Inhoud van Winterkoning

Intel RST-service wordt niet uitgevoerd

Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen

Ik heb die intel sata driver geinstalleerd. Hij was weliswaar ouder dan de driver die ik had maar het probleem is opgelost. Bedankt!

Intel RST-service wordt niet uitgevoerd

Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen

Gedaan. Geen fouten gevonden. Nog andere opties? Bijvoorbeeld driver vervangen?

Intel RST-service wordt niet uitgevoerd

Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen

Dit topic had ik idd al gelezen en uitgevoerd. Dus die Service staat nu op "uitgeschakeld" maar net zoals die andere persoon beschrijft staat er nog wel steeds dezelfde foutmelding in het systeemvak. Maar bij mij blijft de melding ook na een paar keer opnieuw opstarten.

Intel RST-service wordt niet uitgevoerd

Winterkoning plaatste een topic in Archief Windows Algemeen

Dag, Ondanks dat ik al op een aantal fora (ook op dit forum) dit probleem heb gelezen, heb ik het niet opgelost gekregen. In mijn systeembalk zit sinds een tijdje een blauw kringetje om het symbool van de harde schijf. Als ik mijn muis er bij houdt geeft het: Intel RST-service wordt niet uitgevoerd. Ik heb geen flauw idee wat er aan de hand is maar heb het idee dat het energie trekt van mijn Laptop en wellicht doet iets het niet meer. Ik begreep dat het te maken heeft met de RAID opslag technologie bedoeld voor meerdere schijven? Volgens mij heb ik slechts 1 harde schijf in mijn laptop ACER Aspire V3-571G en zou ik deze technologie helemaal niet nodig hebben(?) Kan iemand mij uitleggen wat deze RST service zou moeten doen? en wat ik het beste kan doen? groeten Matthijs

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Ok dat heb ik gedaan. Nu is het wel gelukt. Ik was de spatie de vorige keer vergeten. Dan denk ik dat we dit onderwerp kunnen aflsuiten. Ik ben tevreden. Bedankt voor de hulp!

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

misschien een gekke vraag hoor, maar hoe doe ik "start" en dan "uitvoeren". Ik heb alleen een search programms veld nadat ik op de start knop heb geklikt. Bedoel je hiermee dat ik naar Dos moet? Als ik in Dos het commando Combofix/uninstall geef snapt ie het niet. En Combofix/U doet ie ook niet. Ik heb ook niet de indruk dat Combofix is geinstalleerd omdat het programma niet kan vinden als ik bij programmas kijk of uninstall via control panel wil doen . Ik heb alleen een combofix.exe op het bureaublad. Die heb ik handmatig verwijderd. (eehh eigenlijk heb ik hem weer opgestart om te kijken of ik dan ergens een menu kon vinden om hem te uninstallen. En toen heb ik de Combofix vlak voordat ie begon te scannen weggeklikt door op kruis rechtsboven te klikken). Ik wacht je instructie weer af.

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Ja nu speelt de mediaspeler ineens mijn cd niet meer. Dat is sinds jouw aanwijzingen. Als ik er een cd in doe dan opent de laptop direct de mediaplayer maar hij herkent de nummers niet. Bij het eerste nummer komt een roodkruis te staan en daarna stopt het, hij speelt helemaal niets. Mp3's speelt ie wel gewoon. Ook met bijv. VLC player herkent hij mijn cd niet. En google chrome heeft nog steeds deze: Babylon Search startpagina ingesteld. Die ga ik nu weer in mijn eigen voorkeurssite veranderen. Het log toont een schone laptop begrijp ik? Begrijp jij iets van die Babylon startpagina? Kan het zijn dat er een instelling van de mediaplayer is veranderd waardoor hij originele muziekcds niet meer herkent?

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Hier het resultaat na het vernieuwde script: ComboFix 11-11-06.01 - Matthijs 06-11-2011 14:59:54.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1124 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 14:08 . 2011-11-06 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 13:53 . 2011-11-06 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.startup.homepage - google.nl . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 15:10:29 ComboFix-quarantined-files.txt 2011-11-06 14:10 ComboFix2.txt 2011-11-06 10:45 ComboFix3.txt 2011-11-06 09:04 . Pre-Run: 21.430.968.320 bytes free Post-Run: 21.381.148.672 bytes free . - - End Of File - - CBBCDBCA65BC4BBF4058D32572721310

