daveEHV
-
Items
203 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door daveEHV
-
ok dank je dan kan dit topic gesloten worden vriendelijk bedankt mvg dave
-
ja hij is al wat ouder sorry dat ik zo laat reageer maar verloor gister de verbinding terwijl ik het antwoord al had gegeven en ja ik zit in nederland en ja hij is al wat ouder misschien moet ik eens gewoon naar de telfort winkel om een nieuwere versie router te halen mvg dave
-
dag kape ik heb het in de veilige modus geprobeerd maar ook geen succes hier het log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:18:00, on 20-8-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Users\dave\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 4866 bytes
-
nee wel met mijn black berry kan ik inloggen alleen niet met mijn laptop
-
dag kape hier eerst het combo log en heb ook meteen een nieuwe hijack scan gedaan: ComboFix 11-08-19.02 - dave 20-08-2011 18:39:22.6.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.2025 [GMT 2:00] Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\dave\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ETBVIXDZD -------\Service_HQKWI -------\Service_JEBDCL . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))) . . 2011-08-20 16:46 . 2011-08-20 17:08 -------- d-----w- c:\users\dave\AppData\Local\temp 2011-08-20 16:46 . 2011-08-20 16:46 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-08-20 16:46 . 2011-08-20 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 11:07 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{613CE176-5BE9-49FD-92F8-7923C9B0EC6C}\mpengine.dll 2011-08-19 10:54 . 2011-08-19 11:45 -------- d-----w- c:\windows\$regcmp$ 2011-08-19 10:47 . 2011-08-19 10:47 -------- d-----w- c:\program files\Registry Clean Expert 2011-08-18 17:43 . 2011-08-19 22:14 -------- d-----w- c:\program files\Defraggler 2011-08-16 19:54 . 2011-08-16 19:54 -------- d-----w- c:\program files\Speccy 2011-08-15 18:52 . 2011-08-15 18:52 53248 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2011-08-14 17:27 . 2011-08-14 17:28 -------- d-----w- c:\program files\SopCast 2011-08-14 16:37 . 2011-08-14 16:37 -------- d-----w- c:\users\dave\AppData\Roaming\Research In Motion 2011-08-14 16:35 . 2011-08-14 16:35 -------- d-----w- c:\programdata\Research In Motion 2011-08-14 16:35 . 2011-08-14 16:35 -------- d-----w- c:\program files\Research In Motion 2011-08-11 11:28 . 2011-08-11 11:28 -------- d-----w- c:\users\dave\AppData\Roaming\SeriousBit 2011-08-10 21:15 . 2011-08-14 16:35 -------- d-----w- c:\program files\Common Files\Research In Motion 2011-08-10 21:15 . 2011-08-10 21:15 -------- d-----w- c:\program files\Research In Motion Limited 2011-08-10 19:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-10 19:36 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 19:36 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-08-10 19:36 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-10 19:36 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 19:36 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-09 22:43 . 2011-08-09 22:46 256 ----a-w- c:\windows\system32\pool.bin 2011-07-29 23:15 . 2011-07-29 23:15 -------- d-----w- c:\users\dave\AppData\Roaming\Foxit Software 2011-07-27 22:15 . 2011-07-27 22:15 21373 ----a-w- c:\windows\cscmondump.bin 2011-07-27 21:14 . 2011-07-27 21:14 -------- d-----w- c:\users\dave\AppData\Local\MindGems 2011-07-27 21:14 . 2011-07-27 21:14 -------- d-----w- c:\program files\Folder Size 2011-07-24 21:52 . 2011-08-14 16:37 -------- d-----w- c:\users\dave\AppData\Local\Research In Motion 2011-07-24 21:52 . 2009-01-09 14:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-12 17:05 . 2011-05-18 21:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 17:52 . 2010-12-25 20:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2010-12-25 20:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-02-03 20:59 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-02-03 20:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-02-03 20:59 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-16 10:19 . 2011-01-08 17:08 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-06-14 14:05 . 2010-10-05 20:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 13:34 . 2011-07-12 20:04 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2010-10-04 23:52 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0cnat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart] 2008-12-25 11:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent] 2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent] 2008-12-25 11:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent] 2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut] 2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut] 2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] 2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R0 pavboot;pavboot; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map . 2011-07-07 c:\windows\Tasks\HPCeeScheduleFordave.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.orbitdownloader.com mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-20 19:08 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48, c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3 "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=hex:51,66,7a,6c,4c,1d,38,12,84,00,2b, 4f,02,1c,ad,08,d8,ea,70,23,8a,63,71,56 "{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12, 04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00 "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=hex:51,66,7a,6c,4c,1d,38,12,9e,08,a1, 18,9c,f5,c9,05,ec,e2,27,75,fa,63,40,05 "{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c, 2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e, 5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:6b,e1,6d,9f,26,1b,cc,01 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\windows\system32\conime.exe . ************************************************************************** . Voltooingstijd: 2011-08-20 19:11:52 - machine werd herstart ComboFix-quarantined-files.txt 2011-08-20 17:11 ComboFix2.txt 2011-08-20 11:05 ComboFix3.txt 2011-05-24 19:49 . Pre-Run: 212.373.528.576 bytes beschikbaar Post-Run: 212.164.030.464 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - C846B73632468E3703F718DA031121EC en hier het nieuwe hijack log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:16:31, on 20-8-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\System32\notepad.exe C:\Users\dave\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 5370 bytes ---------- Post toegevoegd om 19:27 ---------- Vorige post was om 19:19 ---------- beste kape ik zie dat ie nog steeds dat : O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) er niet uit is. ook zit ik nu in de tuin met laptop en dat is 4meter verwijderd van mijn zyxel met antenne erop en hij gooit gewoon de verbinding eruit??? de pc draait wel soepeler had hem ook al een keer gereset gister. ik hoor wel of er nog iets gedaan kan worden. mvg dave
