Ga naar inhoud

LeBe

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    23

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door LeBe

  1. LeBe
    Beste probleem oplosser, Ik heb een wat oudere pc met Windows XP waarbij ik geen internetverbinding meer hebt. Situatie: Experia box V8 ----bedraad------> Thomson---bedraad----->PC. Ik heb op zolder een Thomson router geplaatst om op zolder ook WiFi te hebben. De pc is gekoppeld aan de Thomson router. Dit is een jaar goed gegaan. Sinds 1 maand gaat het de ene keer wel goed en de andere keer niet. Inmiddels heb ik de Thomson losgekoppeld en de PC direct verbonden met de ExperiaV8. Is even goed gegaan, maar nu helemaal niet meer. Volgens de PC is deze wel verbonden, maar ik kan internet niet op. Acties wat niet heeft geholpen: - Experia V8 opnieuw opgestart - Experia V8 gereset - PC IPadres vernieuwen Kan u mij verder helpen? met vriendelijke groet, LeBez
  2. LeBe
    De laptop sneller geworden. Alhoewel internet explorer erg traag is. Mozilla Firefox is wel snel. Alleen beeld en geluid komt niet overeen bij bijvoorbeeld uitzendinggemist of rtlgemist. Dit heeft het tot 4 weken geleden altijd goed gedaan. Totdat de laptop steeds trager werd. Is dit ook op te lossen?
  3. LeBe
    Removal Tool is ook aan de gang geweest. McAfee is nu verwijdert.
  4. LeBe
    Beste Kape, Hieronder de nieuwe combofix log. De problemen zin in de afgelopen maanden erger geworden. Ook voor de installatie van McCaffee. Ik weet niet met welk doel McCaffee is geinstalleerd. Deze wordt vooral door de kinderen gebruikt. Wellicht dat zij dit hebben geïnstalleerd:dong: ComboFix 13-06-08.02 - Gebruiker 17-06-2013 16:42:31.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.663 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\TuneUp Utilities 2012 c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TUNEUP.UTILITIESSVC -------\Legacy_TUNEUPUTILITIESDRV -------\Service_TuneUp.UtilitiesSvc -------\Service_TuneUpUtilitiesDrv . . (((((((((((((((((((( Bestanden Gemaakt van 2013-05-17 to 2013-06-17 )))))))))))))))))))))))))))))) . . 2013-06-10 18:03 . 2013-06-10 18:03 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-10 18:03 . 2013-06-10 18:03 -------- d-----w- c:\program files\Trend Micro 2013-05-23 07:29 . 2013-05-23 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2013-05-19 20:59 . 2013-05-19 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 19:18 . 2012-08-31 07:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 19:18 . 2012-02-14 22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-07 22:27 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-05-07 22:27 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-05-07 22:27 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-05-07 21:53 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2013-05-03 05:39 . 2004-08-04 00:58 2074496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-03 05:39 . 2006-03-02 12:00 2197888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 15:28 . 2012-02-14 22:38 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 11:24 13880] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 14:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 14:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 20:19 143680] . Inhoud van de 'Gedeelde Taken' map . 2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 19:18] . 2013-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q4z2quow.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-06-17 16:51 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1152) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3456) c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Voltooingstijd: 2013-06-17 16:54:24 - machine werd herstart ComboFix-quarantined-files.txt 2013-06-17 14:54 ComboFix2.txt 2013-06-12 18:47 ComboFix3.txt 2012-11-10 14:54 ComboFix4.txt 2012-11-10 13:52 . Pre-Run: 7.696.719.872 bytes beschikbaar Post-Run: 8.172.486.656 bytes beschikbaar . - - End Of File - - 45C294A4E6C2D569B0B231198DE6D5E3 3051207086651214E435112E51817DC5
  5. LeBe
    Beste Kape, Hierbij de ComboFix log: ComboFix 13-06-08.02 - Gebruiker 12-06-2013 20:40:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.619 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech\Toolbar c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech\Toolbar\settings.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))) . . 2013-06-12 18:27 . 2013-06-12 18:27 -------- d-----w- c:\windows\LastGood 2013-06-10 18:03 . 2013-06-10 18:03 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-06-10 18:03 . 2013-06-10 18:03 -------- d-----w- c:\program files\Trend Micro 2013-05-23 07:29 . 2013-05-23 07:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2013-05-19 20:59 . 2013-05-19 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 19:18 . 2012-08-31 07:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-11 19:18 . 2012-02-14 22:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 15:28 . 2012-02-14 22:38 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:26 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:26 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:30 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 11:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 17:27 1528672] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 14:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 14:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 20:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 19:18] . 2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\q4z2quow.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vuBkdtU&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 204607530000000000000016412034a4 FF - user.js: extensions.incredibar_i.instlDay - 15500 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:52 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8vuBkdtU FF - user.js: extensions.incredibar_i.upn2n - 92824506633261346 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.newTab - false FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00005/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 204607530000000000000016412034a4 FF - user.js: extensions.Softonic.instlDay - 15502 FF - user.js: extensions.Softonic.vrsn - 1.5.24.3 FF - user.js: extensions.Softonic.vrsni - 1.5.24.3 FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.315:17 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - base FF - user.js: extensions.Softonic.instlRef - MON00005 FF - user.js: extensions.Softonic.dfltLng - FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-06-12 20:45 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1148) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2013-06-12 20:47:43 ComboFix-quarantined-files.txt 2013-06-12 18:47 ComboFix2.txt 2012-11-10 14:54 ComboFix3.txt 2012-11-10 13:52 . Pre-Run: 6.061.957.120 bytes beschikbaar Post-Run: 8.199.254.016 bytes beschikbaar . - - End Of File - - 3416FDA968B0AF27610E3D98B1850B8E 3051207086651214E435112E51817DC5 - - - Updated - - - Beste Kape, Ooit heb ik TuneUp Utilities gedownload om de computer te "tunen". Daarna heb ik het programma willen verwijderen, is wel weg uit de lijst me geïnstalleerde programma's, maar draait altijd op de achtergrond nog mee. Kan dat mede het probleem zijn?