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Hier het nieuwe log: ComboFix 11-11-06.01 - Matthijs 06-11-2011 11:34:38.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1208 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Babylon c:\users\Matthijs\AppData\Local\Babylon c:\users\Matthijs\AppData\Local\Babylon\Setup\bab033.tbinst.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\Babylon.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.dll c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.exe c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\common.js c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\eula.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.css c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.js c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page9.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\title2.png c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup.exe c:\users\Matthijs\AppData\Local\Babylon\Setup\SetupStrings.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\sqlite3.dll c:\users\Matthijs\AppData\Roaming\Babylon c:\users\Matthijs\AppData\Roaming\Babylon\log_file.txt . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 10:42 . 2011-11-06 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 09:15 . 2011-11-06 09:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - google.nl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 11:45:03 ComboFix-quarantined-files.txt 2011-11-06 10:45 ComboFix2.txt 2011-11-06 09:04 . Pre-Run: 21.348.065.280 bytes free Post-Run: 21.296.971.776 bytes free . - - End Of File - - E622F8ECC3529BBFDCB5A2DD271645D3

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Bye the way ik kwam er gisteren ook achter dat bijvoorbeeld mijn google chrome browser die ik bijna nooit gebruik ineens de Babylon zoekmachine als homepage had. Dit terwijl ik dacht Babylon compleet verwijderd te hebben. Het resultaat van Combofix: ComboFix 11-11-06.01 - Matthijs 06-11-2011 9:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1062 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Setup.exe c:\program files\WindowsInstaller-KB893803-v2-x86.exe c:\users\Matthijs\AppData\Roaming\Desktopicon . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 08:55 . 2011-11-06 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 06:54 . 2011-11-06 06:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Local\Babylon 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Roaming\Babylon 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\programdata\Babylon 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - google.nl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 10:04:10 ComboFix-quarantined-files.txt 2011-11-06 09:04 . Pre-Run: 21.863.632.896 bytes free Post-Run: 21.531.537.408 bytes free . - - End Of File - - 208ED635794EEEF514D687CE61FE29DD Hoe ziet het er uit? Weet jij wat voor functie de files hadden die dit programma nu gedelete heeft?

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Neem mij niet kwalijk. Ik had niet gelezen dat er ook weer een hijacklog bij moest. Bij deze: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:51:13, on 5-11-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\Matthijs\Downloads\CoreTemp32\Core Temp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Public\Documents\KillSkypeHome.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: KillSkypeHome.lnk = Public\Documents\KillSkypeHome.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7037 bytes Ik ben benieuwd!

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Uitgevoerd. Maar zoals eerder beschreven geeft MalwareAntiMalware geen problemen aan. zie ook log: Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 8090 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5-11-2011 17:14:39 mbam-log-2011-11-05 (17-14-39).txt Scantype: Snelle scan Objecten gescand: 161037 Verstreken tijd: 6 minuut/minuten, 29 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Betekent dat dat mijn laptop brandschoon is? Zie de hijacklog er goed uit?

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Dank je voor je snelle reacties!

Hijack this log nakijken

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Hier is mijn scan resultaat wil iemand dit bedoordelen? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:21:53, on 5-11-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Users\Matthijs\Downloads\CoreTemp32\Core Temp.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\Public\Documents\KillSkypeHome.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: KillSkypeHome.lnk = Public\Documents\KillSkypeHome.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7386 bytes

Hijack this log nakijken

Winterkoning plaatste een topic in Archief Bestrijding malware & virussen

Hallo, Onlangs heb ik Babylon search op mijn laptop gekregen zonder dat ik het wilde. Op zich heb ik het redelijk makkelijk kunnen verwijderen, maar ik vind het wel een beetje onheilspellend dat er blijkbaar zomaar bestanden op mijn laptop zijn gezet en ook dat de homepage werd veranderd. Ookal vindt Malware/AntiMalware niets meer (met snelle scan althans). En geven Avira Antivir en SuperAntispyware geen problemen meer, zou het mij niet verbazen als je lang dezelfde antivirus/malware software gebruikt dat het minder veilig wordt omdat hackers/criminelen daar misschien omheengaan of iets dergelijks. Zou iemand (een expert) eens willen kijken hoe het er voor staat met mijn laptop en eventuele door criminelen geinstalleerde software die mijn gegevens (wachtwoorden etc) oppikt. Ik heb begrepen dat dit met een hijack log kan? Zo ja dan wacht ik instructies af. groet, Rutger

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

ok! Bedankt voor de moeite!