-
Goeiemiddag kape bij deze het combo log: ComboFix 11-08-19.02 - dave 20-08-2011 12:56:28.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1764 [GMT 2:00] Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe C:\ipconfig.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))) . . 2011-08-19 11:07 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{613CE176-5BE9-49FD-92F8-7923C9B0EC6C}\mpengine.dll 2011-08-19 10:54 . 2011-08-19 11:45 -------- d-----w- c:\windows\$regcmp$ 2011-08-19 10:47 . 2011-08-19 10:47 -------- d-----w- c:\program files\Registry Clean Expert 2011-08-18 17:43 . 2011-08-19 22:14 -------- d-----w- c:\program files\Defraggler 2011-08-16 19:54 . 2011-08-16 19:54 -------- d-----w- c:\program files\Speccy 2011-08-15 18:52 . 2011-08-15 18:52 53248 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2011-08-14 17:27 . 2011-08-14 17:28 -------- d-----w- c:\program files\SopCast 2011-08-14 16:37 . 2011-08-14 16:37 -------- d-----w- c:\users\dave\AppData\Roaming\Research In Motion 2011-08-14 16:35 . 2011-08-14 16:35 -------- d-----w- c:\programdata\Research In Motion 2011-08-14 16:35 . 2011-08-14 16:35 -------- d-----w- c:\program files\Research In Motion 2011-08-11 11:28 . 2011-08-11 11:28 -------- d-----w- c:\users\dave\AppData\Roaming\SeriousBit 2011-08-10 21:15 . 2011-08-14 16:35 -------- d-----w- c:\program files\Common Files\Research In Motion 2011-08-10 21:15 . 2011-08-10 21:15 -------- d-----w- c:\program files\Research In Motion Limited 2011-08-10 19:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-10 19:36 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 19:36 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-08-10 19:36 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-10 19:36 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 19:36 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-09 22:43 . 2011-08-09 22:46 256 ----a-w- c:\windows\system32\pool.bin 2011-07-29 23:15 . 2011-07-29 23:15 -------- d-----w- c:\users\dave\AppData\Roaming\Foxit Software 2011-07-27 22:15 . 2011-07-27 22:15 21373 ----a-w- c:\windows\cscmondump.bin 2011-07-27 21:14 . 2011-07-27 21:14 -------- d-----w- c:\users\dave\AppData\Local\MindGems 2011-07-27 21:14 . 2011-07-27 21:14 -------- d-----w- c:\program files\Folder Size 2011-07-24 21:52 . 2011-08-14 16:37 -------- d-----w- c:\users\dave\AppData\Local\Research In Motion 2011-07-24 21:52 . 2009-01-09 14:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-12 17:05 . 2011-05-18 21:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-06 17:52 . 2010-12-25 20:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2010-12-25 20:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-02-03 20:59 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-02-03 20:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-02-03 20:59 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-16 10:19 . 2011-01-08 17:08 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-06-14 14:05 . 2010-10-05 20:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-02 13:34 . 2011-07-12 20:04 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-05-24 17:14 . 2010-10-04 23:52 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0cnat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart] 2008-12-25 11:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent] 2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent] 2008-12-25 11:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent] 2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut] 2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut] 2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut] 2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R0 pavboot;pavboot; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] R3 ETBVIXDZD;ETBVIXDZD; [x] R3 HQKWI;HQKWI; [x] R3 JEBDCL;JEBDCL; [x] R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map . 2011-07-07 c:\windows\Tasks\HPCeeScheduleFordave.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.orbitdownloader.com mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-08-20 13:02 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48, c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3 "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=hex:51,66,7a,6c,4c,1d,38,12,84,00,2b, 4f,02,1c,ad,08,d8,ea,70,23,8a,63,71,56 "{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12, 04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00 "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=hex:51,66,7a,6c,4c,1d,38,12,9e,08,a1, 18,9c,f5,c9,05,ec,e2,27,75,fa,63,40,05 "{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c, 2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e, 5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:6b,e1,6d,9f,26,1b,cc,01 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-08-20 13:05:31 ComboFix-quarantined-files.txt 2011-08-20 11:05 ComboFix2.txt 2011-05-24 19:49 . Pre-Run: 212.583.497.728 bytes beschikbaar Post-Run: 212.533.964.800 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 893C4E36756D255C8C9B32DED86DC527
-
hallo kape bij deze het hijack log en ik start de hijack altijd op als admin Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:04:03, on 19-8-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Folder Size\FolderSize.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\dave\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: HQKWI - Hewlett-Packard Company - (no file) O23 - Service: JEBDCL - Integrated Technology Express, Inc. - (no file) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 5535 bytes
-
hallo kape als admin die opdrachten uitvoeren, bedoel je dan via CMD die opdrachten uitvoeren???