  6. LeBe
    Beste, Mijn laptop is sinds een aantal weken zwaar traag. Heb er al wat programma's van afgehaald, maar vooral internet is zwaar traag. Hieronder wel alvast een Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:04:52, on 10-6-2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Gebruiker/Bureaublad/Startpagina2.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-21-45096988-2344995715-2606854980-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Yoran') O4 - HKUS\S-1-5-21-45096988-2344995715-2606854980-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Yoran') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343996807843 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- End of file - 8547 bytes Hoor graag van u wat er aan te doen is. gr. LeBe
  7. LeBe
    Het is gelukt! ik heb geluid. Hartelijk dank voor je hulp. Vr. gr. LeBe
  8. LeBe
    Zover ik kan zien, is er geen aparte geluidskaartaanwezig. De aansluitingen voor de koptelefoon ed zitten direct op het motherboard. Ik zal eerder genoemde geluidsdrivers proberen. - - - Updated - - - Zojuist de "deze geluidsdriver" link gedownload. De computer werd opnieuw opgestart. Welke actie moet er nu worden uitgevoerd? Ik heb in apparaatbeheer gekeken, maar daar wordt de nieuwe download niet gedetecteerd. Of is het zo dat de download gekoppeld moet worden aan apparaatbeheer? Ik heb hier bar weinig verstand van ;-)
  9. LeBe
    Dit is een zakelijke pc geweest. Waarschijnlijk is alles er afgehaald en er opnieuw opgezet om verkocht te kunnen worden. Ik weet niet of de chipsetdriver ed ook zijn geïnstalleerd. Ik heb het type nog eens nagekeken, het gaat echt om de: Type plaatje: HP Workstation xw4400 xw4400X/XK2.40/F250/K2.0/Xx/p P/N: PW375ET#ABH
  10. LeBe
    Bedankt voor je snelle reactie, Merk: HP Type xw 440 Workstation http://speccy.piriform.com/results/SigccnAkbqHjOudS46U7EPc Er staat bij apparaat beheer een gele vraagteken bij:Overige apparaten->onbekend apparaat. Ik hoop je hiermee voldoende te hebben geïnformeerd. Gr. LeBe
  11. LeBe
    Beste, 2 dagen geleden heb ik een computer gekregen, maar geluid werkt niet. Voor zover ik kan beoordelen, is de geluidskaart niet geïnstalleerd. Kan iemand mij daarbij helpen? Alvast dank. Gr. LeBe
  12. LeBe
    Beste, Bij Online tv kijken of uitzendinggemist heb ik last van slecht beeld(korrelig). Regelmatig is de laptop aan het bufferen. Waar kan dit mee te maken hebben?
  13. LeBe
    Super resultaat! Is een stuk sneller geworden en dat werkt zeer prettig. Bedankt voor je hulp!!
