lilythelen
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door lilythelen
-
-
Kape,
Volgens mij werkt alles weer...........!!
Dus ik denk dat ik je laatste stap maar oversla, bang dat ik de laptop dan weer door de war breng..
Bedankt voor al je goede én snelle hulp!!
-
ComboFix 09-09-25.01 - lily 27-09-2009 0:03.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1200 [GMT 2:00]
Gestart vanuit: c:\users\lily\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare - Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))))
.
2009-09-26 22:11 . 2009-09-26 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-26 22:11 . 2009-09-26 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-25 12:05 . 2009-09-25 12:05 -------- d-----w- c:\program files\Trend Micro
2009-09-24 06:22 . 2009-09-24 06:22 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-22 14:17 . 2009-09-22 14:17 -------- d-----w- C:\Sounds
2009-09-22 13:44 . 2009-09-22 21:05 -------- d-----w- c:\program files\DivX
2009-09-22 13:38 . 2009-09-22 14:18 -------- d-----w- c:\users\lily\AppData\Roaming\LG Electronics
2009-09-09 11:18 . 2009-09-09 11:18 -------- d-----w- c:\programdata\Zylom
2009-09-08 05:49 . 2009-09-21 05:32 -------- d-----w- c:\users\lily\Office Genuine Advantage
2009-09-04 15:00 . 2009-09-04 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-04 14:53 . 2009-09-04 21:22 -------- d-----w- c:\users\lily\Tracing
2009-09-04 14:51 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-04 14:50 . 2009-09-04 14:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-04 14:49 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-04 14:49 . 2009-09-04 14:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-04 14:47 . 2009-09-04 14:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-04 14:47 . 2009-09-04 14:51 -------- d-----w- c:\program files\Windows Live
2009-09-04 09:29 . 2009-09-04 09:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-04 09:27 . 2009-09-04 14:48 -------- d-----w- c:\program files\Microsoft
2009-09-04 09:11 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 09:11 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 21:21 . 2009-04-08 06:56 -------- d-----w- c:\programdata\Google Updater
2009-09-26 17:08 . 2009-01-20 17:52 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-25 12:13 . 2008-12-08 18:29 6944 ----a-w- c:\users\lily\AppData\Local\d3d9caps.dat
2009-09-24 19:00 . 2009-03-09 06:33 -------- d-----w- c:\programdata\NOS
2009-09-24 18:59 . 2009-03-09 06:33 -------- d-----w- c:\program files\NOS
2009-09-23 14:29 . 2008-06-07 02:35 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-09-23 14:29 . 2008-06-07 02:35 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-09-22 21:12 . 2008-06-06 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 13:26 . 2009-03-08 18:31 -------- d-----w- c:\program files\Google
2009-09-10 20:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 20:53 . 2009-03-02 22:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 06:08 . 2009-04-11 09:49 -------- d-----w- c:\users\lily\AppData\Roaming\Zylom
2009-08-14 16:27 . 2009-09-10 17:15 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:15 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:15 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:15 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:15 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:15 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:15 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:15 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:15 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 09:56 . 2009-01-20 17:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-11 08:11 . 2008-06-06 18:23 -------- d-----w- c:\program files\Java
2009-08-07 11:40 . 2009-06-12 17:18 -------- d-----w- c:\users\lily\AppData\Roaming\PlayFirst
2009-08-07 11:40 . 2009-06-12 17:18 -------- d-----w- c:\programdata\PlayFirst
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2008-12-09 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 11:59 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 07:05 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 07:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 07:05 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 07:05 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 07:05 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 17:15 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 17:15 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 17:15 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 17:15 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-10 17:15 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 11:24 . 2009-07-10 11:24 307568 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-05 09:22 . 2008-12-06 09:09 70952 ----a-w- c:\users\lily\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-09-26_06.00.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-26 22:00 53118 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 00:13 . 2009-09-26 22:00 12330 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4205627522-118475122-458670407-1000_UserData.bin