-
hallo kape Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7506 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 19-8-2011 12:21:49 mbam-log-2011-08-19 (12-21-49).txt Scantype: Snelle scan Objecten gescand: 166931 Verstreken tijd: 3 minuut/minuten, 25 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ik heb de spyshelter met revo eraf gehaald en krijg geen fout melding meer wanneer ik hijack open. Ik een reboot gedaan en opnieuw hijack gestart dus heb nu een nieuw log zonder fout melding van hijack. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:36:45, on 19-8-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Users\dave\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: HQKWI - Hewlett-Packard Company - (no file) O23 - Service: JEBDCL - Integrated Technology Express, Inc. - (no file) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 5253 bytes
-
ok ik had problemen met het opstarten van hijackthis hij gaf 3 error reports ik heb toch een scan gemaakt maar eerst de drie error reports: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:30:08, on 18-8-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SpyShelter Personal Free\SpyShelter.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\dave\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKCU\..\Run: [spyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe O4 - Global Startup: Secunia PSI Tray.lnk O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: HQKWI - Hewlett-Packard Company - (no file) O23 - Service: JEBDCL - Integrated Technology Express, Inc. - (no file) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 5969 bytes en hier is de speccy link: http://speccy.piriform.com/results/mxHc8uAi6qn1cIkLcTZRkwk mvg dave
-
nou het signaal is zwak maar nog nooit gehad dat hij me eruit gooit en kan dan niet meer verbinden. ik kan wel op het inlog scherm komen maar kan niet inloggen, wat vreemd is want als ik mijn wifi op mijn blackberry gebruik dan werkt mijn pass wel voor verbinden met netwerk
-
Ik vond al een topic over deze kwestie maar kwam daar niet verder mee omdat het al twee dagen niet beantwoord is. Dit is ineens sinds een paar dagen dat mijn signaal zo slecht is dat hij telkens uitvalt maar kan dan ook niet weer opnieuw connecten. ik heb een zyxel wireless router P-2602HW-D1A http://speccy.piriform.com/results/V4yi8g0NF7Mf7TbhGtJaZfD dit is de speccy logje en ook meteen de ipconfig: Windows IP-configuratie Hostnaam . . . . . . . . . . . . : PC_van_dave Primair DNS-achtervoegsel . . . . : Knooppunttype . . . . . . . . . . : hybride IP-routering ingeschakeld . . . . : nee WINS-proxy ingeschakeld . . . . . : nee DNS-achtervoegselzoeklijst. . . . : lokaal Adapter voor draadloos LAN Draadloze netwerkverbinding: Verbindingsspec. DNS-achtervoegsel: lokaal Beschrijving. . . . . . . . . . . : Broadcom 802.11b/g-netwerkadapter Fysiek adres. . . . . . . . . . . : 00-26-5E-64-C5-AF DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Link-local IPv6-adres . . . . . . : fe80::cc43:cebc:370:bf23(voorkeur) IPv4-adres. . . . . . . . . . . . : 192.168.1.35(voorkeur) Subnetmasker. . . . . . . . . . . : 255.255.255.0 Lease verkregen . . . . . . . . . : dinsdag 16 augustus 2011 21:08:24 Lease verlopen. . . . . . . . . . : woensdag 17 augustus 2011 5:08:24 Standaardgateway. . . . . . . . . : 192.168.1.254 DHCP-server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 268445278 DHCPv6-client DUID. . . . . . . . : 00-01-00-01-14-35-06-B9-00-23-8B-A1-9A-58 DNS-servers . . . . . . . . . . . : 192.168.1.254 195.241.77.55 195.241.77.58 NetBIOS via TCPIP . . . . . . . . : ingeschakeld Ethernet-adapter LAN-verbinding: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: lokaal Beschrijving. . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) Fysiek adres. . . . . . . . . . . : 00-23-8B-A1-9A-58 DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Tunnel-adapter LAN-verbinding* 6: Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Fysiek adres. . . . . . . . . . . : 02-00-54-55-4E-01 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fb:36:175b:3f57:fedc(voorkeur) Link-local IPv6-adres . . . . . . : fe80::36:175b:3f57:fedc(voorkeur) Standaardgateway. . . . . . . . . : :: NetBIOS via TCPIP . . . . . . . . : uitgeschakeld Tunnel-adapter LAN-verbinding* 7: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: lokaal Beschrijving. . . . . . . . . . . : isatap.lokaal Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja mvg dave
-
beste kape hij had niets gevonden dus wat mij betreft kan dit topic gesloten worden. mvg dave
-
hallo kape ik heb de rootkitbuster maar meteen verwijderd. heb wel een log voor de eset ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=38f2604ba873b7419709f2c77dca77f7 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-30 08:12:46 # local_time=2010-07-30 10:12:46 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2304 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 162 162 0 0 # scanned=48417 # found=3 # cleaned=3 # scan_time=3285 H:\Documenten en settings\Lies\Local Settings\Temp\page.html Win32/Adware.XPPoliceAntivirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C H:\Documenten en settings\Lies\Local Settings\Temp\NI.UGESM_0001_N122M0303\setup.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C H:\Documenten en settings\peer\Local Settings\Temp\page.html Win32/Adware.XPPoliceAntivirus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=38f2604ba873b7419709f2c77dca77f7 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-08-02 01:37:24 # local_time=2010-08-02 03:37:24 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=2304 16777175 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 236080 236080 0 0 # scanned=48684 # found=1 # cleaned=1 # scan_time=2860 H:\Documenten en settings\Lies\Application Data\setup_nl[1].exe a variant of Win32/Adware.WinFixer application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=38f2604ba873b7419709f2c77dca77f7 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-31 05:11:24 # local_time=2011-05-31 07:11:24 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 9683747 9683747 0 0 # compatibility_mode=1029 16777214 0 1 9686481 9686481 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 26344446 26344446 0 0 # scanned=3494 # found=0 # cleaned=0 # scan_time=51 esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=38f2604ba873b7419709f2c77dca77f7 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-05-31 06:09:08 # local_time=2011-05-31 08:09:08 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 9684007 9684007 0 0 # compatibility_mode=1029 16777214 0 1 9686741 9686741 0 0 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 26344706 26344706 0 0 # scanned=47982 # found=2 # cleaned=2 # scan_time=3252 C:\Documents and Settings\Lies\Bureaublad\Ongebruikte bureaubladpictogrammen\BearShareRemovalTool.