Ga naar inhoud

Eggy

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    458

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Eggy

  1. Eggy
    Geen erg voor het wachten alhoewel ik mij ongerust begon te maken. Tijdens het wachten heb ik nog wat opgezocht en zelf uitgeprobeerd. Ik vond weinig bruikbare informatie over een 'Java Script virus' zoals AVIRA zei. Ook AVIRA kon hierover niets vertellen. Ik heb dan A-squared Free gedownload en laten runnen. Die haalde mij nog een trojan eruit die MBAM niet vond in volle scan. Toen ik de dag erna opstartte bleek mijn probleem opgelost en waren de bewuste sites terug bereikbaar. Ik weet niet of het te maken had met A-SQUARED Free. Maar goed, voor alle zekerheid heb ik uitgevoerd wat je opdroeg en hier is het logje van Combofix: ComboFix 09-07-29.04 - Gebruiker 31/07/2009 15:57.3.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.3071.1974 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} FILE :: "c:\windows\system32\1CEC64F61C.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\1CEC64F61C.sys . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))) . 2009-07-29 10:24 . 2009-07-29 10:24 -------- d-----w- C:\E.M. DVD Copy 2009-07-25 21:08 . 2009-07-25 21:08 -------- d-----w- c:\program files\Java 2009-07-23 17:35 . 2009-07-22 18:25 855040 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe 2009-07-23 17:35 . 2009-07-23 17:37 -------- d-----w- c:\program files\MyDefrag v4.1 2009-07-23 15:20 . 2009-07-23 15:20 -------- d-----w- c:\users\Gebruiker\AppData\Local\WMTools Downloaded Files 2009-07-23 13:55 . 2009-07-23 13:55 -------- d-----w- c:\program files\DVDFab 6 2009-07-22 14:24 . 2009-07-23 14:03 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\DVDFab 2009-07-20 11:11 . 2006-08-01 09:31 3600384 ----a-w- c:\windows\ffmpeg.exe 2009-07-20 11:11 . 2009-07-20 11:11 -------- d-----w- c:\windows\system32\HWC HD 2009-07-20 11:11 . 2009-07-20 11:11 -------- d-----w- c:\program files\Hercules 2009-07-20 11:11 . 2008-02-27 13:27 98432 ----a-w- c:\windows\system32\drivers\camfilt2.sys 2009-07-20 11:11 . 2007-09-10 06:50 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS 2009-07-20 11:10 . 2009-07-20 11:10 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield 2009-07-19 12:51 . 2009-07-19 12:51 -------- d-----w- c:\users\Gebruiker\AppData\Local\Iteral_Group_Ltd 2009-07-19 12:50 . 2009-07-19 12:50 -------- d-----w- c:\program files\Iteral 2009-07-19 12:50 . 2009-07-19 12:50 444416 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe 2009-07-19 12:50 . 2009-07-19 12:50 29184 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe 2009-07-19 12:03 . 2009-07-31 13:52 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Skype 2009-07-19 12:02 . 2009-07-19 12:02 -------- d-----r- c:\program files\Skype 2009-07-19 12:02 . 2009-07-19 12:02 -------- d-----w- c:\program files\Common Files\Skype 2009-07-16 18:00 . 2009-07-16 18:00 -------- d-----w- c:\programdata\GoldWave 2009-07-16 18:00 . 2008-09-24 19:33 484352 ----a-w- c:\programdata\GoldWave\lame_enc.dll 2009-07-16 09:03 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 09:03 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll 2009-07-16 09:03 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 09:03 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 09:03 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-07-16 09:03 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 14:00 . 2008-06-19 20:36 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\skypePM 2009-07-31 13:57 . 2006-11-02 16:18 692336 ----a-w- c:\windows\system32\perfh013.dat 2009-07-31 13:57 . 2006-11-02 16:18 123636 ----a-w- c:\windows\system32\perfc013.dat 2009-07-31 13:50 . 2008-02-23 23:17 348371 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-07-31 13:48 . 2009-07-31 13:49 79872 ----a-w- c:\windows\Internet Logs\xDBF20B.tmp 2009-07-31 10:12 . 2009-03-04 14:43 -------- d-----w- c:\programdata\Google Updater 2009-07-31 09:20 . 2008-07-29 19:27 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\uTorrent 2009-07-30 17:05 . 2008-02-23 19:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso 2009-07-29 12:08 . 2008-02-23 23:51 7308 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-28 08:32 . 2008-02-27 08:35 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Corel 2009-07-25 21:08 . 2008-12-08 18:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-25 19:24 . 2009-01-04 13:41 -------- d-----w- c:\program files\a-squared Free 2009-07-23 17:26 . 2008-05-12 13:55 -------- d-----w- c:\program files\Common Files\Solveig Multimedia 2009-07-20 21:15 . 2008-07-25 19:14 -------- d-----w- c:\program files\DivX 2009-07-20 21:15 . 2009-03-22 11:07 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-20 11:10 . 2008-02-23 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-19 13:30 . 2008-02-23 17:35 117672 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-19 12:12 . 2008-02-23 22:41 -------- d-----w- c:\program files\Google 2009-07-19 12:02 . 2008-06-19 20:33 -------- d-----w- c:\programdata\Skype 2009-07-18 12:16 . 2009-07-29 12:05 828928 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 12:10 . 2009-07-29 12:05 56320 ----a-w- c:\windows\system32\iesetup.dll 2009-07-18 12:10 . 2009-07-29 12:05 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 12:07 . 2009-07-29 12:05 72704 ----a-w- c:\windows\system32\admparse.dll 2009-07-18 10:00 . 2009-07-29 12:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-18 08:34 . 2009-07-29 12:05 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-07-16 18:10 . 2008-05-08 14:22 -------- d-----w- c:\program files\MobiMB Mobile Media Browser 2009-07-16 18:10 . 