+ 2008-10-28 22:39 . 2009-09-26 21:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-28 22:39 . 2009-09-26 05:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-28 22:39 . 2009-09-26 21:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-28 22:39 . 2009-09-26 05:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-06 09:51 . 2009-09-25 20:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-06 09:51 . 2009-09-26 21:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-06 09:51 . 2009-09-25 20:54 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 09:51 . 2009-09-26 21:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-06 09:51 . 2009-09-25 20:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-06 09:51 . 2009-09-26 21:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-26 21:58 . 2009-09-26 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-26 21:58 . 2009-09-26 21:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-09-26 22:00 103678 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-28 22:39 . 2009-09-26 21:58 851968 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-28 22:39 . 2009-09-26 05:59 851968 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:8a,ae,61,c8,53,00,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D41394BD-3104-42F5-85FD-1DC6714D1D20}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{9AB66611-15CE-48A1-B678-772A1CA51ED2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6FB5DCF0-4FDD-466C-9394-D00EE15BA2AC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7F6DB5AA-820F-4212-B783-3522AC4A0DCB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1E34E744-6594-43D5-84C9-A747DFDBDE17}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0174B898-7CEF-4012-8356-1F11BC78BA39}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D739E3FE-73C2-4AAD-A8A3-8B8026D0F245}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{75B0AFA2-7015-41C6-BD55-D79F41220450}"= UDP:c:\program files\Internet Veiligheidspakket\backweb\1334668\Program\fspex.exe:Internet Veiligheidspakket
"{E3B04109-F326-4B8A-9857-29889F1C410E}"= TCP:c:\program files\Internet Veiligheidspakket\backweb\1334668\Program\fspex.exe:Internet Veiligheidspakket
"{6933860F-B1DE-435E-A12C-1174F36EC70B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0E9989D-9086-42EA-BE78-EB69B592B142}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B4D6153B-FB3C-44F0-8047-CD73EC48ECF1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66E140E2-A4D2-43AB-B226-EF333688ED9D}"= Disabled:UDP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"{C60673EE-B537-4D8C-BEA3-3A14D2C39E4D}"= Disabled:TCP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"{EA270BBB-4496-46C0-B802-FE6C0384CFED}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{6DFF8191-2312-4D87-B5A1-B509FFAF0A2A}"= UDP:63331:Windows Live OneCare
"{489ACDD5-BB12-4DA7-B7B0-7B28F1397989}"= UDP:63331:Windows Live OneCare
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [29-10-2008 0:56 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090102.001\IDSvix86.sys [9-1-2009 9:32 270384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [29-10-2008 0:51 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-1-2008 4:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18-3-2008 17:24 19456]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [9-7-2009 12:15 26104]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6-6-2008 20:18 341328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6-6-2008 19:25 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23-1-2008 23:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1-4-2008 13:14 81296]
S2 gupdate1c9b8173f8773d0;Google Updateservice (gupdate1c9b8173f8773d0);c:\program files\Google\Update\GoogleUpdate.exe [8-4-2009 8:57 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-3-2009 16:28 1533808]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4-9-2009 16:51 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 06:56]
2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 06:57]
2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 06:57]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{426031BE-D89F-420F-8A45-2890894B5445}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-27 00:11
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2009-09-26 0:14
ComboFix-quarantined-files.txt 2009-09-26 22:14
ComboFix2.txt 2009-09-26 21:53
ComboFix3.txt 2009-09-26 06:05
Pre-Run: 99.123.183.616 bytes beschikbaar
Post-Run: 99.026.632.704 bytes beschikbaar
234 --- E O F --- 2009-09-10 20:58
-
Kape,
Jazeker, ik kan mijn mail op op hetnet.nl weer bekijken, maar er zijn nog steeds pagina's waar ik niet door heen kom.
Maar het is inderdaad een stuk verbeterd!!
Ik heb overigens IE7 nu ineens weer op mijn laptop, terwijl ik 8 had??
-
oke kape bedankt, nu is het wel gelukt:ComboFix 09-09-25.01 - lily 26-09-2009 7:48.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1235 [GMT 2:00]
Gestart vanuit: c:\users\lily\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare - Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-4205627522-118475122-458670407-500
c:\$recycle.bin\S-1-5-21-956569188-2611845445-1188343954-500
C:\install.exe
c:\windows\Installer\1ef2f.msi
c:\windows\system32\drivers\RKHit.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
(((((((((((((((((((( Bestanden Gemaakt van 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))))
.