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C H:\lies haar spellen\BandooV6.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C mvg dave
-
hallo kape hier het log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:27:21, on 30-5-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Secunia\PSI\sua.exe c:\program files\teamviewer\version6\TeamViewer_Desktop.exe C:\Program Files\TeamViewer\Version6\tv_w32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\bureaublad\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - Alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'SYSTEM') O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user') O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220607649250 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- End of file - 6979 bytes
-
hallo, nadat ik bij mezelf de rootkits heb kunnen verwijderen ben ik ook eens gaan kijken bij mijn moeder haar pc. de trend micro rootkit buster vond er 19 dus wil graag wat hulp hieronder het log van de rootkit buster +---------------------------------------------------- | Trend Micro RootkitBuster | Module version: 3.60.0.1016 | Computer Name: LIES-BF5C116064 | User Name: Lies +---------------------------------------------------- --== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. --== Service Win32 API Hook List ==-- [HOOKED_SERVICE_API]: Service API : ZwAllocateVirtualMemory Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8059deea CurrentHandler : 0xf53aa728 ServiceNumber : 0x11 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwClose Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805b1d8e CurrentHandler : 0xf53b17ea ServiceNumber : 0x19 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061acec CurrentHandler : 0xf53b16a2 ServiceNumber : 0x29 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061b188 CurrentHandler : 0xf53b1ca8 ServiceNumber : 0x3f ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteValueKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061b358 CurrentHandler : 0xf53b1bbe ServiceNumber : 0x41 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDuplicateObject Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805b39a2 CurrentHandler : 0xf53b1276 ServiceNumber : 0x44 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwFreeVirtualMemory Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805a8544 CurrentHandler : 0xf53aa7d8 ServiceNumber : 0x53 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061c0ca CurrentHandler : 0xf53b177e ServiceNumber : 0x77 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenProcess Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805c13f8 CurrentHandler : 0xf53b11b2 ServiceNumber : 0x7a ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenThread Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805c1684 CurrentHandler : 0xf53b1218 ServiceNumber : 0x80 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwProtectVirtualMemory Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x805adb5c CurrentHandler : 0xf53aa870 ServiceNumber : 0x89 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwQueryValueKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x80618f10 CurrentHandler : 0xf53b18c2 ServiceNumber : 0xb1 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwRenameKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061a70e CurrentHandler : 0xf53b1d76 ServiceNumber : 0xc0 ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwRestoreKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061c6cc CurrentHandler : 0xf53b1880 ServiceNumber : 0xcc ModuleName : aswSP.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSetValueKey Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS OriginalHandler : 0x8061925e CurrentHandler : 0xf53b1a04 ServiceNumber : 0xf7 ModuleName : aswSP.SYS SDTType : 0x0 --== Dump Hidden Port ==-- No hidden ports found. --== Dump Kernel Code Patching ==-- [KERNEL_CODE][PATCHED]: Service API : ZwCreateProcessEx Address : 805C74CC CurrentCode : E96173DF74 ExpectedCode : 6A0C68D89E ServiceNumber : 0x30 SDTType : 0x0 [KERNEL_CODE][PATCHED]: Service API : ZwCreateSection Address : 805A0816 CurrentCode : E93BDEE174 ExpectedCode : 6A2C680893 ServiceNumber : 0x32 SDTType : 0x0 [KERNEL_CODE][PATCHED]: Service API : ZwLoadDriver Address : 8057969A CurrentCode : E9F150E474 ExpectedCode : 6A5468688C ServiceNumber : 0x61 SDTType : 0x0 3 Kernel code patching found. --== Dump Hidden Services ==-- No hidden services found.
-
rootkit verwijderen???
daveEHV reageerde op daveEHV's topic in Archief Bestrijding malware & virussen
beste kape thanks voor de uitleg, ik gebruik avast free al een tijdje die tegen virus en spyware zou werken maar toch moet ik die manueel starten ik gebruik ook spyware terminator die ook de clam anti virus ingebouwd heeft. Welke zou ik het beste aan kunnen houden of zouden ze samen kunnen werken??? verder kunnen we na antwoord gekregen te hebben op mijn vraag wat mij betreft dit topic sluiten mvg dave -
rootkit verwijderen???
daveEHV reageerde op daveEHV's topic in Archief Bestrijding malware & virussen
hallo kape hij is weer een stuk rustiger. welk programma raad je aan om de folder appdata local te legen? en welk anti spyware raad je aan?? -
rootkit verwijderen???