  14. LeBe
    Hierij de Combofix log: ComboFix 12-11-09.02 - Gebruiker 10-11-2012 15:42:27.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.499 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant c:\program files\Web Assistant\ExtensionUpdaterService.exe c:\program files\Web Assistant\Firefox\chrome.manifest c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Web Assistant\Firefox\chrome\content\main.js c:\program files\Web Assistant\Firefox\chrome\content\main.xul c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js c:\program files\Web Assistant\Firefox\install.rdf c:\program files\Web Assistant\InstallerHelper.dll c:\program files\Web Assistant\libraries\DataExchangeScript.js c:\program files\Web Assistant\resources\localscript.js c:\program files\Web Assistant\source.crx c:\program files\Web Assistant\unins000.dat c:\program files\Web Assistant\unins000.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_WEB_ASSISTANT_UPDATER -------\Service_Web Assistant Updater . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-10 13:57 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DF2D4A4-E7EF-4765-83C7-3B64093A0B17}\mpengine.dll 2012-11-10 13:53 . 2012-11-10 13:54 -------- d-----w- C:\Virusverwijdering 2012-11-08 07:14 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-07 13:48 . 2012-11-07 13:48 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 13:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 15:55 . 2012-11-02 16:05 -------- d-----w- c:\windows\system32\Adobe 2012-10-27 09:43 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-10-27 09:43 . 2008-04-14 20:32 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-10-27 09:43 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-10-27 09:43 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-10-15 12:08 . 2012-10-15 12:08 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Exstora 2012-10-15 12:07 . 2012-10-15 12:09 -------- d-----w- c:\program files\Exstora Pro 2012-10-15 12:03 . 2012-10-15 12:03 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech 2012-10-15 11:49 . 2012-08-30 01:01 15432 ----a-w- c:\windows\Launcher.exe 2012-10-15 11:49 . 2012-10-15 12:05 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DownTangoLauncherToolbar 2012-10-15 11:49 . 2012-10-15 11:49 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\DownTango . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 10:24 . 2012-08-31 07:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:24 . 2012-02-14 22:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe 2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2006-03-02 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 10:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 16:27 1528672] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 13:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 13:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 19:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 10:24] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 - c:\program files\Web Assistant\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-10 15:51 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1140) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3584) c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\SCardSvr.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\SearchIndexer.exe c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Voltooingstijd: 2012-11-10 15:54:19 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-10 14:54 ComboFix2.txt 2012-11-10 13:52 . Pre-Run: 13.211.783.168 bytes beschikbaar Post-Run: 13.257.031.680 bytes beschikbaar . - - End Of File - - A939BBB0467CDE1FC3D474B8E0A59F74
  15. LeBe
    Hierbij de combofix log: ComboFix 12-11-09.02 - Gebruiker 10-11-2012 14:45:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.570 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gebruiker\Application Data\PriceGong c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\1.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11323.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11360.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\11935.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2229.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2258.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\2912.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\3736.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\3773.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\4432.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\4489.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\5371.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\7008.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\a.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\b.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\c.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\d.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\e.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\f.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\g.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\h.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\i.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\j.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\k.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\l.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\m.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\n.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\o.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\p.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\q.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\r.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\s.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\t.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\u.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\v.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\w.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\x.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\y.txt c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\z.txt c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SETC1.tmp c:\windows\system32\SETC5.tmp c:\windows\system32\SETCD.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))) . . 2012-11-09 20:30 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3C31C2C4-8BDC-4DC9-9A31-106DB7745BE4}\mpengine.dll 2012-11-08 07:14 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-07 13:48 . 2012-11-07 13:48 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-07 13:47 . 2012-11-07 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-07 13:47 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-02 15:55 . 2012-11-02 16:05 -------- d-----w- c:\windows\system32\Adobe 2012-10-27 09:43 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-10-27 09:43 . 2008-04-14 20:32 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-10-27 09:43 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2012-10-27 09:43 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-10-15 12:08 . 2012-10-15 12:08 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Exstora 2012-10-15 12:07 . 2012-10-15 12:09 -------- d-----w- c:\program files\Exstora Pro 2012-10-15 12:03 . 2012-10-15 12:03 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SimplyTech 2012-10-15 11:49 . 2012-08-30 01:01 15432 ----a-w- c:\windows\Launcher.exe 2012-10-15 11:49 . 2012-10-15 12:05 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DownTangoLauncherToolbar 2012-10-15 11:49 . 