2008-04-03 20:52 -------- d-----w- c:\program files\Common Files\LogoManager 2009-07-16 09:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-14 07:42 . 2009-03-27 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-14 07:41 . 2009-04-07 09:00 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-13 13:49 . 2009-06-06 08:32 5187029 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-07-13 11:36 . 2009-03-27 12:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-03-27 12:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-08 14:05 . 2008-02-23 23:34 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\LimeWire 2009-06-29 17:29 . 2009-06-29 17:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss 2009-06-21 09:04 . 2008-02-27 08:55 -------- d-----w- c:\program files\GoldWave 2009-06-21 08:10 . 2009-06-21 08:09 -------- d-----w- c:\program files\AutoGK 2009-06-21 08:10 . 2008-02-26 22:19 -------- d-----w- c:\program files\AviSynth 2.5 2009-06-11 08:14 . 2008-02-23 19:17 -------- d-----w- c:\programdata\Microsoft Help 2009-06-06 10:35 . 2008-02-23 17:34 1356 ----a-w- c:\users\Gebruiker\AppData\Local\d3d9caps.dat 2009-06-02 16:56 . 2008-03-02 15:41 -------- d-----w- c:\program files\QuickTime 2009-03-09 20:44 . 2009-03-09 20:44 23 --sha-w- c:\windows\System32\edacded0_x.dat 2007-10-15 17:03 . 2007-10-15 16:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-23 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 148888] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=c:\windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background "ehTray.exe"=c:\windows\ehome\ehTray.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RtHDVCpl"=RtHDVCpl.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= Disabled:UDP:c:\program files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= Disabled:TCP:c:\program files\iTunes\iTunes.exe:iTunes "{5DF98DDF-8534-4EC3-AF3C-80EC9E60F4D0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{78E83DED-422F-4E08-B790-C8F0D00457A7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{463FB122-C45A-4086-81D2-AA69F14C414A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{B586AA2E-3142-4244-88AC-7879E81FE759}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{C73A67D1-9453-4C09-8BB0-38756936F95D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9426E6B5-E015-4D53-BB86-C1CDB1EAF96C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/03/2009 13:28 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2009 9:41 211216] R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [20/07/2009 13:11 98432] R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [27/03/2009 14:10 19096] R3 PAC7302;Hercules Classic Link;c:\windows\System32\drivers\PAC7302.SYS [20/07/2009 13:11 457984] S2 gupdate1c99cd7b67a0b27;Google Updateservice (gupdate1c99cd7b67a0b27);c:\program files\Google\Update\GoogleUpdate.exe [4/03/2009 16:44 133104] S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [20/10/2007 12:06 40848] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [20/10/2007 12:06 38288] S4 BluetoothAssistant;Bluetooth Assistant;c:\windows\System32\BtAssSvc.exe [12/11/2008 16:14 417839] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [20/10/2007 12:06 47496] S4 ioatdma;Intel® QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [20/10/2007 12:06 36744] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [20/10/2007 12:07 75672] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [20/10/2007 12:07 110128] S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [20/10/2007 12:07 68912] S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [20/10/2007 12:07 76208] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sys [20/10/2007 12:07 207152] S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [20/10/2007 12:07 210736] S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [20/10/2007 12:07 16896] S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [20/10/2007 12:07 52224] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map 2009-07-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 09:50] 2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 14:44] 2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 14:44] 2009-07-31 c:\windows\Tasks\Malwarebytes' Scheduled Update for Gebruiker.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-27 11:36] 2009-07-31 c:\windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Sign In IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: serials.ws\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-31 16:00 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="25CD3 \ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-07-31 16:02 ComboFix-quarantined-files.txt 2009-07-31 14:02 Pre-Run: 214.018.428.928 bytes beschikbaar Post-Run: 213.978.902.528 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8,82 241 --- E O F --- 2009-07-31 07:29
  2. Eggy
    Om te voorkomen dat de update steeds wordt aangeboden ga je naar configuratiescherm->updates. Je ziet dan dat IE8 wordt aangeboden. Je vinkt het vakje ervoor uit. Je klikt dan rechts op IE8 en kiest voor de opties verbergen. Nu is IE8 een verborgen update en zal niet meer worden aangeboden tot je er zelf anders over beslist. Werd IE8 toch al geïnstalleerd dan kan je deze verwijderen door: ->configuratiescherm->updates->geïnstalleerde updates Hier vind je een lijst van alle geïnstalleerde updates waaronder ook IE8 (meestal onderaan) Om te verwijderen klik je rechts op IE8 en kies voor verwijderen. Windows Vista zal nu IE8 verwijderen en teruggaan naar IE7. Je moet hiervoor dus geen herstelpunt aanspreken.
