ten
-
Items
4 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door ten
-
claro search probleem is niet te verwijderen help
ten reageerde op ten's topic in Archief Bestrijding malware & virussen
Goedemorgen hierbij het logje van Combofix. ComboFix 12-11-09.02 - Gebruiker 09-11-2012 13:27:15.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.347 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gebruiker\Application Data\ACD Systems\ACDSee\ImageDB.ddf c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\msssc.dll c:\windows\system32\roboot.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))) . . 2012-11-09 06:31 . 2012-11-09 06:31 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG2013 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\AVG Secure Search 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG Secure Search 2012-11-09 06:29 . 2012-11-09 06:28 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-11-09 06:29 . 2012-11-09 06:29 -------- d-----w- c:\program files\AVG Secure Search 2012-11-09 06:28 . 2012-11-09 06:28 -------- d-----w- c:\windows\LastGood 2012-11-09 06:27 . 2012-11-09 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2012-11-09 06:27 . 2012-11-09 06:27 -------- d-----w- C:\$AVG 2012-11-09 06:26 . 2012-11-09 06:26 -------- d-----w- c:\program files\AVG 2012-11-09 06:06 . 2012-11-09 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-11-09 06:06 . 2012-11-09 06:34 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013 2012-11-09 06:06 . 2012-11-09 06:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-11-09 06:06 . 2012-11-09 06:06 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\MFAData 2012-11-08 07:47 . 2012-11-08 07:47 388096 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-08 07:47 . 2012-11-08 07:47 -------- d-----w- c:\program files\Trend Micro 2012-11-07 13:18 . 2012-11-07 14:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2012-11-07 13:14 . 2012-11-07 13:14 -------- d-----w- C:\ProgramData 2012-11-07 13:14 . 2012-11-07 13:14 -------- d-----w- C:\Cover DVD1 2012-11-07 10:14 . 2012-11-07 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-11-07 10:14 . 2012-11-07 13:36 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-07 10:14 . 2012-11-07 10:14 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SUPERAntiSpyware.com 2012-11-07 09:35 . 2012-11-07 10:05 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2012-11-07 08:06 . 2012-11-07 08:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\ElevatedDiagnostics 2012-11-05 12:25 . 2003-05-14 20:07 389120 ----a-w- c:\windows\system32\actskn43.ocx 2012-11-05 12:25 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll 2012-11-05 12:25 . 2003-01-26 14:48 147456 ----a-w- c:\windows\system32\Vbzip11.dll 2012-11-05 12:25 . 1999-04-17 22:36 10752 ----a-w- c:\windows\system32\aamd532.dll 2012-11-05 12:25 . 1998-04-23 23:00 368912 ----a-w- c:\windows\system32\vbar332.dll 2012-11-05 12:24 . 2012-11-05 12:24 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Webroot 2012-11-05 12:24 . 2012-11-05 12:24 -------- d-----w- c:\program files\Webroot 2012-11-05 08:12 . 2012-11-05 08:12 -------- d-----w- c:\program files\Enigma Software Group 2012-11-05 08:11 . 2012-11-07 09:36 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2012-11-05 08:11 . 2012-11-07 13:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-11-05 08:05 . 2012-11-07 11:12 -------- d-----w- c:\program files\Best Removal Tool 2012-10-30 08:24 . 2012-10-30 08:24 -------- d-----w- c:\program files\MSXML 4.0 2012-10-28 09:32 . 2012-10-28 09:44 -------- d-----w- c:\windows\Ulead.dat 2012-10-28 09:29 . 2012-10-28 10:09 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\WMTools Downloaded Files 2012-10-28 09:23 . 2000-05-22 21:58 608448 ----a-w- c:\windows\system32\comctl32.ocx 2012-10-28 09:07 . 2012-10-28 09:23 -------- d-----w- c:\program files\Total Video Converter 2012-10-28 09:03 . 2012-10-28 09:03 -------- d-----w- c:\documents and settings\Gebruiker\dwhelper 2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-10-20 06:00 . 2012-10-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\HP 2012-10-17 13:05 . 2012-10-17 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2012-10-17 13:05 . 2012-10-17 13:05 -------- d-----w- c:\program files\Hewlett-Packard 2012-10-17 13:05 . 2012-10-17 13:05 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2012-10-17 13:04 . 2012-10-17 13:04 -------- d-----w- c:\program files\Common Files\HP 2012-10-17 13:03 . 2012-10-17 13:05 -------- d-----w- c:\program files\HP 2012-10-17 13:03 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2012-10-17 13:03 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-10-13 11:52 . 2012-10-13 11:53 -------- d-----w- c:\program files\ACD Systems 2012-10-13 11:47 . 2012-10-13 11:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\ACD Systems 2012-10-13 11:13 . 1998-10-30 04:02 11264 ----a-w- c:\windows\system32\Jgid500.dll 2012-10-13 11:13 . 1998-10-30 04:02 11264 ----a-w- c:\windows\system32\Jgar500.dll 2012-10-13 11:13 . 1998-10-30 04:02 144896 ----a-w- c:\windows\system32\Jgdw500.dll 2012-10-13 11:13 . 1998-10-30 04:03 13312 ----a-w- c:\windows\system32\Jgst500.dll 2012-10-13 11:13 . 1998-10-30 04:03 15872 ----a-w- c:\windows\system32\Jgpl500.dll 2012-10-13 11:13 . 