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

ik denk wel dat ik precies je instructie heb ingetypt. Kleine kans dat dat het was. Ik probeerde later combofix /u dat las ik op een ander forum. Ook toen leek het of hij Combofix weer opnieuw opstartte. dus dat heb ik ook weer geannuleerd. Nu heb ik alleen het combofix exe bestand en die map die je aangaf verwijderd. Computer loopt wel goed. Mediaplayer bijvoorbeeld start sneller op. Wat denk je is het zo opgelost?

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Kape, Ik heb via de veilige modus een systeem herstel kunnen toepassen en gelukkig doet alles het weer, zo het nu lijkt! Poeh, pak van mijn hart! Rest me om ComboFix nu alsog veilig te verwijderen en de veiligheidsinstellingen te herstellen van Vista. Ik hoor nog graag wat er nu misgegaan kan zijn.

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Kape, Hier een deel van de log die ik heb gehad van laatste combo fix (als ik de hele log wil sturen krijg ik timeout van jullie server). Zou je me aub zo snel mogelijk kunnen vertellen hoe ik mijn laptop weer werkbaar krijg? Hoe ik bijvoorbeeld via een dos instructie terug kan gaan naar een vorige systeem punt. Want ook System herstel via Vista werkt niet meer. ComboFix 09-12-02.08 - MatthijsLap 06-12-2009 14:31.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1134 [GMT 1:00] Gestart vanuit: c:\users\MatthijsLap\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))) . 2009-12-06 13:50 . 2009-12-06 13:51 -------- d-----w- c:\users\MatthijsLap\AppData\Local\temp 2009-12-06 13:50 . 2009-12-06 13:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-06 13:50 . 2009-12-06 13:50 -------- d-----w- c:\users\Matthijs jr\AppData\Local\temp 2009-12-06 13:50 . 2009-12-06 13:50 -------- d-----w- c:\users\Gast\AppData\Local\temp 2009-12-06 13:50 . 2009-12-06 13:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-30 10:40 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-11-27 21:33 . 2009-11-27 21:33 -------- d-----w- c:\program files\VS Revo Group 2009-11-26 06:52 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-26 06:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-26 06:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000e00002h\rundll32.exe 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\4ad000005000003h\cmd.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000900003h\imjppdmg.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\3000000067500002h\MSACCESS.EXE 2009-11-23 17:20 . 2009-11-23 17:20 -------- d-----w- c:\users\MatthijsLap\AppData\Roaming\Thinstall 2009-11-17 08:34 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2009-11-16 10:50 . 2009-11-16 10:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-16 10:31 . 2009-11-16 10:31 -------- d-----w- c:\program files\Lavasoft 2009-11-11 06:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 06:41 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-07 09:29 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2009-11-07 09:29 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2009-11-07 09:28 . 2009-11-07 09:28 -------- d-----w- c:\program files\eRightSoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 21:48 . 2007-03-02 19:36 163840 d-----w- c:\users\MatthijsLap\AppData\Roaming\uTorrent 2009-12-02 13:48 . 2006-11-02 16:11 670256 ----a-w- c:\windows\system32\perfh013.dat 2009-12-02 13:48 . 2006-11-02 16:11 127698 ----a-w- c:\windows\system32\perfc013.dat 2009-11-27 23:12 . 2009-10-25 10:57 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\vlc 2009-11-25 10:55 . 2009-01-11 17:16 -------- d-----w- c:\programdata\Lavasoft 2009-11-22 10:12 . 2007-02-08 00:16 4096 d-----w- c:\program files\Java 2009-11-13 07:32 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 20:19 . 2007-04-07 15:21 12288 d-----w- c:\programdata\Microsoft Help 2009-11-06 17:44 . 2007-03-03 00:38 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Apple Computer 2009-11-03 01:44 . 2009-11-03 01:44 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-03 01:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-02 19:42 . 2009-10-03 07:27 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 14:37 . 2009-11-02 14:37 -------- d-----w- c:\users\Matthijs jr\AppData\Roaming\Malwarebytes 2009-11-02 14:37 . 2007-03-23 16:41 139792 ----a-w- c:\users\Matthijs jr\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-30 12:32 . 2009-10-30 12:30 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-30 12:32 . 2008-08-07 17:39 4096 d-----w- c:\program files\iTunes 2009-10-30 12:30 . 2009-10-30 12:30 -------- d-----w- c:\program files\iPod 2009-10-30 12:30 . 2007-12-13 17:55 -------- d-----w- c:\program files\Common Files\Apple 2009-10-30 12:26 . 2009-10-30 12:25 4096 d-----w- c:\program files\QuickTime 2009-10-30 12:16 . 2009-10-30 12:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-30 10:50 . 2009-10-23 10:10 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\HpUpdate 2009-10-25 17:38 . 2009-03-13 15:24 4096 d-----w- c:\program files\FTDv3.8 2009-10-25 08:57 . 2008-07-15 17:59 8192 d-----w- c:\program files\DivX 2009-10-25 08:56 . 2009-10-25 08:55 4096 d-----w- c:\program files\Common Files\DivX Shared 2009-10-23 10:19 . 2007-03-05 22:35 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-10-23 10:19 . 2007-03-05 22:35 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-23 10:10 . 2007-02-07 23:56 4096 d-----w- c:\program files\HP 2009-10-19 13:43 . 2007-03-05 22:24 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Skype 2009-10-17 07:26 . 2009-10-17 07:26 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-11 03:17 . 2009-09-09 15:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08 . 2009-11-02 16:48 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-02 16:48 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-02 16:48 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-01 01:02 . 2009-11-02 16:51 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-02 16:52 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-02 16:51 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-02 16:51 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-02 16:52 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-02 16:51 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-02 16:51 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-02 16:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-02 16:51 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-02 16:51 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-02 16:51 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-02 16:52 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-02 16:51 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-02 16:51 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-02 16:51 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-02 16:51 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-30 14:02 . 2009-01-23 14:32 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 15:23 . 2009-09-29 19:45 364917 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-09-25 02:10 . 2009-11-02 16:52 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-02 16:52 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-02 16:52 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-02 16:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-02 16:52 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-02 16:52 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-02 16:52 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-02 16:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-02 16:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-02 16:52 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-02 16:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-02 16:52 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-02 16:52 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-02 16:52 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-02 16:52 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-02 16:52 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-02 16:52 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-02 16:52 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-02 16:52 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-02 16:52 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-02 16:52 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-02 16:52 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-02 16:52 793088 ----a-w- c:\windows\system32\FntCache.dll