  3. Eggy
    Google eens: 'DVD to AVI'. Dan krijg je een hoop programma's aangeboden die dit doen. AutoGK is een gratis versie en helemaal niet slecht: AutoGK Homepage - THE tool for XviD / DivX conversion DVDFab met de optie 'to mobile' is volgens mij de beste maar ook de duurste (+-200€)
  4. Eggy
    Omdat mijn modem van Telenet toch bij de stroomverdeelkast stond heb ik afgetakt van de kring van mijn bureel boven. Eigenlijk is dit niet nodig maar ik wilde zeker spelen. Wat de verdeelblok betreft kan ik alleen maar zeggen dat ik er wel gebruik van moet maken omdat ik in mijn bureel maar één stopkontakt heb. Ik ondervind er geen nadeel van want ik haal 8 tot 9 Mbps.
  5. Eggy
    POWERLINE Internet uit de contactdoos. Je koopt een set (bv PHILIPS 14 Mbps voor zo'n 90 €). Eén stroom-netwerkadapter sluit je aan de modem van telenet en één stroom-netwerkadapter boven in de kamer waar de PC staat. De internetverbinding vindt plaats via het stroomnet. Werkt zeer goed bij mij! Je kan ze kopen bij Telenet voor wat mindere prijs maar die zijn naar verluid niet erg betrouwbaar. (Van horen zeggen)
  6. Eggy
    Gezien het niet mijn eerste virus-infectie is (raar maar waar) denk ik de routine al zo'n beetje te kennen.:s Ik heb combofix gedownload en geïnstallered en laten draaien. Hier het logje van combofix: ComboFix 09-07-24.01 - Gebruiker 25/07/2009 12:50.2.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.3071.1946 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))) . 2009-07-23 17:35 . 2009-07-22 18:25 855040 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe 2009-07-23 17:35 . 2009-07-23 17:37 -------- d-----w- c:\program files\MyDefrag v4.1 2009-07-23 15:20 . 2009-07-23 15:20 -------- d-----w- c:\users\Gebruiker\AppData\Local\WMTools Downloaded Files 2009-07-23 13:55 . 2009-07-23 13:55 -------- d-----w- c:\program files\DVDFab 6 2009-07-22 14:24 . 2009-07-23 14:03 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\DVDFab 2009-07-20 11:11 . 2006-08-01 09:31 3600384 ----a-w- c:\windows\ffmpeg.exe 2009-07-20 11:11 . 2009-07-20 11:11 -------- d-----w- c:\windows\system32\HWC HD 2009-07-20 11:11 . 2009-07-20 11:11 -------- d-----w- c:\program files\Hercules 2009-07-20 11:11 . 2008-02-27 13:27 98432 ----a-w- c:\windows\system32\drivers\camfilt2.sys 2009-07-20 11:11 . 2007-09-10 06:50 457984 ----a-w- c:\windows\system32\drivers\PAC7302.SYS 2009-07-20 11:10 . 2009-07-20 11:10 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\InstallShield 2009-07-19 12:51 . 2009-07-19 12:51 -------- d-----w- c:\users\Gebruiker\AppData\Local\Iteral_Group_Ltd 2009-07-19 12:50 . 2009-07-19 12:50 -------- d-----w- c:\program files\Iteral 2009-07-19 12:50 . 2009-07-19 12:50 444416 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe 2009-07-19 12:50 . 2009-07-19 12:50 29184 ----a-w- c:\programdata\Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe 2009-07-19 12:03 . 2009-07-25 10:44 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Skype 2009-07-19 12:02 . 2009-07-19 12:02 -------- d-----r- c:\program files\Skype 2009-07-19 12:02 . 2009-07-19 12:02 -------- d-----w- c:\program files\Common Files\Skype 2009-07-16 18:00 . 2009-07-16 18:00 -------- d-----w- c:\programdata\GoldWave 2009-07-16 18:00 . 2008-09-24 19:33 484352 ----a-w- c:\programdata\GoldWave\lame_enc.dll 2009-07-16 09:03 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 09:03 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll 2009-07-16 09:03 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 09:03 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 09:03 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-07-16 09:03 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-30 20:43 . 2009-07-25 10:55 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2009-06-29 17:29 . 2009-06-29 17:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-25 10:54 . 2008-07-29 19:27 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\uTorrent 2009-07-25 06:08 . 2008-06-19 20:36 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\skypePM 2009-07-24 18:26 . 2008-02-23 23:17 348371 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-07-24 17:26 . 2009-07-24 17:27 27648 ----a-w- c:\windows\Internet Logs\xDBCB3A.tmp 2009-07-24 16:18 . 2009-03-04 14:43 -------- d-----w- c:\programdata\Google Updater 2009-07-24 15:48 . 2009-07-24 15:49 42496 ----a-w- c:\windows\Internet Logs\xDBCF9D.tmp 2009-07-23 19:04 . 2008-02-23 23:51 7308 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-23 17:26 . 2008-05-12 13:55 -------- d-----w- c:\program files\Common Files\Solveig Multimedia 2009-07-23 13:52 . 2008-02-23 19:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso 2009-07-20 21:15 . 2008-07-25 19:14 -------- d-----w- c:\program files\DivX 2009-07-20 21:15 . 2009-03-22 11:07 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-20 11:38 . 2008-02-27 08:35 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Corel 2009-07-20 11:38 . 