1998-10-30 04:02 7168 ----a-w- c:\windows\system32\Jgme500.dll 2012-10-13 11:13 . 1999-12-15 11:18 1056768 ----a-w- c:\windows\system32\Roboex32.dll 2012-10-12 10:09 . 2012-10-12 10:09 -------- d-----w- c:\windows\ShellNew 2012-10-12 09:40 . 2012-10-12 09:40 -------- d-----w- c:\windows\Local Settings 2012-10-12 09:40 . 2012-10-12 09:40 -------- d-----w- c:\program files\Desktop Tray Clock 2012-10-12 09:27 . 2012-10-12 09:27 -------- d-----w- c:\program files\Yz Shadow 2012-10-12 09:24 . 2012-11-07 13:33 -------- d-----w- c:\program files\DVD2SVCD 2012-10-12 09:24 . 2012-10-12 09:24 -------- d-----w- c:\program files\Custom Technology 2012-10-12 09:24 . 2012-10-12 09:24 -------- d-----w- c:\program files\DVD Decrypter 2012-10-12 09:23 . 2001-12-08 18:20 38912 ----a-w- c:\windows\system32\HUFFYUV.DLL 2012-10-12 09:23 . 2012-10-12 09:24 -------- d-----w- c:\program files\AviSynth 2.5 2012-10-12 08:01 . 2012-10-12 08:01 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\ESET 2012-10-12 05:41 . 2012-10-12 05:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2012-10-11 13:32 . 2012-10-11 13:32 -------- d-----w- c:\program files\Gophoto.it 2012-10-11 13:28 . 2012-11-08 09:27 -------- d-----w- c:\documents and settings\Gebruiker\Bureaublad 2012-10-11 12:58 . 2012-10-11 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google 2012-10-11 12:50 . 2012-10-11 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RegUse 2012-10-11 12:49 . 2012-10-11 12:53 -------- d-----w- c:\program files\RegUse 2012-10-11 12:31 . 2012-10-11 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2012-10-11 12:30 . 2012-11-01 08:06 -------- d-----w- c:\program files\NCH Software 2012-10-11 12:30 . 2012-10-11 12:54 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\NCH Software 2012-10-11 09:04 . 2012-10-11 13:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-11 09:04 . 2012-10-11 13:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-11 07:56 . 2012-10-11 07:56 -------- d-----w- c:\windows\system32\C2MP 2012-10-11 07:43 . 2012-10-11 07:43 -------- d-----w- c:\program files\Yamicsoft 2012-10-11 07:43 . 2012-10-11 07:43 -------- d-----w- c:\program files\Computer-Expert Group 2012-10-11 07:11 . 2012-10-11 07:11 -------- d--h--w- c:\windows\PIF 2012-10-11 04:55 . 2012-06-04 15:35 222448 ----a-w- c:\windows\system32\muweb.dll 2012-10-11 04:55 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-06 10:40 . 2012-10-06 10:40 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-25 05:30 . 2012-09-25 05:30 3915776 ----a-w- c:\windows\system32\ffmpeg.dll 2012-09-25 05:30 . 2012-09-25 05:30 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-09-25 05:29 . 2012-09-25 05:29 3504128 ----a-w- c:\windows\system32\ffdshow.ax 2012-09-25 05:29 . 2012-09-25 05:29 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll 2012-09-25 05:29 . 2012-09-25 05:29 99840 ----a-w- c:\windows\system32\ff_wmv9.dll 2012-09-25 05:29 . 2012-09-25 05:29 157184 ----a-w- c:\windows\system32\ff_unrar.dll 2012-09-25 05:29 . 2012-09-25 05:29 147456 ----a-w- c:\windows\system32\ff_libmad.dll 2012-09-25 05:28 . 2012-09-25 05:28 211968 ----a-w- c:\windows\system32\ff_libdts.dll 2012-09-25 05:28 . 2012-09-25 05:28 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll 2012-09-25 05:28 . 2012-09-25 05:28 114688 ----a-w- c:\windows\system32\ff_liba52.dll 2012-09-24 00:03 . 2012-09-24 00:03 1289728 ----a-w- c:\windows\system32\VSFilter.dll 2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-08-28 15:17 . 2003-04-08 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2003-04-08 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2012-05-14 09:29 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2003-04-08 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 19:01 . 2012-08-23 19:01 233472 ----a-w- c:\windows\system32\DCBassSourceMod.ax 2012-08-23 13:43 . 2012-08-23 13:43 54328 ----a-w- c:\windows\system32\bass_opus.dll 2012-08-23 06:27 . 2003-04-08 12:00 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2002-09-09 13:17 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-24 17:50 . 2012-11-04 09:08 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304] "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 69632] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872] "HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2008-04-26 1006344] "SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320] "ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-09 1020512] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\ Yz Shadow.lnk - c:\program files\Yz Shadow\YzShadow.exe [2002-9-30 151552] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Sitecom 300N USB Wireless LAN Utility.lnk - c:\program files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe [2012-10-6 966656] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SITECOM\\300N USB Wireless LAN Utility\\RtWLan.