2012-10-15 11:49 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\DownTango . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 10:24 . 2012-08-31 07:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:24 . 2012-02-14 22:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-25 09:37 . 2012-09-25 09:37 756776 ----a-w- c:\program files\OneCareCleanup.exe 2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2006-03-02 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-27 581693] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" /MINIMIZED . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R2 regi;regi;c:\windows\system32\drivers\regi.sys [5-3-2012 10:24 13880] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [29-5-2012 16:27 1528672] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9-6-2012 17:52 188760] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-7-2011 13:14 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [28-7-2011 13:12 44800] S3 SQTECH900C;EasyCamera(PID_900C_00);c:\windows\system32\drivers\Capt900c.sys [15-2-2012 19:19 143680] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 10:24] . 2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 20:33] . 2012-11-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.254 TCP: Interfaces\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab . - - - - ORPHANS VERWIJDERD - - - - . BHO-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-10 14:50 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-11-10 14:52:44 ComboFix-quarantined-files.txt 2012-11-10 13:52 . Pre-Run: 12.323.368.960 bytes beschikbaar Post-Run: 13.340.221.440 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 1EC31B89AA7ED1C3A09C2A5D4E512679
  16. LeBe
    Hierbij de combofix log: ComboFix 12-11-09.02 - Gebruiker 10-01-2012 11:47:16.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.661 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gebruiker\Application Data\Caozy c:\documents and settings\Gebruiker\Application Data\Caozy\irul.wot c:\documents and settings\Gebruiker\Application Data\Ofuxco c:\documents and settings\Gebruiker\Application Data\searchquband c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCall.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla17.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla18.exe c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla19.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla2.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla20.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.exe c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseData.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))) . . 2012-11-03 09:50 . 2012-01-06 13:27 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-10-30 10:11 . 2012-10-12 05:56 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-25 09:14 . 2012-10-25 09:14 -------- d-----w- c:\program files\MSXML 4.0 2012-10-24 18:56 . 2012-10-24 19:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Audacity 2012-10-23 09:48 . 2012-10-23 09:48 -------- d-----w- c:\program files\PC Tools 2012-10-23 09:47 . 2012-10-23 09:47 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-10-23 09:47 . 2012-10-23 09:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Product_RM 2012-10-03 18:26 . 2012-10-03 18:26 -------- d-----w- c:\documents and settings\Gebruiker\AppData 2012-10-03 18:20 . 2012-10-03 18:20 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Ilivid Player 2012-10-03 18:17 . 2012-10-03 18:17 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2012-09-25 18:49 . 2012-09-25 18:53 -------- d-----w- c:\windows\system32\NtmsData 2012-09-24 12:20 . 2012-09-24 12:20 -------- d-----w- C:\Drivers 2012-09-24 12:20 . 2002-10-15 20:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys 2012-09-24 12:20 . 2001-11-05 07:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys 2012-09-24 12:20 . 2001-11-05 07:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys 2012-09-24 12:20 . 2001-11-05 07:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys 2012-09-24 12:20 . 2001-07-03 18:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll 2012-09-24 12:20 . 2001-07-03 18:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL 2012-09-24 08:23 . 2012-09-24 08:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-09-18 09:48 . 2012-10-09 08:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-18 09:48 . 2012-10-09 08:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-18 09:43 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2012-09-18 09:43 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-09-18 09:43 . 2008-04-14 20:33 91648 ----a-w- c:\windows\system32\kswdmcap.ax 2012-09-18 09:43 . 2008-04-14 20:33 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-09-18 09:43 . 2008-04-13 22:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2012-09-18 09:43 . 2008-04-13 22:16 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-09-18 09:43 . 2008-04-14 20:33 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-09-18 09:43 . 2008-04-14 20:32 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2012-09-18 09:43 . 2008-04-14 20:32 54272 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-09-18 09:43 . 2008-04-13 22:16 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys 2012-09-18 09:43 . 2008-04-13 22:16 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-07-11 18:11 . 2012-07-11 18:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\FunnyGames 2012-07-11 18:11 . 2012-07-11 18:11 -------- d-----w- c:\program files\FunnyGames 2012-07-06 13:58 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll 2012-06-14 07:10 . 2012-08-28 15:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-08 04:32 . 2012-06-08 04:32 1375288 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL 2012-05-02 10:17 . 2012-05-02 10:17 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-05-01 13:02 . 2012-05-01 13:02 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment 2012-04-11 13:17 . 2012-04-11 13:17 2594632 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL 2012-04-04 11:59 . 2012-04-04 11:59 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\CrashRpt 2012-04-04 10:57 . 2012-04-04 10:57 -------- d-----w- c:\program files\MSBuild 2012-04-04 10:57 . 2012-05-09 19:38 -------- d-----w- c:\windows\system32\XPSViewer 2012-04-04 10:57 . 2012-04-04 10:57 -------- d-----w- c:\program files\Reference Assemblies 2012-04-04 10:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-04-04 10:56 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2012-04-04 10:51 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-04-04 10:51 . 2012-04-04 10:51 -------- d-----w- c:\windows\Logs 2012-04-04 10:14 . 2012-04-04 10:14 -------- d-----w- c:\program files\Atari 2012-02-29 14:10 . 2012-02-29 14:10 148480 -c----w- c:\windows\system32\dllcache\imagehlp.dll 2012-02-17 19:16 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 19:15 . 2012-10-02 15:31 -------- d-----w- c:\program files\Microsoft Security Client 2012-02-16 11:14 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 11:14 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-28 09:56 . 2012-01-28 09:56 -------- d-sh--w- c:\documents and settings\Gebruiker\IECompatCache 2012-01-23 15:17 . 2012-01-23 15:18 -------- dc-h--w- c:\windows\ie8 2012-01-21 16:03 . 2012-01-21 16:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-01-20 22:44 . 2012-01-20 22:44 -------- d-sh--w- c:\documents and settings\Gebruiker\PrivacIE 2012-01-20 22:42 . 