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Hoi Kape, Ik mail nu vanaf een andere computer omdat er waarschijnlijk iets is misgegaan. Ik ben naar start--> uitvoeren gegaan en heb deinstall/combofix getypt. Het lijkt er op dat Combofix toen niet is opgeruimd, maar hij heeft opnieuw een scan gedaan. Misschien heeft het met het start--> uitvoeren te maken want ik weet niet of het de bedoeling is dat hij dan een dos prompt geeft, maar dat doet mijn vista besturing niet. Dus wellicht zijn mijn orders verkeerd begrepen door mijn pc. Net als eerder dus toen je me vroeg via start--> uitvoeren het een en ander te verwijderen. Affijn ik heb nu een groot probleem want mijn laptop is compleet onbruikbaar. Na de combo fix scan kan ik niets meer opstarten bij alles zegt hij: "Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering". Ik zit nu behoorlijk in de stress aangezien ik mijn laptop voor alles gebruik en graag morgen ook weer voor mijn werk. Kan je aangeven wat er wellicht gebeurd is en wat ik nu kan doen om mijn laptop weer in orde te krijgen? en combofix er wel af te krijgen? groeten, Matthijs

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Hoi Kape, Ik heb je instructies opgevolgd en ComboFix opnieuw laten draaien. Zie hier het resultaat: ComboFix 09-12-02.08 - MatthijsLap 06-12-2009 12:17.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1353 [GMT 1:00] Gestart vanuit: c:\users\MatthijsLap\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\MatthijsLap\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\System32\flvDX.dll" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\flvDX.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))) . 2009-12-06 11:34 . 2009-12-06 11:35 -------- d-----w- c:\users\MatthijsLap\AppData\Local\temp 2009-12-06 11:34 . 2009-12-06 11:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-12-06 11:34 . 2009-12-06 11:34 -------- d-----w- c:\users\Matthijs jr\AppData\Local\temp 2009-12-06 11:34 . 2009-12-06 11:34 -------- d-----w- c:\users\Gast\AppData\Local\temp 2009-12-06 11:34 . 2009-12-06 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-30 10:40 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-11-27 21:33 . 2009-11-27 21:33 -------- d-----w- c:\program files\VS Revo Group 2009-11-26 06:52 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-26 06:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-26 06:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000e00002h\rundll32.exe 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\4ad000005000003h\cmd.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000900003h\imjppdmg.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\3000000067500002h\MSACCESS.EXE 2009-11-23 17:20 . 2009-11-23 17:20 -------- d-----w- c:\users\MatthijsLap\AppData\Roaming\Thinstall 2009-11-17 08:34 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2009-11-16 10:50 . 2009-11-16 10:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-16 10:31 . 2009-11-16 10:31 -------- d-----w- c:\program files\Lavasoft 2009-11-11 06:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 06:41 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-07 09:29 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2009-11-07 09:29 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2009-11-07 09:28 . 2009-11-07 09:28 -------- d-----w- c:\program files\eRightSoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-05 21:48 . 2007-03-02 19:36 163840 d-----w- c:\users\MatthijsLap\AppData\Roaming\uTorrent 2009-12-02 13:48 . 2006-11-02 16:11 670256 ----a-w- c:\windows\system32\perfh013.dat 2009-12-02 13:48 . 2006-11-02 16:11 127698 ----a-w- c:\windows\system32\perfc013.dat 2009-11-27 23:12 . 2009-10-25 10:57 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\vlc 2009-11-25 10:55 . 2009-01-11 17:16 -------- d-----w- c:\programdata\Lavasoft 2009-11-22 10:12 . 2007-02-08 00:16 4096 d-----w- c:\program files\Java 2009-11-13 07:32 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 20:19 . 2007-04-07 15:21 12288 d-----w- c:\programdata\Microsoft Help 2009-11-06 17:44 . 2007-03-03 00:38 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Apple Computer 2009-11-03 01:44 . 2009-11-03 01:44 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-03 01:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-02 19:42 . 2009-10-03 07:27 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 14:37 . 2009-11-02 14:37 -------- d-----w- c:\users\Matthijs jr\AppData\Roaming\Malwarebytes 2009-11-02 14:37 . 2007-03-23 16:41 139792 ----a-w- c:\users\Matthijs jr\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-30 12:32 . 2009-10-30 12:30 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-30 12:32 . 2008-08-07 17:39 4096 d-----w- c:\program files\iTunes 2009-10-30 12:30 . 2009-10-30 12:30 -------- d-----w- c:\program files\iPod 2009-10-30 12:30 . 2007-12-13 17:55 -------- d-----w- c:\program files\Common Files\Apple 2009-10-30 12:26 . 2009-10-30 12:25 4096 d-----w- c:\program files\QuickTime 2009-10-30 12:16 . 2009-10-30 12:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-30 10:50 . 2009-10-23 10:10 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\HpUpdate 2009-10-25 17:38 . 2009-03-13 15:24 4096 d-----w- c:\program files\FTDv3.8 2009-10-25 08:57 . 2008-07-15 17:59 8192 d-----w- c:\program files\DivX 2009-10-25 08:56 . 2009-10-25 08:55 4096 d-----w- c:\program files\Common Files\DivX Shared 2009-10-23 10:19 . 2007-03-05 22:35 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-10-23 10:19 . 2007-03-05 22:35 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-23 10:10 . 2007-02-07 23:56 4096 d-----w- c:\program files\HP 2009-10-19 13:43 . 2007-03-05 22:24 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Skype 2009-10-17 07:26 . 2009-10-17 07:26 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-11 03:17 . 2009-09-09 15:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08 . 2009-11-02 16:48 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-02 16:48 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-02 16:48 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-01 01:02 . 