2008-02-23 23:51 168 --sh--r- c:\windows\system32\1CEC64F61C.sys 2009-07-20 11:10 . 2008-02-23 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-19 13:30 . 2008-02-23 17:35 117672 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-19 12:12 . 2008-02-23 22:41 -------- d-----w- c:\program files\Google 2009-07-19 12:02 . 2008-06-19 20:33 -------- d-----w- c:\programdata\Skype 2009-07-18 11:44 . 2009-01-04 13:41 -------- d-----w- c:\program files\a-squared Free 2009-07-16 18:10 . 2008-05-08 14:22 -------- d-----w- c:\program files\MobiMB Mobile Media Browser 2009-07-16 18:10 . 2008-04-03 20:52 -------- d-----w- c:\program files\Common Files\LogoManager 2009-07-16 09:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-14 07:42 . 2009-03-27 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-14 07:41 . 2009-04-07 09:00 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-13 13:49 . 2009-06-06 08:32 5187029 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-07-13 11:36 . 2009-03-27 12:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-03-27 12:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-11 09:10 . 2006-11-02 16:18 692336 ----a-w- c:\windows\system32\perfh013.dat 2009-07-11 09:10 . 2006-11-02 16:18 123636 ----a-w- c:\windows\system32\perfc013.dat 2009-07-08 14:05 . 2008-02-23 23:34 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\LimeWire 2009-06-21 09:04 . 2008-02-27 08:55 -------- d-----w- c:\program files\GoldWave 2009-06-21 08:10 . 2009-06-21 08:09 -------- d-----w- c:\program files\AutoGK 2009-06-21 08:10 . 2008-02-26 22:19 -------- d-----w- c:\program files\AviSynth 2.5 2009-06-11 08:14 . 2008-02-23 19:17 -------- d-----w- c:\programdata\Microsoft Help 2009-06-07 11:59 . 2008-02-23 17:34 -------- d-----w- c:\program files\Java 2009-06-06 10:35 . 2008-02-23 17:34 1356 ----a-w- c:\users\Gebruiker\AppData\Local\d3d9caps.dat 2009-06-02 16:56 . 2008-03-02 15:41 -------- d-----w- c:\program files\QuickTime 2009-05-29 07:57 . 2008-07-09 13:09 -------- d-----w- c:\program files\Ashampoo 2009-05-29 07:55 . 2008-02-23 23:42 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Ashampoo 2009-05-21 09:33 . 2008-12-08 18:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 12:52 . 2009-06-14 07:43 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-04-30 12:44 . 2009-06-14 07:43 1244672 ----a-w- c:\windows\system32\mcmde.dll 2009-04-30 12:42 . 2009-06-14 07:43 428032 ----a-w- c:\windows\system32\EncDec.dll 2009-04-27 09:01 . 2009-03-25 11:28 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-27 09:01 . 2009-03-25 11:28 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-03-09 20:44 . 2009-03-09 20:44 23 --sha-w- c:\windows\System32\edacded0_x.dat 2007-10-15 17:03 . 2007-10-15 16:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-23 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=c:\windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background "ehTray.exe"=c:\windows\ehome\ehTray.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RtHDVCpl"=RtHDVCpl.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= Disabled:UDP:c:\program files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= Disabled:TCP:c:\program files\iTunes\iTunes.exe:iTunes "{5DF98DDF-8534-4EC3-AF3C-80EC9E60F4D0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{78E83DED-422F-4E08-B790-C8F0D00457A7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{463FB122-C45A-4086-81D2-AA69F14C414A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{B586AA2E-3142-4244-88AC-7879E81FE759}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{C73A67D1-9453-4C09-8BB0-38756936F95D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9426E6B5-E015-4D53-BB86-C1CDB1EAF96C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/03/2009 13:28 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2009 9:41 211216] R3 camfilt2;camfilt2;c:\windows\System32\drivers\camfilt2.sys [20/07/2009 13:11 98432] R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [27/03/2009 14:10 19096] R3 PAC7302;Hercules Classic Link;c:\windows\System32\drivers\PAC7302.SYS [20/07/2009 13:11 457984] S2 gupdate1c99cd7b67a0b27;Google Updateservice (gupdate1c99cd7b67a0b27);c:\program files\Google\Update\GoogleUpdate.exe [4/03/2009 16:44 133104] S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [20/10/2007 12:06 40848] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [20/10/2007 12:06 38288] S4 BluetoothAssistant;Bluetooth Assistant;c:\windows\System32\BtAssSvc.exe [12/11/2008 16:14 417839] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [20/10/2007 12:06 47496] S4 ioatdma;Intel® QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [20/10/2007 12:06 36744] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [20/10/2007 12:07 75672] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [20/10/2007 12:07 110128] S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [20/10/2007 12:07 68912] S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [20/10/2007 12:07 76208] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sys [20/10/2007 12:07 207152] S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [20/10/2007 12:07 210736] S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [20/10/2007 12:07 16896] S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [20/10/2007 12:07 52224] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map 2009-07-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 09:50] 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 14:44] 2009-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 14:44] 2009-07-25 c:\windows\Tasks\Malwarebytes' Scheduled Update for Gebruiker.