daveEHV reageerde op daveEHV's topic in Archief Bestrijding malware & virussen
hallo kape hier het logje ComboFix 11-05-23.02 - dave 24-05-2011 21:34:05.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1869 [GMT 2:00] Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\dave\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\F1C2.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dave\AppData\Local\{0417705E-9CF4-4B83-8802-06C58EE32E4F} c:\users\dave\AppData\Local\{0EDE1847-7C28-4418-A4CA-38153067286C} c:\users\dave\AppData\Local\{0F6AD030-40D6-4883-A172-6F39BE8378C6} c:\users\dave\AppData\Local\{26D10809-00FC-478A-B643-2E0C68323EDA} c:\users\dave\AppData\Local\{2A572BF1-506B-47B0-9890-7295C3275C63} c:\users\dave\AppData\Local\{517980E0-321D-4D1C-ACDE-22BB9E2E1E76} c:\users\dave\AppData\Local\{5DA76F98-08E0-4A1D-B372-BDD2D70CE9E1} c:\users\dave\AppData\Local\{67FDE300-9291-4825-8A1A-B869DB511D5B} c:\users\dave\AppData\Local\{69C0B85B-1242-413D-932E-3AA4704B79A9} c:\users\dave\AppData\Local\{7A5DBCAB-0759-4341-9F9C-5008022FEF4D} c:\users\dave\AppData\Local\{7EEE13A3-9750-4C0B-95B2-2D560771E494} c:\users\dave\AppData\Local\{80E24024-833E-4F33-8095-C23A945C78B3} c:\users\dave\AppData\Local\{82246EAC-7ACC-45F4-A9A1-7D7A795B92FC} c:\users\dave\AppData\Local\{89AE59F0-5CEF-4A16-8D96-B28505CC977D} c:\users\dave\AppData\Local\{96250F1B-6D72-4390-BB95-D53A551FF31D} c:\users\dave\AppData\Local\{9A117127-41E8-4B6F-9499-71DF81BA2354} c:\users\dave\AppData\Local\{C2C8AB6C-1929-4FA4-8DA6-4DA4AAB2B27E} c:\users\dave\AppData\Local\{C97A0840-4012-4D40-B3BA-66F185F7F3C2} c:\users\dave\AppData\Local\{D03F8755-F6E9-4613-8096-C81158EA3DC5} c:\users\dave\AppData\Local\{E018D9BC-F432-406F-B71C-6C8439449435} c:\users\dave\AppData\Local\{E34F4F97-CCA9-467E-94F3-04780C75E77E} c:\users\dave\AppData\Local\{E56DFD2B-2577-4902-AE5D-0DA61D5571DB} c:\users\dave\AppData\Local\{F58AE18C-FDAF-4123-B18E-D0539DA6328F} . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))) . . 2011-05-24 19:42 . 2011-05-24 19:44 -------- d-----w- c:\users\dave\AppData\Local\temp 2011-05-24 19:42 . 2011-05-24 19:42 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-05-24 19:42 . 2011-05-24 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-24 11:16 . 2011-05-24 11:16 -------- d-----w- c:\users\dave\AppData\Local\{DB6994CF-3B25-4A41-8B46-361739CFB166} 2011-05-24 10:15 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F18F99-7197-49A9-B9F0-4DE3E7AD82FA}\mpengine.dll 2011-05-24 00:12 . 2011-05-24 00:12 -------- d-----w- c:\programdata\Grisoft 2011-05-23 23:54 . 2011-05-23 23:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-05-23 23:35 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2011-05-23 23:35 . 2011-05-23 23:36 -------- d-----w- c:\program files\SpywareBlaster 2011-05-23 22:44 . 2011-05-24 00:31 -------- d-----w- c:\program files\ewido anti-malware 2011-05-23 22:40 . 2011-05-23 22:41 -------- d-----w- c:\users\dave\AppData\Roaming\GetRightToGo 2011-05-23 22:15 . 2011-05-23 22:15 388096 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-23 22:15 . 2011-05-23 22:15 -------- d-----w- c:\program files\Trend Micro 2011-05-22 22:11 . 2011-04-20 23:35 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll 2011-05-22 22:11 . 2011-04-20 23:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll 2011-05-22 22:11 . 2011-04-20 23:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll 2011-05-22 22:11 . 2011-04-20 23:35 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll 2011-05-22 22:11 . 2011-04-20 23:35 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll 2011-05-18 21:13 . 2011-05-18 21:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-13 05:27 . 2011-05-13 05:27 -------- d-----w- c:\users\dave\AppData\Local\DDMSettings 2011-05-11 21:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\users\dave\AppData\Roaming\QFX Software 2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\programdata\QFX Software 2011-04-26 21:40 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-26 21:40 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-26 21:39 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-26 21:20 . 2011-04-26 21:20 -------- d-----w- c:\users\dave\AppData\Local\Stardock . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-10 12:10 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-02-03 20:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-24 22:14 . 2010-10-09 17:48 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2011-04-17 17:31 . 2011-04-17 17:31 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-17 17:31 . 2011-04-17 17:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-17 17:31 . 2011-04-17 17:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-17 17:31 . 2011-04-17 17:31 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-17 17:31 . 2011-04-17 17:31 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-17 17:31 . 2011-04-17 17:31 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-17 17:31 . 2011-04-17 17:31 367104 ----a-w- c:\windows\system32\html.iec 2011-04-17 17:31 . 2011-04-17 17:31 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-17 17:31 . 2011-04-17 17:31 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-17 17:31 . 2011-04-17 17:31 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-17 17:31 . 2011-04-17 17:31 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-17 17:31 . 2011-04-17 17:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-17 17:31 . 2011-04-17 17:31 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-17 17:31 . 2011-04-17 17:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-17 17:31 . 2011-04-17 17:31 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-17 17:31 . 2011-04-17 17:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-17 17:31 . 2011-04-17 17:31 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-17 17:31 . 2011-04-17 17:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-17 17:31 . 2011-04-17 17:31 101888 ----a-w- c:\windows\system32\admparse.dll 2011-03-10 17:03 . 2011-04-14 17:32 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-10 17:03 . 2011-04-14 17:32 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-03 15:42 . 2011-04-14 17:32 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 15:40 . 2011-04-26 21:40 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-26 21:40 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-26 21:40 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-26 21:40 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-03-03 13:25 . 2011-04-14 17:32 2041856 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 15:44 . 2011-04-14 17:32 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent] 2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent] 2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-05-08 c:\windows\Tasks\HPCeeScheduleFordave.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-24 21:44 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\windows\system32\conime.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-05-24 21:49:55 - machine werd herstart ComboFix-quarantined-files.txt 2011-05-24 19:49 ComboFix2.txt 2011-05-24 11:02 ComboFix3.txt 2011-04-08 14:49 . Pre-Run: 212.385.484.800 bytes beschikbaar Post-Run: 212.190.584.832 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 3BDFCA35E3480C15C4E43C796DE34D62 -
rootkit verwijderen???