2012-01-20 22:42 -------- d-sh--w- c:\documents and settings\Gebruiker\IETldCache 2012-01-14 12:58 . 2012-01-14 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Mozilla 2012-01-10 10:44 . 2012-01-10 10:44 29904 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{462F0A41-0768-400F-844A-8DEA8FA3ED81}\MpKslba788b06.sys 2012-01-09 21:20 . 2012-10-12 05:56 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{462F0A41-0768-400F-844A-8DEA8FA3ED81}\mpengine.dll 2012-01-09 11:59 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-01-09 11:58 . 2012-08-28 15:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-01-09 11:58 . 2012-08-28 15:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-01-09 11:58 . 2012-08-28 15:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-01-08 08:31 . 2012-01-08 08:33 -------- dc----w- C:\Virusverwijdering 2012-01-07 13:59 . 2012-01-07 13:59 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Sun 2012-01-07 13:39 . 2012-01-07 13:39 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-01-07 13:38 . 2012-01-07 13:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-07 13:38 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-07 13:35 . 2012-01-07 13:35 -------- d-----w- c:\program files\Common Files\Java 2012-01-07 13:35 . 2012-01-07 13:34 544656 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-07 13:35 . 2012-01-07 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-07 13:34 . 2012-01-07 13:34 -------- d-----w- c:\program files\Java 2012-01-07 13:25 . 2012-01-07 13:26 -------- d-----w- c:\program files\backups 2012-01-06 20:31 . 2012-01-06 20:31 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Get from YouTube 2012-01-06 19:18 . 2012-01-06 19:18 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Import Audio from Video 2012-01-06 19:18 . 2012-01-06 20:49 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Music Editor Free 2012-01-06 19:17 . 2005-03-28 14:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll 2012-01-06 19:17 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll 2012-01-06 19:17 . 2005-05-18 10:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll 2012-01-06 19:17 . 2005-04-25 12:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll 2012-01-06 19:17 . 2005-04-25 12:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll 2012-01-06 19:17 . 2005-04-04 16:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll 2012-01-06 19:17 . 2005-03-28 14:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll 2012-01-06 19:17 . 2005-05-17 11:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll 2012-01-06 19:17 . 2005-04-15 11:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll 2012-01-06 19:17 . 2004-11-04 12:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll 2012-01-06 19:17 . 2002-01-05 15:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-01-06 19:17 . 2012-01-06 20:18 -------- d-----w- c:\program files\Music Editor Free 2012-01-06 19:16 . 2012-01-06 19:16 373456 ----a-w- c:\program files\SoftonicDownloader_voor_music-editor-free.exe 2012-01-06 13:45 . 2012-01-06 13:45 -------- d-----w- c:\program files\Enigma Software Group 2012-01-06 13:44 . 2012-01-06 13:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-01-06 13:43 . 2012-01-06 13:44 725440 ----a-w- c:\program files\SpyHunter-Installer.exe 2012-01-06 13:39 . 2012-01-06 17:54 -------- d-----w- c:\program files\7-Zip 2012-01-06 13:27 . 2012-01-06 13:27 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-06 13:12 . 2012-01-08 08:32 -------- dcs---w- c:\documents and settings\Administrator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 20:03 . 2011-04-18 12:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 12:44 . 2011-01-26 13:09 38560 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2008-06-06 11:52 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-06-06 13:01 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-01-15 11:41 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-06-06 11:54 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-06-06 11:54 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-06-06 11:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-01-15 11:41 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-06-06 11:54 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2008-06-06 11:54 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2011-01-15 10:27 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-01-15 11:41 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-06-06 11:54 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-01-15 11:41 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-06-06 11:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2011-05-30 15:31 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2011-05-30 15:31 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-01 16:50 . 2004-08-04 12:00 604672 ----a-w- c:\windows\system32\crypt32.dll 2012-05-14 09:23 . 2004-08-04 12:00 347136 ----a-w- c:\windows\system32\localspl.dll 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-20 06:12 . 2004-08-04 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-03 15:29 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2004-08-04 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2004-08-04 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-14 14:47 . 2004-08-04 12:00 23040 ----a-w- c:\windows\system32\mciseq.dll 2011-10-14 14:47 . 2004-08-04 12:00 179200 ----a-w- c:\windows\system32\winmm.dll 2011-12-21 08:02 . 2012-01-14 12:58 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-16 161336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2011-1-22 151552] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2011-1-22 106496] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"= "c:\\Program Files\\Atari\\TDU2\\DownloadCache\\20110218191951\\UpLauncher.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 MpKslba788b06;MpKslba788b06;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{462F0A41-0768-400F-844A-8DEA8FA3ED81}\MpKslba788b06.sys [10-1-2012 11:44 29904] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLBA788B06 *Deregistered* - uphcleanhlp . Inhoud van de 'Gedeelde Taken' map . 2012-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 08:23] . 2012-01-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 08:35] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 17:37] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 17:37] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-839522115-1004Core.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 07:27] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-839522115-1004UA.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 07:27] . 2012-01-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . 2012-01-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-06-04 20:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\lkwpc03k.default\ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-04-10 11:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-10 11:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-01-10 11:56:07 ComboFix-quarantined-files.txt 2012-01-10 10:56 ComboFix2.txt 2012-01-09 20:08 . Pre-Run: 6.755.528.704 bytes beschikbaar Post-Run: 6.809.292.800 bytes beschikbaar . - - End Of File - - 4320DF113032E92581EF8C8D83A0A0B2
  17. LeBe
    Oeps! weet het wachtwoord van de Administrator niet meer. Dat had ik ook op m'n vaste PC(andere discussie) en daar heb ik het via run>cmd>Net user Admninistrator* opgelost, maar dit pakt deze laptop niet. En onder gebruiker kan ik bovenstaande opdracht niet uitvoeren.