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-27 11:36] 2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Sign In IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: serials.ws\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-25 12:55 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="25CD3CB" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(4148) c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\deskscape.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll c:\progra~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll . Voltooingstijd: 2009-07-25 12:57 ComboFix-quarantined-files.txt 2009-07-25 10:57 Pre-Run: 218.189.176.832 bytes beschikbaar Post-Run: 218.150.760.448 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6,82 248 --- E O F --- 2009-07-24 07:46 Zo, dat was dus dat. Ik neem aan dat Kape hier naar zal kijken. Voor mij is het chinees.
  7. Eggy
    Bij het openen van een groot aantal websites blokkeert de pagina en slaat AVIRA aan. AVIRA geeft dan hetvolgende aan: (zie bijlage hieronder. Is niet duidelijk maar geeft aan JS/Agent.zac is Java script virus) Ik krijg het niet weg met optie delete. MBAM geeft aan dat alles clean is. Hier mijn HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:04, on 25/07/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c99cd7b67a0b27) (gupdate1c99cd7b67a0b27) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7272 bytes Graag een handje hulp.
  8. Eggy

    winrar

    Eggy reageerde op vosedw's topic in Archief Andere software

    Hier is een link naar een handleiding van winrar. http://moderators.seniorennet.be/Handleiding/WinRar.pdf
  9. Eggy
    Irfanview opent raw bestanden en kan deze converteren naar de gebruikelijke bestanden zoals JPEG enz... en het is freeware. Voor Canon en Sigma bestanden is een plugin nodig. IrfanView - Official Homepage - one of the most popular viewers worldwide
  10. Eggy
    Werk je met Vista? Dan heeft Vista een ingebouwd knipprogramma. Ga naar start -> vul in zoekopdracht knipprogramma en duw enter Nu verschijnt een klein venstertje waarbij je de vorm van het screenshot kan bepalen. (Rechthoekig, ovaal, vrije hand enz...) En het is in het Nederlands. Proberen maar (als je Vista hebt!)
  11. Eggy
    Tja, normaal mag op dit forum niet gereageerd worden bij illegale software dus zou ik overwegen om legaal te gaan. Dit terzijde, het installeren van WMP 11 zou geen probleem moeten zijn.
  12. Eggy
    Welke versie van WMP heb je? Normaal zit de rip-functie al in WMP. Ik weet dat in de versie 11 van WMP al zeker een rip-functie is en dit standaard. Misschien gewoon WMP 11 downloaden en installeren?
  13. Eggy
    Sorry voor de overlast maar het oplossen gebeurde pas na de derde poging. Ondertussen was ik alweer wat koud geworden en had dan al maar een draadje geopend. Ik sluit dit af. Toch bedankt.
  14. Eggy
    Omdat MBAM blokkeerde bij de bewuste file moest ik taakbeheer inschakelen. AVIRA gaf mij dadelijk een melding (zie screen hierboven). Nu koos ik voor de optie 'delete'. MBAM ging hierop verder met de scan en gaf geen detectie op als resultaat. Ik liet MBAM nog eens draaien met telkens een negatief resultaat en nu zonder onderbreking of 'freeze'. Volgens mij is het probleem opgelost. Nu ja, als Kape dan toch even HJT nakijkt en mij verder wil adviseren.
  15. Eggy
    Ik heb mij weer eens een beestje binnengehaald wat ik zelfs niet met MBAM wegkrijg. MBAM blokkeert wanneer hij deze file scant. AVIRA geeft dit aan: zie afbeelding onderaan mijn bericht Hier mijn HJT logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:06:47, on 18/07/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c99cd7b67a0b27) (gupdate1c99cd7b67a0b27) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 6929 bytes
  16. Eggy
    Tja, wat moet ik hierop zeggen? I'm faster than the lightning....... Doei
  17. Eggy
    Voer dit uit: uitvoeren-> services.msc ->dubbelklik op automatische updates en klik op stoppen. uitvoeren-> %windir%\SoftwareDistribution\Download. Selecteer alles en verwijder het. Ga naar Windows Update en kies voor aangepast en schakel de bewuste update uit (deze update niet meer weergeven-dus rechtsklikken en aanduiden) Nu terug naar uitvoeren->services.msc ->dubbelklik op automatische updates en klik op starten. Nu zou die update moeten wegblijven.