2009-11-02 16:51 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-02 16:52 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-02 16:51 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-02 16:51 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-02 16:52 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-02 16:51 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-02 16:51 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-02 16:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-02 16:51 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-02 16:51 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-02 16:51 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-02 16:52 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-02 16:51 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-02 16:51 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-02 16:51 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-02 16:51 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-30 14:02 . 2009-01-23 14:32 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 15:23 . 2009-09-29 19:45 364917 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-09-25 02:10 . 2009-11-02 16:52 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-02 16:52 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-02 16:52 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-02 16:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-02 16:52 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-02 16:52 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-02 16:52 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-02 16:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-02 16:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-02 16:52 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-02 16:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-02 16:52 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-02 16:52 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-02 16:52 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-02 16:52 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-02 16:52 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-02 16:52 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-02 16:52 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-02 16:52 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-02 16:52 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-02 16:52 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-02 16:52 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-02 16:52 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-02 16:52 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-02 16:52 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-02 16:52 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-02 16:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-21 15:27 . 2009-09-29 19:45 479611 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-09-15 14:58 . 2009-09-29 19:45 106867 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll 2009-09-15 14:58 . 2009-09-29 19:45 422261 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2009-09-15 14:57 . 2009-09-29 19:45 184693 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-09-14 09:29 . 2009-10-16 09:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-16 09:29 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-28 06:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-28 06:31 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-10 12:54 . 2009-01-12 22:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-01-12 22:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 02:01 . 2009-11-02 16:53 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-09-10 02:00 . 2009-11-02 16:53 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-09-10 02:00 . 2009-11-02 16:53 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2007-02-21 10:47 . 2009-11-07 09:29 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 . 2009-11-07 09:29 216064 --sh--r- c:\windows\System32\nbDX.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-03_18.33.17 ))))))))))))))))))))))))))))))))))))))))) . - 2009-12-03 18:04 . 2009-12-03 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-12-06 11:06 . 2009-12-06 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-12-06 11:06 . 2009-12-06 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-12-03 18:04 . 2009-12-03 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi7"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(:b2,d1,c0,b8,57,3b,ca,01 R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [30-11-2009 11:40 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26-6-2009 8:44 108289] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [18-12-2006 22:31 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [18-12-2006 22:31 43904] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11-10-2007 19:11 715248] S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [20-9-2009 12:06 17408] S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.sys [20-9-2009 12:07 125440] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20-8-2008 17:04 21504] S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJAsioK.sys [20-9-2009 12:07 172544] S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [20-9-2009 12:07 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2009-12-06 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-12-06 c:\windows\Tasks\User_Feed_Synchronization-{9BEB68C4-3937-4DB3-AD64-838C895C2EEF}.job - c:\windows\system32\msfeedssync.exe [2009-11-17 03:41] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - Sign In IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\MatthijsLap\AppData\Roaming\Mozilla\Firefox\Profiles\20nzqr4m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-06 12:34 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-12-06 12:40 ComboFix-quarantined-files.txt 2009-12-06 11:40 ComboFix2.txt 2009-12-03 18:39 Pre-Run: 35.554.955.264 bytes beschikbaar Post-Run: 35.520.983.040 bytes beschikbaar - - End Of File - - 96A69E308DF8D0F313522C251737FEDD