  18. LeBe
    Hieronder de Combofix log: ComboFix 12-11-09.02 - Gebruiker 09-01-2012 20:59:54.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.661 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Gebruiker\Application Data\.# c:\documents and settings\Gebruiker\Application Data\PriceGong c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\1.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\a.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\b.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\c.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\d.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\e.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\f.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\g.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\h.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\i.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\J.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\k.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\l.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\m.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\n.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\o.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\p.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\q.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\r.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\s.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\t.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\u.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\v.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\w.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\x.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\y.xml c:\documents and settings\Gebruiker\Application Data\PriceGong\Data\z.xml c:\documents and settings\Gebruiker\Application Data\Tixoco c:\documents and settings\Gebruiker\Application Data\Tixoco\puov.exe c:\windows\system32\SET234.tmp c:\windows\system32\SET29.tmp c:\windows\system32\SET2D6.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))) . . 2012-11-03 09:50 . 2012-01-06 13:27 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-10-30 10:11 . 2012-10-12 05:56 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-25 09:14 . 2012-10-25 09:14 -------- d-----w- c:\program files\MSXML 4.0 2012-10-24 18:56 . 2012-10-24 19:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Audacity 2012-10-23 09:48 . 2012-10-23 09:48 -------- d-----w- c:\program files\PC Tools 2012-10-23 09:47 . 2012-10-23 09:47 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools 2012-10-23 09:47 . 2012-10-23 09:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Product_RM 2012-10-23 09:12 . 2012-11-03 13:00 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Ofuxco 2012-10-23 09:12 . 2012-10-23 09:12 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Caozy 2012-10-03 18:26 . 2012-10-03 18:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\searchquband 2012-10-03 18:26 . 2012-10-03 18:26 -------- d-----w- c:\documents and settings\Gebruiker\AppData 2012-10-03 18:20 . 2012-10-03 18:20 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Ilivid Player 2012-10-03 18:17 . 2012-10-03 18:17 -------- dc----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2012-09-25 18:49 . 2012-09-25 18:53 -------- d-----w- c:\windows\system32\NtmsData 2012-09-24 12:20 . 2012-09-24 12:20 -------- d-----w- C:\Drivers 2012-09-24 12:20 . 2002-10-15 20:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys 2012-09-24 12:20 . 2001-11-05 07:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys 2012-09-24 12:20 . 2001-11-05 07:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys 2012-09-24 12:20 . 2001-11-05 07:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys 2012-09-24 12:20 . 2001-07-03 18:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll 2012-09-24 12:20 . 2001-07-03 18:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL 2012-09-24 08:23 . 2012-09-24 08:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-09-18 09:48 . 2012-10-09 08:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-18 09:48 . 2012-10-09 08:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-18 09:43 . 2008-04-13 22:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2012-09-18 09:43 . 2008-04-13 22:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2012-09-18 09:43 . 2008-04-14 20:33 91648 ----a-w- c:\windows\system32\kswdmcap.ax 2012-09-18 09:43 . 2008-04-14 20:33 61952 ----a-w- c:\windows\system32\kstvtune.ax 2012-09-18 09:43 . 2008-04-13 22:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys 2012-09-18 09:43 . 2008-04-13 22:16 51200 ----a-w- c:\windows\system32\drivers\msdv.sys 2012-09-18 09:43 . 2008-04-14 20:33 43008 ----a-w- c:\windows\system32\ksxbar.ax 2012-09-18 09:43 . 2008-04-14 20:32 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2012-09-18 09:43 . 2008-04-14 20:32 54272 ----a-w- c:\windows\system32\vfwwdm32.dll 2012-09-18 09:43 . 2008-04-13 22:16 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys 2012-09-18 09:43 . 2008-04-13 22:16 38912 ----a-w- c:\windows\system32\drivers\avc.sys 2012-07-11 18:11 . 2012-07-11 18:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\FunnyGames 2012-07-11 18:11 . 2012-07-11 18:11 -------- d-----w- c:\program files\FunnyGames 2012-07-06 13:58 . 2012-07-06 13:58 78336 -c----w- c:\windows\system32\dllcache\browser.dll 2012-06-14 07:10 . 2012-08-28 15:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-08 04:32 . 2012-06-08 04:32 1375288 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL 2012-05-02 10:17 . 2012-05-02 10:17 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-05-01 13:02 . 2012-05-01 13:02 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment 2012-04-11 13:17 . 2012-04-11 13:17 2594632 ----a-w- c:\program files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL 2012-04-04 11:59 . 2012-04-04 11:59 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\CrashRpt 2012-04-04 10:57 . 2012-04-04 10:57 -------- d-----w- c:\program files\MSBuild 2012-04-04 10:57 . 2012-05-09 19:38 -------- d-----w- c:\windows\system32\XPSViewer 2012-04-04 10:57 . 2012-04-04 10:57 -------- d-----w- c:\program files\Reference Assemblies 2012-04-04 10:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-04-04 10:56 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2012-04-04 10:51 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-04-04 10:51 . 2012-04-04 10:51 -------- d-----w- c:\windows\Logs 2012-04-04 10:14 . 2012-04-04 10:14 -------- d-----w- c:\program files\Atari 2012-02-29 14:10 . 2012-02-29 14:10 148480 -c----w- c:\windows\system32\dllcache\imagehlp.dll 2012-02-17 19:16 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 19:15 . 