2009-09-26 05:57 . 2009-09-26 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-25 12:05 . 2009-09-25 12:05 -------- d-----w- c:\program files\Trend Micro
2009-09-24 06:22 . 2009-09-24 06:22 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-22 14:17 . 2009-09-22 14:17 -------- d-----w- C:\Sounds
2009-09-22 13:44 . 2009-09-22 21:05 -------- d-----w- c:\program files\DivX
2009-09-22 13:38 . 2009-09-22 14:18 -------- d-----w- c:\users\lily\AppData\Roaming\LG Electronics
2009-09-09 11:18 . 2009-09-09 11:18 -------- d-----w- c:\programdata\Zylom
2009-09-08 05:49 . 2009-09-21 05:32 -------- d-----w- c:\users\lily\Office Genuine Advantage
2009-09-04 15:00 . 2009-09-04 15:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-04 14:53 . 2009-09-04 21:22 -------- d-----w- c:\users\lily\Tracing
2009-09-04 14:51 . 2009-08-05 20:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-09-04 14:50 . 2009-09-04 14:50 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-04 14:49 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-04 14:49 . 2009-09-04 14:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-04 14:47 . 2009-09-04 14:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-04 14:47 . 2009-09-04 14:51 -------- d-----w- c:\program files\Windows Live
2009-09-04 09:29 . 2009-09-04 09:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-04 09:27 . 2009-09-04 14:48 -------- d-----w- c:\program files\Microsoft
2009-09-04 09:11 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 09:11 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 20:20 . 2009-04-08 06:56 -------- d-----w- c:\programdata\Google Updater
2009-09-25 12:13 . 2008-12-08 18:29 6944 ----a-w- c:\users\lily\AppData\Local\d3d9caps.dat
2009-09-25 11:34 . 2009-01-20 17:52 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-24 19:00 . 2009-03-09 06:33 -------- d-----w- c:\programdata\NOS
2009-09-24 18:59 . 2009-03-09 06:33 -------- d-----w- c:\program files\NOS
2009-09-23 14:29 . 2008-06-07 02:35 667352 ----a-w- c:\windows\system32\perfh013.dat
2009-09-23 14:29 . 2008-06-07 02:35 126854 ----a-w- c:\windows\system32\perfc013.dat
2009-09-22 21:12 . 2008-06-06 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 13:26 . 2009-03-08 18:31 -------- d-----w- c:\program files\Google
2009-09-10 20:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 20:53 . 2009-03-02 22:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 06:08 . 2009-04-11 09:49 -------- d-----w- c:\users\lily\AppData\Roaming\Zylom
2009-08-14 16:27 . 2009-09-10 17:15 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 17:15 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 17:15 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 17:15 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 17:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 17:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 17:15 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 17:15 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 17:15 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 17:15 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 17:15 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 09:56 . 2009-01-20 17:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-11 08:11 . 2008-06-06 18:23 -------- d-----w- c:\program files\Java
2009-08-07 11:40 . 2009-06-12 17:18 -------- d-----w- c:\users\lily\AppData\Roaming\PlayFirst
2009-08-07 11:40 . 2009-06-12 17:18 -------- d-----w- c:\programdata\PlayFirst
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2008-12-09 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 11:59 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 11:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 11:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 11:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 07:05 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 07:05 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 07:05 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 07:05 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 07:05 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-10 17:15 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-10 17:15 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-10 17:15 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-10 17:15 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-10 17:15 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 11:24 . 2009-07-10 11:24 307568 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-05 09:22 . 2008-12-06 09:09 70952 ----a-w- c:\users\lily\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:8a,ae,61,c8,53,00,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D41394BD-3104-42F5-85FD-1DC6714D1D20}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{9AB66611-15CE-48A1-B678-772A1CA51ED2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6FB5DCF0-4FDD-466C-9394-D00EE15BA2AC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7F6DB5AA-820F-4212-B783-3522AC4A0DCB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1E34E744-6594-43D5-84C9-A747DFDBDE17}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0174B898-7CEF-4012-8356-1F11BC78BA39}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D739E3FE-73C2-4AAD-A8A3-8B8026D0F245}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{75B0AFA2-7015-41C6-BD55-D79F41220450}"= UDP:c:\program files\Internet Veiligheidspakket\backweb\1334668\Program\fspex.exe:Internet Veiligheidspakket