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Beste Kape, Heel bedankt dat je me helpt! Voordat ik je laatste instructies ga doen zou ik graag nog iets willen meedelen. Nu ik mijn computer opstart blijkt dat het "Gebruikersaccountbeheer", "dep" heet dat in Vista is uitgeschakeld. Heeft Combofix dat gedaan? Klopt dit op dit moment? Verder wil ik graag iets van je horen over de resultaten van Hijacklog en de combofix log en je laatste instructies maken me zeer nieuwsgierig over wat ik nu met mijn laptop ga doen. Heb je al iets kunnen concluderen? Schakelen we iets uit? Groeten Matthijs

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen

Zie hier het resultaat van Combofix. Ik ben heel benieuwd. Ik moet wel zeggen dat mijn pc op het ogenblik weer wat soepeler lijkt. Wellicht door het opschonen van mijn harde schijf en gebruik van Revo (opschoningsprogramma) en CCleaner. Evengoed zou ik graag feedback hebben op mijn log. ComboFix 09-12-02.08 - MatthijsLap 03-12-2009 19:15.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1296 [GMT 1:00] Gestart vanuit: c:\users\MatthijsLap\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1977665044-3540265495-3492627464-1002 c:\$recycle.bin\S-1-5-21-2274873916-3632827223-1006820160-500 D:\resycled . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))) . 2009-12-03 18:32 . 2009-12-03 18:33 -------- d-----w- c:\users\MatthijsLap\AppData\Local\temp 2009-12-03 18:32 . 2009-12-03 18:32 -------- d-----w- c:\users\Matthijs jr\AppData\Local\temp 2009-12-03 18:32 . 2009-12-03 18:32 -------- d-----w- c:\users\Gast\AppData\Local\temp 2009-12-03 18:32 . 2009-12-03 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-02 20:06 . 2009-08-25 00:30 13312 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Mozilla\Firefox\Profiles\20nzqr4m.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll 2009-11-30 10:40 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-11-27 21:33 . 2009-11-27 21:33 -------- d-----w- c:\program files\VS Revo Group 2009-11-26 06:52 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-26 06:50 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-26 06:50 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000e00002h\rundll32.exe 2009-11-23 17:24 . 2009-11-23 17:24 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\4ad000005000003h\cmd.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\1000000900003h\imjppdmg.exe 2009-11-23 17:23 . 2009-11-23 17:23 7680 ----a-w- c:\users\MatthijsLap\AppData\Roaming\Thinstall\Microsoft Office Professional Edition 2003\3000000067500002h\MSACCESS.EXE 2009-11-23 17:20 . 2009-11-23 17:20 -------- d-----w- c:\users\MatthijsLap\AppData\Roaming\Thinstall 2009-11-17 08:34 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2009-11-16 10:50 . 2009-11-16 10:50 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-16 10:31 . 2009-11-16 10:31 -------- d-----w- c:\program files\Lavasoft 2009-11-11 06:42 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 06:41 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-07 09:29 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2009-11-07 09:29 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2009-11-07 09:29 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2009-11-07 09:28 . 2009-11-07 09:28 -------- d-----w- c:\program files\eRightSoft . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-03 12:02 . 2007-03-02 19:36 163840 d-----w- c:\users\MatthijsLap\AppData\Roaming\uTorrent 2009-12-02 13:48 . 2006-11-02 16:11 670256 ----a-w- c:\windows\system32\perfh013.dat 2009-12-02 13:48 . 2006-11-02 16:11 127698 ----a-w- c:\windows\system32\perfc013.dat 2009-11-27 23:12 . 2009-10-25 10:57 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\vlc 2009-11-25 10:55 . 2009-01-11 17:16 -------- d-----w- c:\programdata\Lavasoft 2009-11-22 10:12 . 2007-02-08 00:16 4096 d-----w- c:\program files\Java 2009-11-13 07:32 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail 2009-11-12 20:19 . 2007-04-07 15:21 12288 d-----w- c:\programdata\Microsoft Help 2009-11-06 17:44 . 2007-03-03 00:38 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Apple Computer 2009-11-03 01:44 . 2009-11-03 01:44 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-03 01:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2009-11-03 01:43 . 2009-11-03 01:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-02 19:42 . 2009-10-03 07:27 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-02 14:37 . 2009-11-02 14:37 -------- d-----w- c:\users\Matthijs jr\AppData\Roaming\Malwarebytes 2009-11-02 14:37 . 2007-03-23 16:41 139792 ----a-w- c:\users\Matthijs jr\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-30 12:32 . 2009-10-30 12:30 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-30 12:32 . 2008-08-07 17:39 4096 d-----w- c:\program files\iTunes 2009-10-30 12:30 . 2009-10-30 12:30 -------- d-----w- c:\program files\iPod 2009-10-30 12:30 . 2007-12-13 17:55 -------- d-----w- c:\program files\Common Files\Apple 2009-10-30 12:26 . 2009-10-30 12:25 4096 d-----w- c:\program files\QuickTime 2009-10-30 12:16 . 2009-10-30 12:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-30 10:50 . 2009-10-23 10:10 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\HpUpdate 2009-10-25 17:38 . 2009-03-13 15:24 4096 d-----w- c:\program files\FTDv3.8 2009-10-25 08:57 . 2008-07-15 17:59 8192 d-----w- c:\program files\DivX 2009-10-25 08:56 . 2009-10-25 08:55 4096 d-----w- c:\program files\Common Files\DivX Shared 2009-10-23 10:19 . 2007-03-05 22:35 8192 d-----w- c:\program files\Spybot - Search & Destroy 2009-10-23 10:19 . 2007-03-05 22:35 4096 d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-23 10:10 . 2007-02-07 23:56 4096 d-----w- c:\program files\HP 2009-10-19 13:43 . 2007-03-05 22:24 4096 d-----w- c:\users\MatthijsLap\AppData\Roaming\Skype 2009-10-17 07:26 . 2009-10-17 07:26 942840 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-10-11 03:17 . 2009-09-09 15:29 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08 . 2009-11-02 16:48 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-02 16:48 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-02 16:48 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-01 01:02 . 