  18. Eggy
    Press START -> en tijp sidebar in zoekopdracht starten en duw enter. Sidebar zou nu tevoorschijn moeten komen.
  19. Eggy
    Als je het magazine E-CLICKX van deze maand koopt krijg je er een DVD bij waarop software staat waaronder Auslogics BoostSpeed v3.7 en deze is inderdaad vrij te installeren. Maar zoals Yannick al zei is het beter om het simpel te houden en CCleaner te gebruiken
  20. Eggy

    Mov

    Eggy reageerde opeen topic in Archief Multimedia

    *.mov zijn Apple Quicktime bestanden. Om deze op een DVD te branden in DVD formaat heb je Download ConvertXtoDVD nodig. Het programma is wel niet gratis maar je kan een proefversie downloaden. (Die brandt dan wel met watermerk in de proefversie!) Anderzijds kan je ook http://www.dvdflick.net/ gebruiken voor hetzelfde resultaat. DVDFlick is ook nog gratis.
  21. Eggy
    Oké, bij deze uitgevoerd. Nogmaals bedankt.
  22. Eggy
    Kape, Ik vind geen van beide bestanden in de aangegeven locatie. MBAM geeft mij nu een clean logje. Blijkbaar is nu alles weer normaal geworden. Bedankt voor de hulp. Ik neem aan dat ik nu eerst alle oude herstelpunten moet verwijderen?
  23. Eggy
    Blijkbaar een flinke rootkit infectie. Hier log van Combofix: ComboFix 09-06-29.07 - Gebruiker 30/06/2009 22:31.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.3071.2411 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60} * Nieuw herstelpunt werd aangemaakt . ADS - Windows: deleted 48 bytes in 1 streams. (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Gebruiker\AppData\Roaming\inst.exe c:\windows\system32\drivers\hjgruielgakadg.sys c:\windows\system32\hjgruieyvxidya.dat c:\windows\system32\hjgruimowjiwlr.dll c:\windows\system32\hjgruioleqyneg.dat c:\windows\system32\hjgruiqsvljbjc.dll D:\resycled . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruixrdhnhot (((((((((((((((((((( Bestanden Gemaakt van 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))) . 2009-06-30 20:42 . 2009-06-30 20:42 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2009-06-29 17:29 . 2009-06-29 17:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss 2009-06-29 17:27 . 2009-06-29 17:27 -------- d-----w- c:\program files\ImTOO 2009-06-23 18:38 . 2009-06-23 18:38 -------- d-----w- c:\program files\vLite 2009-06-21 08:09 . 2009-06-21 08:09 -------- d-----w- c:\program files\Gabest 2009-06-21 08:09 . 2009-06-21 08:10 -------- d-----w- c:\program files\AutoGK 2009-06-19 14:26 . 2009-06-19 14:59 -------- d-----w- c:\users\Gebruiker\AppData\Local\MediaMonkey 2009-06-14 07:43 . 2009-04-30 12:42 428032 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 07:43 . 2009-04-30 12:52 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-14 07:43 . 2009-04-30 12:44 1244672 ----a-w- c:\windows\system32\mcmde.dll 2009-06-07 12:16 . 2009-06-07 12:16 -------- d-----w- C:\JaVaRa . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-30 20:31 . 2008-02-23 23:17 348371 ---ha-w- c:\windows\system32\drivers\vsconfig.xml 2009-06-30 20:29 . 2009-06-30 20:30 26624 ----a-w- c:\windows\Internet Logs\xDB9E51.tmp 2009-06-30 10:15 . 2009-06-30 10:17 27136 ----a-w- c:\windows\Internet Logs\xDBFB10.tmp 2009-06-30 09:29 . 2009-01-04 13:41 -------- d-----w- c:\program files\a-squared Free 2009-06-30 08:55 . 2009-06-30 08:56 40448 ----a-w- c:\windows\Internet Logs\xDBF2C6.tmp 2009-06-30 07:59 . 2008-07-29 19:27 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\uTorrent 2009-06-30 06:15 . 2009-03-04 14:43 -------- d-----w- c:\programdata\Google Updater 2009-06-29 18:33 . 2009-06-30 06:12 53760 ----a-w- c:\windows\Internet Logs\xDBC1C8.tmp 2009-06-29 18:21 . 2008-02-27 08:35 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Corel 2009-06-29 18:21 . 2008-02-23 23:51 7308 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-29 18:21 . 2008-02-23 23:51 168 --sh--r- c:\windows\system32\1CEC64F61C.sys 2009-06-29 08:53 . 2009-06-29 08:55 77312 ----a-w- c:\windows\Internet Logs\xDBE021.tmp 2009-06-28 20:13 . 2008-02-23 19:46 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso 2009-06-26 10:55 . 2009-06-26 10:56 81408 ----a-w- c:\windows\Internet Logs\xDBEDF6.tmp 2009-06-24 15:19 . 2008-02-23 23:34 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\LimeWire 2009-06-23 18:56 . 2009-06-24 08:47 24576 ----a-w- c:\windows\Internet Logs\xDBF4D9.tmp 2009-06-23 15:21 . 2009-06-23 17:47 43008 ----a-w- c:\windows\Internet Logs\xDBFEE7.tmp 2009-06-23 12:31 . 2009-06-23 12:33 44544 ----a-w- c:\windows\Internet Logs\xDBC531.tmp 2009-06-23 07:24 . 2009-06-23 07:26 45056 ----a-w- c:\windows\Internet Logs\xDBBCA9.tmp 2009-06-22 09:42 . 