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot "53:UDP"= 53:UDP:Realtek AP UDP Prot . R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21-9-2012 3:46 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14-9-2012 3:05 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22-10-2012 13:02 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21-9-2012 3:45 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2-10-2012 3:30 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21-9-2012 3:46 164832] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9-11-2012 7:29 26984] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22-10-2012 13:05 196664] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [9-11-2012 7:29 711112] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [6-10-2012 11:38 594048] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15-10-2012 3:48 55776] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [6-11-2012 19:00 5814392] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - AVGIDSAGENT *NewlyCreated* - AVGIDSDRIVER *NewlyCreated* - AVGIDSSHIM *NewlyCreated* - AVGLDX86 *NewlyCreated* - AVGLOGX *NewlyCreated* - AVGMFX86 *NewlyCreated* - AVGRKX86 *NewlyCreated* - AVGTDIX *NewlyCreated* - AVGTP *NewlyCreated* - AVGWD *NewlyCreated* - VTOOLBARUPDATER13.2.0 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 13:01] . 2012-10-18 c:\windows\Tasks\RegUse.job - c:\program files\RegUse\RegUse.exe [2012-08-16 08:37] . 2012-11-09 c:\windows\Tasks\User_Feed_Synchronization-{C841954E-20DF-4D8C-9870-18AFD7A87585}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={A6B4900F-ABFC-4E18-A897-8BF73B519067}&mid=f95d026e1c4e47d086c9d145b06fe694-970a07a2be282277a370301e621d5afc54f01036〈=nl&ds=AVG&pr=pr&d=2012-11-09 07:29&v=13.2.0.4&sap=ku&q= FF - ExtSQL: 2012-10-07 08:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - ExtSQL: 2012-10-12 08:35; YoutubeVideoDownloader@gefruckelt.de; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\YoutubeVideoDownloader@gefruckelt.de.xpi FF - ExtSQL: 2012-10-18 14:50; onlinehdtv@onlinehd.tv; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\onlinehdtv@onlinehd.tv.xpi FF - ExtSQL: 2012-10-18 14:50; artur.dubovoy@gmail.com; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2012-11-01 09:15; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2012-11-04 09:25; stefanvandamme@stefanvd.net; c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\a5sfrfw6.default\extensions\stefanvandamme@stefanvd.net.xpi FF - ExtSQL: 2012-11-09 07:29; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.4 FF - ExtSQL: !HIDDEN! 2012-05-14 14:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-RegistryMechanic - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-09 13:46 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): Het proces heeft geen toegang tot het bestand omdat het bestand door een ander proces wordt gebruikt. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Voltooingstijd: 2012-11-09 13:54:16 ComboFix-quarantined-files.txt 2012-11-09 12:54 . Pre-Run: 29.407.600.640 bytes beschikbaar Post-Run: 29.436.334.080 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 31898D16394EED6CFC2A222F5A923755 ComboFix-quarantined-files 2012-11-09 12:51:44 . 2012-11-09 12:51:45 103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-RegistryMechanic.reg.dat 2012-11-09 12:40:09 . 2012-11-09 12:40:09 5,037 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-11-09 12:21:37 . 2012-11-09 12:21:38 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-10-13 11:53:17 . 2012-10-13 11:53:17 17,600 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Gebruiker\Application Data\ACD Systems\ACDSee\ImageDB.ddf.vir 2012-10-08 06:56:34 . 2012-03-14 13:47:42 17,464 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\roboot.exe.vir 2012-05-14 08:54:57 . 2012-05-14 08:54:57 44 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msssc.dll.vir 2012-05-14 07:26:51 . 2003-04-08 12:00:00 520,192 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\wmpvis.dll.vir Groet, Ten -
claro search probleem is niet te verwijderen help
ten reageerde op ten's topic in Archief Bestrijding malware & virussen
Ik heb alles gedaan zoals beschreven,maar helaas Claro search is er nog steeds. Toch bedank Groet, Ten -
claro search probleem is niet te verwijderen help
ten reageerde op ten's topic in Archief Bestrijding malware & virussen
Thanks Jion:-) -
claro search probleem is niet te verwijderen help
ten plaatste een topic in Archief Bestrijding malware & virussen
Ik heb al een logje gemaakt in HijackThis. kan niemand mij vertellen wat ik daar uit moet verwijderen? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:29:14, on 9-11-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HDDSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Hard Drive Inspector\HDInspector.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Desktop Tray Clock\DTClock.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Yz Shadow\YzShadow.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [setRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe O4 - HKLM\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Yz Shadow.lnk = C:\Program Files\Yz Shadow\YzShadow.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Sitecom 300N USB Wireless LAN Utility.lnk = C:\Program Files\SITECOM\300N USB Wireless LAN Utility\RtWLan.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350019820671 O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (Atomic Clock) - C:\WINDOWS\system32\HDDSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 8493 bytes Dank Ten