daveEHV reageerde op daveEHV's topic in Archief Bestrijding malware & virussen
hallo kape hier het combofix log: ComboFix 11-05-23.02 - dave 24-05-2011 12:26:20.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1836 [GMT 2:00] Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))) . . 2011-05-24 10:51 . 2011-05-24 10:52 -------- d-----w- c:\users\dave\AppData\Local\temp 2011-05-24 10:51 . 2011-05-24 10:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-05-24 10:51 . 2011-05-24 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-24 10:15 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F18F99-7197-49A9-B9F0-4DE3E7AD82FA}\mpengine.dll 2011-05-24 00:12 . 2011-05-24 00:12 -------- d-----w- c:\programdata\Grisoft 2011-05-23 23:54 . 2011-05-23 23:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-05-23 23:35 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2011-05-23 23:35 . 2011-05-23 23:36 -------- d-----w- c:\program files\SpywareBlaster 2011-05-23 22:44 . 2011-05-24 00:31 -------- d-----w- c:\program files\ewido anti-malware 2011-05-23 22:40 . 2011-05-23 22:41 -------- d-----w- c:\users\dave\AppData\Roaming\GetRightToGo 2011-05-23 22:15 . 2011-05-23 22:15 388096 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-23 22:15 . 2011-05-23 22:15 -------- d-----w- c:\program files\Trend Micro 2011-05-23 14:33 . 2011-05-23 14:33 -------- d-----w- c:\users\dave\AppData\Local\{96250F1B-6D72-4390-BB95-D53A551FF31D} 2011-05-22 22:11 . 2011-04-20 23:35 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll 2011-05-22 22:11 . 2011-04-20 23:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll 2011-05-22 22:11 . 2011-04-20 23:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll 2011-05-22 22:11 . 2011-04-20 23:35 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll 2011-05-22 22:11 . 2011-04-20 23:35 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll 2011-05-22 19:35 . 2011-05-22 19:35 -------- d-----w- c:\users\dave\AppData\Local\{D03F8755-F6E9-4613-8096-C81158EA3DC5} 2011-05-20 13:46 . 2011-05-20 13:46 -------- d-----w- c:\users\dave\AppData\Local\{0EDE1847-7C28-4418-A4CA-38153067286C} 2011-05-19 16:58 . 2011-05-19 16:59 -------- d-----w- c:\users\dave\AppData\Local\{C2C8AB6C-1929-4FA4-8DA6-4DA4AAB2B27E} 2011-05-18 21:13 . 2011-05-18 21:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-18 21:06 . 2011-05-18 21:06 -------- d-----w- c:\users\dave\AppData\Local\{F58AE18C-FDAF-4123-B18E-D0539DA6328F} 2011-05-16 20:52 . 2011-05-16 20:53 -------- d-----w- c:\users\dave\AppData\Local\{E34F4F97-CCA9-467E-94F3-04780C75E77E} 2011-05-14 15:38 . 2011-05-14 15:38 -------- d-----w- c:\users\dave\AppData\Local\{26D10809-00FC-478A-B643-2E0C68323EDA} 2011-05-13 17:27 . 2011-05-13 17:27 -------- d-----w- c:\users\dave\AppData\Local\{7A5DBCAB-0759-4341-9F9C-5008022FEF4D} 2011-05-13 05:27 . 2011-05-13 05:27 -------- d-----w- c:\users\dave\AppData\Local\DDMSettings 2011-05-13 05:19 . 2011-05-13 05:19 -------- d-----w- c:\users\dave\AppData\Local\{E018D9BC-F432-406F-B71C-6C8439449435} 2011-05-11 21:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-05-11 19:20 . 2011-05-11 19:20 -------- d-----w- c:\users\dave\AppData\Local\{9A117127-41E8-4B6F-9499-71DF81BA2354} 2011-05-10 20:16 . 2011-05-10 20:16 -------- d-----w- c:\users\dave\AppData\Local\{89AE59F0-5CEF-4A16-8D96-B28505CC977D} 2011-05-09 11:25 . 2011-05-09 11:25 -------- d-----w- c:\users\dave\AppData\Local\{69C0B85B-1242-413D-932E-3AA4704B79A9} 2011-05-08 14:07 . 2011-05-08 14:07 -------- d-----w- c:\users\dave\AppData\Local\{80E24024-833E-4F33-8095-C23A945C78B3} 2011-05-05 19:06 . 2011-05-05 19:07 -------- d-----w- c:\users\dave\AppData\Local\{82246EAC-7ACC-45F4-A9A1-7D7A795B92FC} 2011-05-04 13:40 . 2011-05-04 13:40 -------- d-----w- c:\users\dave\AppData\Local\{0F6AD030-40D6-4883-A172-6F39BE8378C6} 2011-05-03 17:12 . 2011-05-03 17:13 -------- d-----w- c:\users\dave\AppData\Local\{67FDE300-9291-4825-8A1A-B869DB511D5B} 2011-05-02 10:34 . 2011-05-02 10:34 -------- d-----w- c:\users\dave\AppData\Local\{7EEE13A3-9750-4C0B-95B2-2D560771E494} 2011-05-01 09:40 . 2011-05-01 09:40 -------- d-----w- c:\users\dave\AppData\Local\{E56DFD2B-2577-4902-AE5D-0DA61D5571DB} 2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\users\dave\AppData\Roaming\QFX Software 2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\programdata\QFX Software 2011-04-30 02:08 . 