2012-10-02 15:31 -------- d-----w- c:\program files\Microsoft Security Client 2012-02-16 11:14 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-16 11:14 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-28 09:56 . 2012-01-28 09:56 -------- d-sh--w- c:\documents and settings\Gebruiker\IECompatCache 2012-01-23 15:17 . 2012-01-23 15:18 -------- dc-h--w- c:\windows\ie8 2012-01-21 16:03 . 2012-01-21 16:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-01-20 22:44 . 2012-01-20 22:44 -------- d-sh--w- c:\documents and settings\Gebruiker\PrivacIE 2012-01-20 22:42 . 2012-01-20 22:42 -------- d-sh--w- c:\documents and settings\Gebruiker\IETldCache 2012-01-14 12:58 . 2012-01-14 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Mozilla 2012-01-09 11:59 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-01-09 11:58 . 2012-08-28 15:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-01-09 11:58 . 2012-08-28 15:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-01-09 11:58 . 2012-08-28 15:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-01-08 08:31 . 2012-01-08 08:33 -------- dc----w- C:\Virusverwijdering 2012-01-07 13:59 . 2012-01-07 13:59 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Sun 2012-01-07 13:39 . 2012-01-07 13:39 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2012-01-07 13:38 . 2012-01-07 13:38 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-07 13:38 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-07 13:35 . 2012-01-07 13:35 -------- d-----w- c:\program files\Common Files\Java 2012-01-07 13:35 . 2012-01-07 13:34 544656 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-07 13:35 . 2012-01-07 13:34 128000 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-07 13:34 . 2012-01-07 13:34 -------- d-----w- c:\program files\Java 2012-01-07 13:25 . 2012-01-07 13:26 -------- d-----w- c:\program files\backups 2012-01-06 20:31 . 2012-01-06 20:31 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Get from YouTube 2012-01-06 19:18 . 2012-01-06 19:18 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Import Audio from Video 2012-01-06 19:18 . 2012-01-06 20:49 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Music Editor Free 2012-01-06 19:17 . 2005-03-28 14:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll 2012-01-06 19:17 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll 2012-01-06 19:17 . 2005-05-18 10:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll 2012-01-06 19:17 . 2005-04-25 12:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll 2012-01-06 19:17 . 2005-04-25 12:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll 2012-01-06 19:17 . 2005-04-04 16:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll 2012-01-06 19:17 . 2005-03-28 14:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll 2012-01-06 19:17 . 2005-05-17 11:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll 2012-01-06 19:17 . 2005-04-15 11:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll 2012-01-06 19:17 . 2004-11-04 12:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll 2012-01-06 19:17 . 2002-01-05 15:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2012-01-06 19:17 . 2012-01-06 20:18 -------- d-----w- c:\program files\Music Editor Free 2012-01-06 19:16 . 2012-01-06 19:16 373456 ----a-w- c:\program files\SoftonicDownloader_voor_music-editor-free.exe 2012-01-06 13:45 . 2012-01-06 13:45 -------- d-----w- c:\program files\Enigma Software Group 2012-01-06 13:44 . 2012-01-06 17:55 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2012-01-06 13:44 . 2012-01-06 13:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-01-06 13:43 . 2012-01-06 13:44 725440 ----a-w- c:\program files\SpyHunter-Installer.exe 2012-01-06 13:39 . 2012-01-06 17:54 -------- d-----w- c:\program files\7-Zip 2012-01-06 13:28 . 2012-10-12 05:56 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7D73BAA-B891-4BB7-B0B7-E811C13C7345}\mpengine.dll 2012-01-06 13:27 . 2012-01-06 13:27 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-06 13:12 . 2012-01-08 08:32 -------- dcs---w- c:\documents and settings\Administrator . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 20:03 . 2011-04-18 12:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2004-08-04 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:58 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-21 12:44 . 2011-01-26 13:09 38560 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2008-06-06 11:52 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2008-06-06 13:01 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-01-15 11:41 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2008-06-06 11:54 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2008-06-06 11:54 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-06-06 11:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-01-15 11:41 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2008-06-06 11:54 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2008-06-06 11:54 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2011-01-15 10:27 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-01-15 11:41 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2008-06-06 11:54 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-01-15 11:41 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2008-06-06 11:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2011-05-30 15:31 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2011-05-30 15:31 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-01 16:50 . 2004-08-04 12:00 604672 ----a-w- c:\windows\system32\crypt32.dll 2012-05-14 09:23 . 2004-08-04 12:00 347136 ----a-w- c:\windows\system32\localspl.dll 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-20 06:12 . 2004-08-04 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-03 15:29 . 2004-08-04 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2004-08-04 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2004-08-04 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-14 14:47 . 2004-08-04 12:00 23040 ----a-w- c:\windows\system32\mciseq.dll 2011-10-14 14:47 . 2004-08-04 12:00 179200 ----a-w- c:\windows\system32\winmm.dll 2011-12-21 08:02 . 2012-01-14 12:58 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-16 161336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2011-1-22 151552] Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2011-1-22 106496] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"= "c:\\Program Files\\Atari\\TDU2\\DownloadCache\\20110218191951\\UpLauncher.exe"= . S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - uphcleanhlp . Inhoud van de 'Gedeelde Taken' map . 2012-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 08:23] . 