"{E3B04109-F326-4B8A-9857-29889F1C410E}"= TCP:c:\program files\Internet Veiligheidspakket\backweb\1334668\Program\fspex.exe:Internet Veiligheidspakket
"{6933860F-B1DE-435E-A12C-1174F36EC70B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A0E9989D-9086-42EA-BE78-EB69B592B142}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B4D6153B-FB3C-44F0-8047-CD73EC48ECF1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66E140E2-A4D2-43AB-B226-EF333688ED9D}"= Disabled:UDP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"{C60673EE-B537-4D8C-BEA3-3A14D2C39E4D}"= Disabled:TCP:c:\program files\KCeasy\giFT\giFTl.exe:giFT Loader for KCeasy
"{EA270BBB-4496-46C0-B802-FE6C0384CFED}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EC3D6649-03BA-43B7-AB84-DF2A288E6D2F}"= UDP:63331:Windows Live OneCare
"{CA00C768-5AF5-48DA-9F24-FDF856A0B9FD}"= UDP:63331:Windows Live OneCare
"{BE83D0EB-5E42-4119-B0D5-4A5A202CD9D8}"= UDP:63331:Windows Live OneCare
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [29-10-2008 0:56 15416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090102.001\IDSvix86.sys [9-1-2009 9:32 270384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [29-10-2008 0:51 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-1-2008 4:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18-3-2008 17:24 19456]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [9-7-2009 12:15 26104]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6-6-2008 20:18 341328]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30-3-2009 16:28 1533808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6-6-2008 19:25 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23-1-2008 23:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1-4-2008 13:14 81296]
S2 gupdate1c9b8173f8773d0;Google Updateservice (gupdate1c9b8173f8773d0);c:\program files\Google\Update\GoogleUpdate.exe [8-4-2009 8:57 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4-9-2009 16:51 54632]
S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map
2009-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 06:56]
2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 06:57]
2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 06:57]
2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{426031BE-D89F-420F-8A45-2890894B5445}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=Pavilion&pf=cnnb
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
.
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\windows\System32\Narrator.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Voltooingstijd: 2009-09-26 8:05 - machine werd herstart
ComboFix-quarantined-files.txt 2009-09-26 06:05
Pre-Run: 99.526.475.776 bytes beschikbaar
Post-Run: 99.325.206.528 bytes beschikbaar
248 --- E O F --- 2009-09-10 20:58
---------- Post toegevoegd om 08:14 ---------- Vorige post was om 08:10 ----------
---------- Post toegevoegd om 08:16 ---------- Vorige post was om 08:14 ----------
Hallo Angel,
Alle hulp is welkom hoor!
Als ik je instructies opvolg krijg ik de volgende mededeling:
De opdracht set global is mislukt op IPv4 U hebt niet de benodigde bevoegdheden voor deze bewerking
Helaas mislukt.
-
Geen logje, want na tig keer herstarten, want de pagina kan telkens niet worden weer gegeven........ en dan
helaas, na windows live onecare te hebben uitgeschakeld krijg ik de volgende fout melding bij het installeren (poging) van combofix:
U kunt combofix niet herbenoemen als combofix[1]
Gelieve een andere naam te gebruiken, bij voorkeur opgebouwd uit
alfanumerische karakters.
Waar zou ik dit kunnen (en hoe..) doen.
-
Volledige acracradabra (voor mij..):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:04, on 25-9-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hyves.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Hyves
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/54.14/uploader2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate1c9b8173f8773d0) (gupdate1c9b8173f8773d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
--
End of file - 10611 bytes
Kun je hier iets mee?
Alvast bedankt.
-
Op mijn laptop kunnen sommige pagina's niet worden weergegeven.
Ik kan wel hetnetmail openen, maar de mail wordt niet geladen, hyves doet het wel gewoon, maar diverse andere websites niet.
Mijn pc en de andere aanwezige laptop werken wel.
AL van alles geprobeerd, en verbindingsproblemen zijn er niet.
Wie weet raad?
[OPGELOST] pagina kan niet worden weergeegeven
in Archief Windows Algemeen
Geplaatst:
Bedankt, alleen het laatste herstelpunt heb ik weer ongedaan gemaak, want toen was ik weer bij af...........waarschijnlijk een herstelpunt van de oude situatie gemaakt?
Voor de rest doet de laptop het nu weer, dus bedankt voor je hulp