2011-04-30 02:09 -------- d-----w- c:\users\dave\AppData\Local\{C97A0840-4012-4D40-B3BA-66F185F7F3C2} 2011-04-29 14:08 . 2011-04-29 14:08 -------- d-----w- c:\users\dave\AppData\Local\{517980E0-321D-4D1C-ACDE-22BB9E2E1E76} 2011-04-28 18:53 . 2011-04-28 18:54 -------- d-----w- c:\users\dave\AppData\Local\{5DA76F98-08E0-4A1D-B372-BDD2D70CE9E1} 2011-04-26 21:40 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-26 21:40 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-26 21:39 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-26 21:20 . 2011-04-26 21:20 -------- d-----w- c:\users\dave\AppData\Local\Stardock 2011-04-26 19:09 . 2011-04-26 19:10 -------- d-----w- c:\users\dave\AppData\Local\{0417705E-9CF4-4B83-8802-06C58EE32E4F} 2011-04-25 19:21 . 2011-04-25 19:22 -------- d-----w- c:\users\dave\AppData\Local\{2A572BF1-506B-47B0-9890-7295C3275C63} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-10 12:10 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-02-03 20:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-24 22:14 . 2010-10-09 17:48 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys 2011-04-17 17:31 . 2011-04-17 17:31 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-17 17:31 . 2011-04-17 17:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-17 17:31 . 2011-04-17 17:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-17 17:31 . 2011-04-17 17:31 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-17 17:31 . 2011-04-17 17:31 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-17 17:31 . 2011-04-17 17:31 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-17 17:31 . 2011-04-17 17:31 367104 ----a-w- c:\windows\system32\html.iec 2011-04-17 17:31 . 2011-04-17 17:31 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-17 17:31 . 2011-04-17 17:31 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-17 17:31 . 2011-04-17 17:31 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-17 17:31 . 2011-04-17 17:31 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-17 17:31 . 2011-04-17 17:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-17 17:31 . 2011-04-17 17:31 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-17 17:31 . 2011-04-17 17:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-17 17:31 . 2011-04-17 17:31 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-17 17:31 . 2011-04-17 17:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-17 17:31 . 2011-04-17 17:31 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-17 17:31 . 2011-04-17 17:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-17 17:31 . 2011-04-17 17:31 101888 ----a-w- c:\windows\system32\admparse.dll 2011-03-10 17:03 . 2011-04-14 17:32 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-10 17:03 . 2011-04-14 17:32 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-03 15:42 . 2011-04-14 17:32 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 15:40 . 2011-04-26 21:40 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-26 21:40 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-26 21:40 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-26 21:40 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-03-03 13:25 . 2011-04-14 17:32 2041856 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 15:44 . 2011-04-14 17:32 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736] "UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216] "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent] 2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent] 2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F1C2.tmp [x] R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-05-08 c:\windows\Tasks\HPCeeScheduleFordave.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-24 12:51 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\F1C2.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5600) c:\windows\System32\SyncCenter.dll . Voltooingstijd: 2011-05-24 13:02:22 ComboFix-quarantined-files.txt 2011-05-24 11:02 ComboFix2.txt 2011-04-08 14:49 . Pre-Run: 213.130.444.800 bytes beschikbaar Post-Run: 212.363.653.120 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - FBE5F16E55A9A3713CE9642E0A1CE774 -
rootkit verwijderen???