2009-06-22 10:27 27136 ----a-w- c:\windows\Internet Logs\xDBF517.tmp 2009-06-21 11:07 . 2009-06-22 08:22 120832 ----a-w- c:\windows\Internet Logs\xDBB328.tmp 2009-06-21 09:04 . 2008-02-27 08:55 -------- d-----w- c:\program files\GoldWave 2009-06-21 08:10 . 2008-02-26 22:19 -------- d-----w- c:\program files\AviSynth 2.5 2009-06-20 08:23 . 2006-11-02 16:18 692336 ----a-w- c:\windows\system32\perfh013.dat 2009-06-20 08:23 . 2006-11-02 16:18 123636 ----a-w- c:\windows\system32\perfc013.dat 2009-06-18 08:34 . 2009-03-27 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-18 08:33 . 2009-04-07 09:00 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-17 09:27 . 2009-03-27 12:10 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2009-03-27 12:10 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-11 08:14 . 2008-02-23 19:17 -------- d-----w- c:\programdata\Microsoft Help 2009-06-07 11:59 . 2008-02-23 17:34 -------- d-----w- c:\program files\Java 2009-06-06 10:35 . 2008-02-23 17:34 1356 ----a-w- c:\users\Gebruiker\AppData\Local\d3d9caps.dat 2009-06-06 08:32 . 2009-06-06 08:32 2592076 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-06-02 16:56 . 2008-03-02 15:41 -------- d-----w- c:\program files\QuickTime 2009-06-01 14:47 . 2008-02-23 17:35 117672 ----a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT 2009-05-29 07:57 . 2008-07-09 13:09 -------- d-----w- c:\program files\Ashampoo 2009-05-29 07:55 . 2008-02-23 23:42 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Ashampoo 2009-05-21 13:29 . 2008-02-23 22:41 -------- d-----w- c:\program files\Google 2009-05-21 13:26 . 2009-05-21 13:23 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-05-21 13:24 . 2009-05-21 13:24 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AVS4YOU 2009-05-21 13:24 . 2009-05-21 13:24 -------- d-----w- c:\programdata\AVS4YOU 2009-05-21 09:33 . 2008-12-08 18:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-13 08:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-12 08:43 . 2008-02-23 17:35 -------- d-----w- c:\programdata\NVIDIA 2009-05-02 11:51 . 2008-07-25 19:16 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\DivX 2009-05-02 07:58 . 2008-05-12 13:55 -------- d-----w- c:\program files\Common Files\Solveig Multimedia 2009-05-02 07:58 . 2009-05-02 07:58 -------- d-----w- c:\program files\Solveig Multimedia 2009-04-27 09:01 . 2009-03-25 11:28 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-04-27 09:01 . 2009-03-25 11:28 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-04-24 16:14 . 2009-06-11 06:50 56320 ----a-w- c:\windows\system32\iesetup.dll 2009-04-24 16:14 . 2009-06-11 06:50 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 16:11 . 2009-06-11 06:50 72704 ----a-w- c:\windows\system32\admparse.dll 2009-04-24 16:01 . 2009-06-11 06:50 828928 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 13:53 . 2009-06-11 06:50 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-24 12:25 . 2009-06-11 06:50 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-04-23 13:01 . 2009-06-11 06:50 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:56 . 2009-06-11 06:50 696832 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 11:55 . 2009-06-11 06:50 2030080 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 13:35 . 2009-04-17 13:35 2738464 ----a-w- c:\users\Gebruiker\AppData\Roaming\AidMaker\AIDMAKERSILENTBUNDLESETUP.EXE 2009-04-10 17:11 . 2009-02-11 18:50 20458 ----a-w- c:\windows\hpoins01.dat 2009-04-07 14:54 . 2008-03-15 22:58 65536 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} XXX 2008-03-15 22:58 10134 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\XXX 2009-03-09 20:44 . 2009-03-09 20:44 23 --sha-w- c:\windows\System32\edacded0_x.dat 2007-10-15 17:03 . 2007-10-15 16:14 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-23 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk] backup=c:\windows\pss\Google Updater.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background "ehTray.exe"=c:\windows\ehome\ehTray.exe "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "RtHDVCpl"=RtHDVCpl.