2009-11-02 16:51 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-02 16:52 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-02 16:51 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-02 16:51 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-02 16:52 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-02 16:51 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-02 16:51 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-02 16:51 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-02 16:51 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-02 16:51 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-02 16:51 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-02 16:52 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01 . 2009-11-02 16:51 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01 . 2009-11-02 16:51 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01 . 2009-11-02 16:51 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01 . 2009-11-02 16:51 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-30 14:02 . 2009-01-23 14:32 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 15:23 . 2009-09-29 19:45 364917 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-09-25 02:10 . 2009-11-02 16:52 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-02 16:52 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-02 16:52 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-02 16:52 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-02 16:52 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-02 16:52 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-02 16:52 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-02 16:52 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-02 16:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-02 16:52 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-02 16:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-02 16:52 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-02 16:52 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-02 16:52 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-02 16:52 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-02 16:52 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-02 16:52 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-02 16:52 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-02 16:52 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-02 16:52 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-02 16:52 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-02 16:52 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-02 16:52 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-02 16:52 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-02 16:52 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-02 16:52 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-02 16:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-09-21 15:27 . 2009-09-29 19:45 479611 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-09-15 14:58 . 2009-09-29 19:45 106867 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll 2009-09-15 14:58 . 2009-09-29 19:45 422261 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2009-09-15 14:57 . 2009-09-29 19:45 184693 ----a-w- c:\programdata\Avira\AntiVir Desktop\FAILSAVE\aecore.dll 2009-09-14 09:29 . 2009-10-16 09:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-16 09:29 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 14:59 . 2009-10-28 06:31 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-09-10 14:58 . 2009-10-28 06:31 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-09-10 12:54 . 2009-01-12 22:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-01-12 22:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 02:01 . 2009-11-02 16:53 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-09-10 02:00 . 2009-11-02 16:53 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-09-10 02:00 . 2009-11-02 16:53 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-05-03 09:06 . 2009-11-07 09:29 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 10:47 . 2009-11-07 09:29 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 12:30 . 2009-11-07 09:29 216064 --sh--r- c:\windows\System32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi7"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(:b2,d1,c0,b8,57,3b,ca,01 R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [30-11-2009 11:40 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26-6-2009 8:44 108289] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [18-12-2006 22:31 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [18-12-2006 22:31 43904] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11-10-2007 19:11 715248] S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [20-9-2009 12:06 17408] S3 Bulk;HDJBulk;c:\windows\System32\drivers\HDJBulk.sys [20-9-2009 12:07 125440] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20-8-2008 17:04 21504] S3 HDJAsioK;HDJAsioK;c:\windows\System32\drivers\HDJAsioK.sys [20-9-2009 12:07 172544] S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\System32\drivers\HDJMidi.sys [20-9-2009 12:07 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2009-12-03 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{9BEB68C4-3937-4DB3-AD64-838C895C2EEF}.job - c:\windows\system32\msfeedssync.exe [2009-11-17 03:41] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - Sign In IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\MatthijsLap\AppData\Roaming\Mozilla\Firefox\Profiles\20nzqr4m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - component: c:\users\MatthijsLap\AppData\Roaming\Mozilla\Firefox\Profiles\20nzqr4m.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - AddRemove-Windows Live Toolbar - c:\program files\Windows Live Toolbar\UnInstall.exe {CE0E8D6F-1F0A-433A-98E1-2096568E968F} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-03 19:33 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-12-03 19:39 ComboFix-quarantined-files.txt 2009-12-03 18:38 Pre-Run: 39.267.430.400 bytes beschikbaar Post-Run: 39.219.576.832 bytes beschikbaar - - End Of File - - E3E14F5AF627677922F94A1EA7D4F993