daveEHV reageerde op daveEHV's topic in Archief Bestrijding malware & virussen
hallo hierbij het hijack log mvg dave Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:16:45, on 24-5-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- End of file - 9250 bytes -
Door dat mijn pc vaak blaast was ik gaan kijken voor rootkits. Ik heb het programma Trend Micro Rootkitbuster gebruikt, en tot mijn verbazing werden er 30 stuks gevonden. Zoals het programma zou moeten werken zou je ze ook kunnen verwijderen en herstarten probleem opgelost. Nu liet ik het nog een keer draaien en de 30 problemen waren gewoon weer terug!? Zou graag wat hulp willen? Alvast een log van de rootkit buster +---------------------------------------------------- | Trend Micro RootkitBuster | Module version: 3.60.0.1016 | Computer Name: PC_VAN_DAVE | User Name: dave +---------------------------------------------------- --== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted Root : 0 SubKey : Restricted ValueName : ccc Data : 48 E7 E 92 58 B3 13 E6 ... ValueType : 3 AccessType: 0 FullLength: 0x66 DataSize : 0xc8 1 hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. --== Service Win32 API Hook List ==-- [HOOKED_SERVICE_API]: Service API : ZwAddBootEntry Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84302ec6 CurrentHandler : 0x91ad9202 ServiceNumber : 0x9 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateEvent Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8425fd37 CurrentHandler : 0x91adb81c ServiceNumber : 0x3a ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateEventPair Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84308584 CurrentHandler : 0x91adb874 ServiceNumber : 0x3b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateIoCompletion Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84219907 CurrentHandler : 0x91adb98a ServiceNumber : 0x3d ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8426d7bc CurrentHandler : 0x91adb772 ServiceNumber : 0x43 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateSection Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8427ed95 CurrentHandler : 0x91adb8c4 ServiceNumber : 0x4b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateSemaphore Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84224cc3 CurrentHandler : 0x91adb7c6 ServiceNumber : 0x4c ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateTimer Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84207a9f CurrentHandler : 0x91adb938 ServiceNumber : 0x4f ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteBootEntry Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84302ef7 CurrentHandler : 0x91ad9226 ServiceNumber : 0x78 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwLoadDriver Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x841b8dee CurrentHandler : 0x91ad8ff0 ServiceNumber : 0xa5 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwModifyBootEntry Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x843030c7 CurrentHandler : 0x91ad924a ServiceNumber : 0xb2 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwNotifyChangeKey Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8420c5d9 CurrentHandler : 0x91adbd82 ServiceNumber : 0xb5 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwNotifyChangeMultipleKeys Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8420ba51 CurrentHandler : 0x91ad9cda ServiceNumber : 0xb6 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenEvent Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84246d5f CurrentHandler : 0x91adb84c ServiceNumber : 0xb8 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenEventPair Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x843086b3 CurrentHandler : 0x91adb89c ServiceNumber : 0xb9 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenIoCompletion Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x842ba6cd CurrentHandler : 0x91adb9b4 ServiceNumber : 0xbb ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenMutant Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8425eaf1 CurrentHandler : 0x91adb79e ServiceNumber : 0xbf ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenSection Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8425e5fd CurrentHandler : 0x91adb904 ServiceNumber : 0xc5 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenSemaphore Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x841f2ebe CurrentHandler : 0x91adb7f4 ServiceNumber : 0xc6 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwOpenTimer Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8430830f CurrentHandler : 0x91adb962 ServiceNumber : 0xcc ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwQueryObject Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84233343 CurrentHandler : 0x91ad9ba0 ServiceNumber : 0xed ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSetBootEntryOrder Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x843037f8 CurrentHandler : 0x91ad926e ServiceNumber : 0x11f ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSetBootOptions Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84303cfa CurrentHandler : 0x91ad9292 ServiceNumber : 0x120 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSetSystemInformation Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84233e83 CurrentHandler : 0x91ad904a ServiceNumber : 0x13d ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSetSystemPowerState Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x843270a1 CurrentHandler : 0x91ad9186 ServiceNumber : 0x13e ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwShutdownSystem Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x843003a1 CurrentHandler : 0x91ad9162 ServiceNumber : 0x146 ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwSystemDebugControl Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x84245e51 CurrentHandler : 0x91ad91aa ServiceNumber : 0x14c ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwVdmControl Image Path : C:\Windows\System32\Drivers\aswSnx.SYS OriginalHandler : 0x842f4ee3 CurrentHandler : 0x91ad92b6 ServiceNumber : 0x15d ModuleName : aswSnx.SYS SDTType : 0x0 --== Dump Hidden Port ==-- No hidden ports found. --== Dump Kernel Code Patching ==-- [KERNEL_CODE][PATCHED]: Service API : ZwCreateProcessEx Address : 842DEDAE CurrentCode : E953EBC50D ExpectedCode : 6A0C681858 ServiceNumber : 0x49 SDTType : 0x0 1 Kernel code patching found. --== Dump Hidden Services ==-- No hidden services found.
-
Kape Vriendelijk bedankt voor je hulp ik heb hem aangeraden om een format te doen en er vista of windows 7 te herinstalleren. wat mij betreft kan dit topic gesloten worden. mvg dave
-
hallo kape ik had de volledige scan van MBAM gecheckt en hij gaf ook niets aan. toch loopt hij nog niet lekker internet start nog traag op?! misschien is gewoon een format en opnieuw windows installeren beter?? of jij moet nog een idee hebben??? ook vreemd dat teamviewer niet werkt op zijn pc?! en al helemaal vreemd dat als de internet kabel is aangesloten dat zijn pc dan uit zichzelf opstart ook als ik hem netjes afsluit? ook wil hij niet starten in de veilige modus?? mvg dave
-
hallo kape en idd Dr.web had geen infecties gevonden, en ik vond een corrupt file in de windows live contacts map van zijn hotmail ik heb MBAM volledige scan gestart en ga morgen even kijken of er iets is gevonden. en heb geen exacte benaming want voordat ik hem had opgeschreven starten hij alweer opnieuw op. heb toen een msn virus removal gebruikt en die vond ook niks. mvg dave
