Ga naar inhoud

rombout

Lid
  • Items

    46
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door rombout

  1. Ook dat werkt niet meer! Ik geef het op, aanschaf van een nieuwe laptop kost me minder ergernis en tijd.
  2. Helaas, 3 maal geprobeerd met verschillende herstelpunten van voordat Combofix de boel vernield heeft, maar niet gelukt. Systeemherstel is niet meer mogelijk! Ik blijf zitten met een deels vernielde versie van Vista!!!
  3. Voordat ik weer een programma ga toepassen, eerst de vraag hoe we de door Combifix aangerichte schade aan Vista kunnen herstellen.
  4. Ik zie nu dat de logfile toch bewaard is gebleven: ComboFix 12-11-26.02 - De Vaal Advies 26-11-2012 23:05:40.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1976.1553 [GMT 1:00] Gestart vanuit: c:\users\De Vaal Advies\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\De Vaal Advies\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))) . . 2012-11-26 22:13 . 2012-11-26 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-26 22:13 . 2012-11-26 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-25 11:51 . 2012-11-26 22:13 -------- d-----w- c:\users\De Vaal Advies\AppData\Local\temp 2012-11-24 16:49 . 2012-11-24 16:49 -------- d-----w- c:\users\De Vaal Advies\AppData\Local\Hewlett-Packard 2012-11-16 08:00 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 07:53 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-12 12:51 . 2012-11-12 12:51 -------- d-----w- c:\users\De Vaal Advies\AppData\Roaming\pdfforge 2012-11-12 12:50 . 2012-10-12 06:34 86528 ----a-w- c:\windows\system32\pdfcmon.dll 2012-11-12 12:50 . 2012-11-12 12:54 -------- d-----w- c:\program files\PDFCreator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-01 07:29 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-10-01 07:29 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-09-13 13:28 . 2012-10-10 07:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 07:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 07:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete] @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}" [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive] @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}" [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError] @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}" [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824] "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-08-06 159744] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920] "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Yousendit Sync Agent"="c:\program files\YouSendIt Desktop App\YSIAgent.exe" [2012-04-13 3500112] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-01 296096] . c:\users\De Vaal Advies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-1 784912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 16:20] . 2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:15] . 2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:15] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - hxxps://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-Wdf01000.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-26 23:13 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1192) c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll . Voltooingstijd: 2012-11-26 23:14:52 ComboFix-quarantined-files.txt 2012-11-26 22:14 ComboFix2.txt 2012-11-25 11:51 . Pre-Run: 157.298.569.216 bytes beschikbaar Post-Run: 157.222.412.288 bytes beschikbaar . - - End Of File - - CC03763A461A883CF3C174BA25CF342A Hoop dat dit helpt!
  5. Al een keer of drie. Mijn bureaubladachtergrond blijft weg, de windows update blijft mislukken, de bluetooth foutmelding blijft ook. Grappig genoeg, kan Norton Power Eraser Combifix niet verwijderen! Mijn oorspronkelijke probleem - namelijk dat mijn laptop zo'n 40 minuten bezig is met opstarten - is overigens niet opgelost.
  6. Ik heb Combofix opnieuw in veilige modus uitgevoerd. Dat werkte. Het logbestand bestand heb ik wel gezien maar opslaan lukte niet omdat het oude log-bestand niet overschreven werd. De nieuwe log is dus verloren gegaan. Ik heb nog een keer geprobeerd Combofix uit te voeren maar na deel 2 liep het tool vast. Bij het opnieuw opstarten gebeuren er wel allerlei rare dingen. Windows voerde een complete schijfcontrole uit. Verder is mijn bureaubladachtergrond verdwenen en die kan ik ook niet meer terugzetten (blijft volledig zwart). Norton Internet Security is ook in de war. Norton Autofix vraagt om opnieuw op te starten wegesn fout 8504,104. En verzoekt Norton Power Eraser te installeren. Die voert een uitvoerige scan uit en vindt een kwaadaardig programma: Combofix! Bluetooth meldt een fout in de stapelservice (wat het ook is). Word startte eerst alleen in veilige modus op, maar doet het nu wel weer. Kortom, echt blij ben ik niet. Overigens nog iets: het installeren van Windows update NET Framework 1.1 SP1 mislukt al sinds 10 dagen: elke nacht probeert ie het opnieuw, elke morgen is het weer mislukt. Komt dit ooit nog goed? Of moet de laptop maar vernietigen en een nieuwe kopen?!
