2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla
2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe
2012-07-05 10:31 . 2012-07-05 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-07-05 10:31 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 10:29 . 2012-07-12 11:49 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\HpUpdate
2012-07-05 10:29 . 2012-07-05 10:29 -------- d-----w- c:\windows\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2006-03-02 02:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2006-03-02 02:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_09.22.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-02 14:56 . 2012-08-02 14:56 16384 c:\windows\Temp\Perflib_Perfdata_8ec.dat
+ 2012-08-02 14:53 . 2012-08-02 14:53 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2012-07-31 05:59 . 2012-08-02 14:53 215193 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344]
S2 gupdate;Google Updateservice (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536]
S3 gupdatem;Google Update-service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 10.7.2.1 195.238.2.21
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-02 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(5568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~3\OFFICE11\MCPS.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\inetsrv\iisrstas.exe
c:\windows\system32\iisreset.exe
c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-02 17:02:09 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-02 15:01
ComboFix2.txt 2012-08-02 09:27
.
Pre-Run: 172.229.685.248 bytes beschikbaar
Post-Run: 172.224.212.992 bytes beschikbaar
.
- - End Of File - - 17CF397B55F3BA8181B6A96681CEC4FD
-
ComboFix 12-07-31.03 - vermeirssen 02/08/2012 11:14:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1791.1031 [GMT 2:00]
Gestart vanuit: c:\documents and settings\vermeirssen\Mijn documenten\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\1343381704.bdinstall.bin
c:\documents and settings\All Users\Application Data\1343383381.2076.bin
c:\documents and settings\All Users\Application Data\1343383381.2100.bin
c:\documents and settings\All Users\Application Data\1343383381.4928.bin
c:\documents and settings\All Users\Application Data\1343383381.4940.bin
c:\documents and settings\All Users\Application Data\1343383381.5276.bin
c:\documents and settings\All Users\Application Data\1343383381.5588.bin
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk
C:\Thumbs.db
c:\windows\IsUn0413.exe
c:\windows\system32\Cache
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\SET9E.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\ui
c:\windows\system32\ui\bdidntconp.ui
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-08-02 09:20 . 2012-08-02 09:20 118784 ----a-w- c:\windows\system32\chg.exe
2012-07-31 13:02 . 2012-07-31 13:02 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Sun
2012-07-31 07:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 06:52 . 2012-07-31 06:52 388096 ----a-r- c:\documents and settings\vermeirssen\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-31 06:52 . 2012-07-31 06:52 -------- d-----w- c:\program files\Hijack this
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\program files\Oracle
2012-07-31 06:21 . 2012-07-31 06:21 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\Oracle
2012-07-31 05:58 . 2006-03-02 07:00 9216 ----a-w- c:\windows\system32\dllcache\wamps51.dll
2012-07-27 10:23 . 2012-07-27 10:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-27 10:07 . 2012-07-27 10:07 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-27 10:03 . 2012-07-27 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
2012-07-27 09:31 . 2012-07-27 09:32 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\QuickScan
2012-07-19 06:21 . 2012-07-19 06:21 -------- d-----w- c:\program files\Microsoft Safety Essentials
2012-07-18 06:39 . 2012-07-18 06:39 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Identities
2012-07-17 13:47 . 2012-07-17 14:22 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Deployment
2012-07-17 13:34 . 2012-07-17 13:34 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\ElevatedDiagnostics
2012-07-17 13:31 . 2012-07-17 13:31 -------- d-----w- c:\program files\Microsoft ATS
2012-07-17 13:27 . 2012-07-17 13:35 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-17 12:18 . 2012-07-17 12:18 -------- d-sh--w- c:\documents and settings\vermeirssen\IECompatCache
2012-07-17 12:10 . 2012-07-17 12:10 -------- d-sh--w- c:\documents and settings\vermeirssen\PrivacIE
2012-07-17 12:09 . 2012-07-17 12:09 -------- d-sh--w- c:\documents and settings\vermeirssen\IETldCache
2012-07-17 11:26 . 2012-07-17 11:27 -------- dc-h--w- c:\windows\ie8
2012-07-17 11:25 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-07-17 11:24 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-07-17 11:24 . 2012-05-11 14:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-07-17 11:24 . 2012-05-11 14:44 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-07-17 11:24 . 2012-05-11 14:44 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-07-17 09:53 . 2012-07-17 09:53 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Opera
2012-07-17 07:45 . 2012-07-17 07:45 -------- d-----w- c:\documents and settings\vermeirssen\Local Settings\Application Data\Mozilla
2012-07-05 10:53 . 2012-07-05 10:53 739824 ----a-w- C:\ChromeSetup.exe
2012-07-05 10:31 . 2012-07-05 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-07-05 10:31 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 10:29 . 2012-07-12 11:49 -------- d-----w- c:\documents and settings\vermeirssen\Application Data\HpUpdate