Vista en bijvoorbeeld Media Player wordt steeds trager

Winterkoning plaatste een topic in Archief Bestrijding malware & virussen

Hoi, Ik heb het volgende probleem. Ik heb vista nu een kleine 3 jaar en ik vind dat hij steeds meer kuren vertoond. Hij blijft af en toe haken. Dan wordt het scherm even zwart en komt gelukkig weer terug. Maar ook Windows Media Player start heel traag op als ik hem opstart vanuit een map met nummers die ik wil afspelen. Als ik een USB stick in mijn laptop stop moet ik ook steeds langer wachten voordat mijn laptop reageert. Mijn vraag is, is Vista inmiddels door het vele downloaden en opslaan en verwijderen van programma's zodanig vervuild dat ik het hele operating systeem moet vernieuwen of zie ik iets over het hoofd wat ik nog kan doen om hem soepeler te laten lopen? Ik gebruik zeer regelmatig CCleaner om hem op te schonen. De vaste schijf is wel redelijk vol (nog 12 gig over van de 106) maar ook als die wat leger is verandert de situatie niet. Ik heb een tijdje geleden mijn intern geheugen uitgebreid van 1 gig naar 2 gig. Dat zorgde er voor dat hij wel iets sneller werd en vooral snel afsluit. Ik sluit een hijjack log bij: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:36, on 23-11-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\wpcumi.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Last.fm\LastFM.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Planner voor Automatische LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11026 bytes

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door Winterkoning

OVER ONS

SITEMAP

Belangrijke informatie