  7. Eindelijk gelukt! In gewone modus duurt het 4 uur waarna Combofix na 50 delen ermee stopt zonder een log te maken. In veilige modus en met uitgeschakelde internetverbinding en uitgeschakelde virusscanner was het veel sneller gedaan. Hier is de logfile: ComboFix 12-11-20.02 - De Vaal Advies 25-11-2012 12:42:11.6.2 - x86 MINIMAL Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1976.1550 [GMT 1:00] Gestart vanuit: c:\users\De Vaal Advies\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))) . . 2012-11-25 11:49 . 2012-11-25 11:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-25 11:49 . 2012-11-25 11:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 16:49 . 2012-11-24 16:49 -------- d-----w- c:\users\De Vaal Advies\AppData\Local\Hewlett-Packard 2012-11-16 08:00 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 07:53 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-12 12:51 . 2012-11-12 12:51 -------- d-----w- c:\users\De Vaal Advies\AppData\Roaming\pdfforge 2012-11-12 12:50 . 2012-10-12 06:34 86528 ----a-w- c:\windows\system32\pdfcmon.dll 2012-11-12 12:50 . 2012-11-12 12:54 -------- d-----w- c:\program files\PDFCreator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-01 07:29 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-10-01 07:29 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-09-13 13:28 . 2012-10-10 07:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 07:25 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 07:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-28 13:32 . 2012-08-30 07:53 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete] @="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}" [HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive] @="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}" [HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError] @="{306A9CDE-AC70-453A-8008-B5F9962B8F88}" [HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}] 2012-04-13 10:00 2384976 ----a-w- c:\program files\YouSendIt Desktop App\YSINSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824] "LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-08-06 159744] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920] "IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Yousendit Sync Agent"="c:\program files\YouSendIt Desktop App\YSIAgent.exe" [2012-04-13 3500112] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-01 296096] . c:\users\De Vaal Advies\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-1 784912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\BROWSE~1\23796~1.11\{16CDF~1\BROWSE~1.DLL c:\windows\System32\APSHook.dll APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 16:20] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:15] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 23:15] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - hxxps://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-25 12:49 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1652) c:\users\De Vaal Advies\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll . Voltooingstijd: 2012-11-25 12:51:23 ComboFix-quarantined-files.txt 2012-11-25 11:51 . Pre-Run: 158.002.978.816 bytes beschikbaar Post-Run: 157.922.852.864 bytes beschikbaar . - - End Of File - - 22E138C345F0061DB99D53A04906AB11
  8. Nee, niets gevonden van een logje. Zoekmachine vindt ook geen combofix-file (behalve natuurlijk combofix.exe) Wat is dat Qoobox eigenlijk?
  9. Ik zie wel een dir Qoobox van vanmiddag in C:\ (aangemaakt aan het begin van de scan.
  10. Na een minuutje of 10 is Combofix toch opgestart en heeft daarna bijna 4 uur (!) staan scannen voordat alle 50 delen gescand waren. Toen heeft hij 1 file weggegooid: windows\system32\msstdfmt.dll en is daarna waarschijnlijk vastgelopen. Ik zie dus ook geen logfile.
  11. Combofix werkt niet op mijn computer, heb dat al eerder geprobeerd. Ook niet als administrator. Hij begint wel met registersave, maar start zelfs niet op met scannen. Ik heb ook eerder wel eens in veilige modus geprobeerd, maar ook dat werkt niet.
  12. Browser Manager deteled. O20 geprobeerd, maar, ook met Hijack This als administrator, lukt het niet dit item te verwijderen!
  13. Hier is de logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:39:14, on 13-10-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Program Files\Soluto\soluto.exe C:\windows\system32\Dwm.exe C:\windows\system32\taskeng.exe C:\windows\Explorer.EXE C:\windows\system32\conime.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\YouSendIt Desktop App\YSIAgent.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Users\De Vaal Advies\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\windows\system32\igfxsrvc.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\De Vaal Advies\Downloads\HijackThis.exe C:\windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Claro Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Yousendit Sync Agent] "C:\Program Files\YouSendIt Desktop App\YSIAgent.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - Startup: Dropbox.lnk = C:\Users\De Vaal Advies\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://*.mcafee.com (HKLM) O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {BFB39D62-28F5-49B8-B156-56281373B156} - https://server.db.kvk.nl/WWWEXT01/install/Plugin/KVKar51.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\23759~1.138\{61d8b~1\browse~1.dll APSHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: vToolbarUpdater12.1.5 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- End of file - 16634 bytes
  14. Het blijkt een programma te zijn dat ik via het configuratiescherm - programma's - kon verwijderen. Ik vermoed dat daarmee dit probleem is opgelost.
  15. Sinds een paar dagen krijg ik af en toe een groot pop-up scherm in beeld met de tekst YourFile Downloader Updater en verzoek een update te laden. Dat heb ik dus niet gedaan en gelukkig laat het scherm zich makkelijk wegklikken, maar toch ben ik er niet blij mee. Is dit malware? Hoe kom ik er van af?