2012-01-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-04 08:35] . 2012-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 17:37] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 17:37] . 2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-839522115-1004Core.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 07:27] . 2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1580818891-839522115-1004UA.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-17 07:27] . 2012-01-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25] . 2012-01-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-06-04 20:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\lkwpc03k.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=427&systemid=406&sr=0&q= FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2012-04-10 11:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) WebBrowser-{D2F11D8B-3EB5-4B42-9511-370DBEC707FB} - (no file) HKCU-Run-ares - c:\documents and settings\Gebruiker\Mijn documenten\Downloads\Ares\Ares.exe AddRemove-HijackThis - c:\documents and settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\DG82BTPW\HijackThis.exe AddRemove-Kruidvat fotoservice - c:\documents and settings\Gebruiker\Bureaublad\Kruidvat fotoservice\uninstall.exe AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe AddRemove-Oryte_Games_1.15 Toolbar - c:\program files\Oryte_Games_1.15\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-09 21:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-01-09 21:08:56 ComboFix-quarantined-files.txt 2012-01-09 20:08 . Pre-Run: 5.273.915.392 bytes beschikbaar Post-Run: 6.835.150.848 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 4A8124515BF523B903AAC7B15BA08AB9
  19. LeBe
    Beste Kape, Op deze computer heb ik, als routine controle, de Malwarebytes' Anti-Malware uitgevoerd en heeft 15 besmette fils/bestanden opgeruimd. Ondanks dat we glasvezel van KPN hebben met 50MB up-en download snelheid, duurt het vaak erg lang voordat een pagina geladen is. Ik weet niet waar het aanligt. Misschien dat je mij daarbij kan helpen. Hierbij de Hijackthis file van m'n laptop: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:06:37, on 7-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\FU1U9W23\HijackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - http://tbedits.televisionfanatic.com/one-toolbaredits/menusearch.jhtml?s=100000415&p=XPxdm253YYnl&si=CIzf3fLirbICFYFY3godczQAPg&a=5B4D0990-B052-4E0C-9BD5-1F90B2E69360&n=2012091110&cv=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343996807843 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D988243E-280D-4C12-B1D7-9A66B5927299}: NameServer = 8.8.8.8,208.67.222.222 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- End of file - 8485 bytes
  20. LeBe
    deze aktie is ondernomen doordat het Ukash virus mijn computer blokkeerde. Als het goed is, is het virus weg, maar de computer is erg traag. Toen het virus mijn computer blokkeerde, ben ik via de laptop gaan googlen. uiteindelijk heb ik de systeemklok kunnen terugzetten(moet deze weer naar huidige tijd gezet worden?). Toen kwam ik op jullie forum uit. Ik ga er vanuit dat het virus is opgelost, maar computer blijft traag. Heb inmidels de "schijfopruiming" uitgevoerd, de cookies verwijderd. Wat zou ik verder kunnen doen? gr. LeBe
  21. LeBe
    Beste Kape, Ik hoop dat het nu wel gelukt is. Hierbij de nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 9:15:10, on 8-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Carambis\Driver Updater\dupdater.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-Proxy.prvgld.nl:8080/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295087253078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295087244734 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
  22. LeBe
    Beste Kape, Bedankt voor je uitleg. Ik heb de opdracht uitgevoerd en onderstaande logs komen eruit: Logfile of HijackThis v1.99.1 Scan saved at 15:12:36, on 7-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Carambis\Driver Updater\dupdater.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-Proxy.prvgld.nl:8080/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295087253078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295087244734 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Updateservice (gupdate1ca14611118958c) (gupdate1ca14611118958c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf (file missing) Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.07.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gebruiker :: THUIS [administrator] 7-1-2012 14:40:11 mbam-log-2012-01-07 (14-40-11).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 210662 Verstreken tijd: 11 minuut/minuten, 20 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 3 HKCR\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71} (Trojan.WebMoner) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PCACD.eProtocol (Trojan.WebMoner) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 1 C:\Documents and Settings\Gebruiker\Application Data\hellomoto (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 4 C:\Program Files\installer_magic_music_editor.exe (PUP.ToolBar.Installer.IRCF) -> Succesvol in quarantaine geplaatst en verwijderd. C:\RECYCLER\S-1-5-21-515967899-1580818891-839522115-1004\Dc26.exe (PUP.BundleInstaller.DT) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Gebruiker\Application Data\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Gebruiker\Application Data\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Ik kan hier niet wijs uit worden, maar hoop dat alles gewerkt heeft. Hoor graag van je. gr. LeBe p.s. Ik heb ook een Hijachthis log va mijn laptop, moet ik die onder een andere discussie plaatsen of kan dat ook onder deze.
  23. LeBe
    Hallo, Ik heb een HijackThis logfile, maar heb geen idee welke file's er verwijdert moeten worden. Kan iemand mij daarbij helpen. Ben echt een beginner. Alvast dank voor de reacties. Logfile of HijackThis v1.99.1 Scan saved at 19:05:45, on 6-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Carambis\Driver Updater\dupdater.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-Proxy.prvgld.nl:8080/ O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Gebruiker\Mijn documenten\Downloads\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sasori] "C:\Documents and Settings\Gebruiker\Application Data\Tixoco\puov.exe" O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295087253078 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1295087244734 O20 - AppInit_DLLs: O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Google Updateservice (gupdate1ca14611118958c) (gupdate1ca14611118958c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.