2012-07-05 10:29 . 2012-07-05 10:29 -------- d-----w- c:\windows\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:07 . 2008-07-08 13:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2010-11-25 15:17 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2006-03-02 02:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2006-12-04 13:17 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 02:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2006-03-02 02:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2006-03-02 02:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-03-02 02:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 02:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2006-03-02 02:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-03-02 02:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:20 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-03-02 02:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-07-30 17:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-03-02 02:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2006-03-02 02:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2006-03-02 02:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2006-03-02 02:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2006-03-02 02:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:39 . 2006-03-02 02:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2006-03-02 02:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2006-03-02 02:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-03-24 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-25 53248]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-09-02 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\vermeirssen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47806:TCP"= 47806:TCP:Trend Micro Client/Server Security Agent Listener
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [19/12/2007 16:43 171024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/07/2012 9:40 655944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 22:13 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/07/2012 9:40 22344]
S1 dexjpcxo;dexjpcxo;\??\c:\windows\system32\drivers\dexjpcxo.sys --> c:\windows\system32\drivers\dexjpcxo.sys [?]
S2 gupdate;Google Updateservice (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [17/05/2011 12:30 33536]
S3 gupdatem;Google Update-service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/11/2009 12:17 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/11/2009 12:17 8320]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224Core.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605200381-2388821997-499089046-1224UA.job
- c:\documents and settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-17 14:22]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 10.7.2.1 195.238.2.21
.
.
------- Bestandsassociaties -------
.
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml
HKLM-Run-beid - c:\program files\Belgium Identity Card\beid35gui.exe
Notify-NavLogon - (no file)
AddRemove-AND Route Europe - c:\windows\IsUn0413.exe
AddRemove-AVS Audio Converter 6.3_is1 - c:\program files\AVS4YOU\AVSAudioConverter6\unins000.exe
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-MiniEvony Toolbar - c:\progra~1\MINIEV~1\UNINST~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-02 11:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(748)
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(8024)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-08-02 11:27:30 - machine werd herstart
ComboFix-quarantined-files.txt 2012-08-02 09:27
.
Pre-Run: 168.125.792.256 bytes beschikbaar
Post-Run: 172.350.922.752 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - A3F164E8299BBDE05CAD4BFA80B3CF87
-
Probleem nog steeds niet opgelost.
Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
Malwarebytes : Free anti-malware download
Databaseversie: v2012.08.01.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
vermeirssen :: DTXP26 [administrator]
Realtime bescherming: Ingeschakeld
1/08/2012 11:29:35
mbam-log-2012-08-01 (11-29-35).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 323516
Verstreken tijd: 7 minuut/minuten, 55 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Hijack file
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:24, on 1/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijack this\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml -o RemindLater
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342522376251
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = romarco-net.local
O17 - HKLM\Software\..\Telephony: DomainName = romarco-net.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = romarco-net.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = romarco-net.local
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10129 bytes
-
Kan iemand mij helpen met bovenstaand geval.
Hieronder de logfile van Hijacked
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:24, on 31/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijack this\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP LaserJet P2050 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\LJ_P2050_Series -f PQOptimizerVideo.xml -o RemindLater
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vermeirssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342522376251
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = romarco-net.local
O17 - HKLM\Software\..\Telephony: DomainName = romarco-net.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = romarco-net.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = romarco-net.local
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (file missing)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LaunchProgram - Unknown owner - C:\Temp\Svcrunap.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12149 bytes
zoekmachine google werkt niet, zowel op chrome, firefox als op internet explorer niet
in Archief Website Hulp & Scripts
Geplaatst:
Ja, maar heb ik al geprobeerd door Windows Firewall uit te zetten.
Geen resultaat