  16. Dat is allemaal gedaan. Maar ik heb nog steeds last van mijn oorspronkelijke probleem: mijn computer is wel 15-20 minuten bezig met allerlei activiteiten die ik niet begrijp, en reageert dan zeer traag op mijn commando's. Het wordt nog erger als ie een paar dagen niet gebruikt is, dan loopt die 'eigenwijsheid' wel op tot 50 minuten. En er is nog een vreemd verschijnsel bijgekomen sinds vorige week: ik heb nu 6 emails ontvangen die volkomen random karakters bevatten en binnenkomen vanuit een contactformulier van mijn website. 4 van de 6 lijken te komen van een domein 141.105.67 Hoe is dit allemaal te verklaren en op te lossen?
  17. Heb ik gedaan. Er is geen directory Combofix. Er stond nog wat in downloads, heb ik verwijderd. Ook oude logfiles weggegooid. Wat ik wel zie, is dat bij 'eigenschappen' staat: "dit bestand is afkomstig van een andere computer en wordt mogelijk geblokkeerd om deze computer beter te beschermen". Het opheffen van de blokkering lukt mij niet, komt weer terug.
  18. Ik hen bovenstaande procedure toegepast, echter met hetzelfde resultaat. Scan alias combofix verdwijnt in de inleesfase, en start, ook in veilige modus, niet met scannen. Zouden er misschien nog oude combofix-bestanden een rol spelen? Heb het eerder niet helemaal volgens de regels verwijderd.
  19. Helaas! Scan.exe start niet op in normale modus (verdwijnt tijdens de inleesfase). Opstarten in veilige modus - wat ik forceer met een keiharde reset - werkt ook al niet, want de computer start braaf door - met enig wachten - naar normale modus (deed ie gisteren ook al, hoewel ie toen ook een keer echt in veilige modus terechtkwam).
  20. Mijn laptop start op zich correct op, in een minuut of 4, dat is voor Vista normaal. Ik start meestal op uit slaapstand. Maar daarna is ie nog zeker 15 minuten bezig met van alles en nog wat, maar wat ie doet voltrekt zich volledig aan mijn waarneming. Alle programma's reageren dan uiterst traag. Dit is al enkele maanden het geval. Af en toe meldt Norton: intensief schijf (of geheugen) gebruik door Hostproces voor Windows Services of door Pure Networks Platform Services, maar dat helpt mij ook niet echt om te begrijpen wat er gebeurt. Daarna werkt ie perfect. Hoe zou ik van dit irritante gedrag af kunnen geraken? Terzijde: met jullie hulp heb ik recent al wat malware verwijderd (Incredibar, Babylon). Oa met Malwarw Anti-Malware, ADWCleaner en CCleaner.
  21. Ok Kape, Alles is opgeruimd, veel dank. Ik sluit deze discussie af.
  22. Voor zover ik dat nu kan overzien, niet. Ik heb nog wel een andere vraag (over het gedrag van mijn computer na opstarten), zal ik die in een aparte discussie openen?
  23. Beste Kape, Jullie zijn 7/7 actief, fastantisch! Acties uitgevoerd, de mappen waren kennelijk toch al door Combofix verwijderd. Hier is de log van AdwCleaner: # AdwCleaner v1.801 - Logfile created 08/26/2012 at 15:58:04 # Updated 14/08/2012 by Xplode # Operating system : Windows Vista Business Service Pack 2 (32 bits) # User : De Vaal Advies - PC_VAN_DEVAALAD # Boot Mode : Normal # Running from : C:\Users\De Vaal Advies\Desktop\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111304&tt=bandext_3412_6&babsrc=HP_ss&mntrId=60da577600000000000000226467d540 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111304&tt=bandext_3412_6&babsrc=NT_ss&mntrId=60da577600000000000000226467d540 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (nl) Profile name : default File : C:\Users\De Vaal Advies\AppData\Roaming\Mozilla\Firefox\Profiles\2lxwqqxa.default\prefs.js C:\Users\De Vaal Advies\AppData\Roaming\Mozilla\Firefox\Profiles\2lxwqqxa.default\user.js ... Deleted ! Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=111304&tt=bandext_3412_6&babsrc=NT[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&tt=bande[...] -\\ Google Chrome v21.0.1180.83 File : C:\Users\De Vaal Advies\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "homepage": "hxxp://search.babylon.com/?affID=111304&tt=bandext_3412_6&babsrc=HP_ss&mntrId=60d[...] ************************* AdwCleaner[s1].txt - [14613 octets] - [03/08/2012 09:50:14] AdwCleaner[s2].txt - [1158 octets] - [03/08/2012 11:14:47] AdwCleaner[s3].txt - [2778 octets] - [26/08/2012 15:58:04] ########## EOF - C:\AdwCleaner[s3].txt - [2906 octets] ########## Dat ziet er goed uit!
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.