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-363026792-639437035-2443024750-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{276179C0-DDCD-49D5-830B-6CD3B84CD149}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{82219EF2-7E08-4ECD-8578-1A4D17FEA113}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A7DACFBE-9D40-4EE1-A434-0EEAD601A6F9}"= Disabled:UDP:c:\program files\iTunes\iTunes.exe:iTunes "{7080BBD6-C279-4C10-904B-D8495802B216}"= Disabled:TCP:c:\program files\iTunes\iTunes.exe:iTunes "{5DF98DDF-8534-4EC3-AF3C-80EC9E60F4D0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{78E83DED-422F-4E08-B790-C8F0D00457A7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{463FB122-C45A-4086-81D2-AA69F14C414A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{B586AA2E-3142-4244-88AC-7879E81FE759}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{C73A67D1-9453-4C09-8BB0-38756936F95D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{9426E6B5-E015-4D53-BB86-C1CDB1EAF96C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) "DoNotAllowExceptions"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/03/2009 13:28 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/06/2009 10:33 195856] R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [27/03/2009 14:10 19096] S2 gupdate1c99cd7b67a0b27;Google Updateservice (gupdate1c99cd7b67a0b27);c:\program files\Google\Update\GoogleUpdate.exe [4/03/2009 16:44 133104] S3 IAMT03;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMT03.sys [20/10/2007 12:06 40848] S3 IAMTV;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTV.sys [20/10/2007 12:06 38288] S4 BluetoothAssistant;Bluetooth Assistant;c:\windows\System32\BtAssSvc.exe [12/11/2008 16:14 417839] S4 IAMTXP;Stuurprogramma voor Intel® Active Management Technology - KCS;c:\windows\System32\drivers\IAMTXP.sys [20/10/2007 12:06 47496] S4 ioatdma;Intel® QuickData Technology Device;c:\windows\System32\drivers\ioatdma.sys [20/10/2007 12:06 36744] S4 iSSetup;Intel® PRO/1000 iSCSI Setup Driver;c:\windows\System32\drivers\iSSetup.sys [20/10/2007 12:07 75672] S4 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\System32\drivers\SI3112r.sys [20/10/2007 12:07 110128] S4 SI3114;SiI-3114 SATALink Controller;c:\windows\System32\drivers\SI3114.sys [20/10/2007 12:07 68912] S4 SI3124;SiI-3124 SATALink Controller;c:\windows\System32\drivers\SI3124.sys [20/10/2007 12:07 76208] S4 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\System32\drivers\Si3124r5.sys [20/10/2007 12:07 207152] S4 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [20/10/2007 12:07 210736] S4 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [20/10/2007 12:07 16896] S4 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [20/10/2007 12:07 52224] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map 2009-06-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-23 09:50] 2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-04 14:44] 2009-06-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Gebruiker.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-03-27 09:27] 2009-06-30 c:\windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - Sign In IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: serials.ws\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-06-30 22:42 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] XXX @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{2c86afb0-ad6d-47cc-acc5-6bf396e157f1}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0c001617 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:06001422 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{bfd7df0e-d2f8-4f37-839b-05e37aaa3626}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:0e001617 "Dhcpv6State"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}] @DACL=(02 0000) "Dhcpv6Iaid"=dword:07001422 "Dhcpv6State"=dword:00000000 . Voltooingstijd: 2009-06-30 22:43 ComboFix-quarantined-files.txt 2009-06-30 20:43 Pre-Run: 219.177.865.216 bytes beschikbaar Post-Run: 219.127.009.280 bytes beschikbaar 266 --- E O F --- 2009-06-30 07:02
  24. Eggy
    Nope, ZoneAlarm is mijn firewall! Avira mijn anti-virus.
  25. Eggy
    Tijdens het surfen gaf MBAM aan dat 'het een kwaadaardig proces detecteerde dat probeerde op te starten. Het opstarten werd verhinderd.' Ik kreeg de optie 'negeren' of 'quarantaine'. Wanneer ik kies voor quarantaine geeft MBAM aan dat dit mislukte. Ik liet MBAM dan in snelle scan draaien en deze detecteerde 2 besmettingen. Ik moest na het verwijderen herstarten. Na de herstart gaf MBAM terug een kwaadaardig proces aan. Ik deed een volledige scan en de twee besmettingen werden weer gedetecteerd. Ik verwijderde ze weer en startte terug op. Nu geeft AVIRA doorlopende meldingen van besmetting. Enfin, hier mijn HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:33, on 30/06/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16851) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Sign In O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate1c99cd7b67a0b27) (gupdate1c99cd7b67a0b27) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7258 bytes en MBAM log: Malwarebytes' Anti-Malware 1.38 Database versie: 2353 Windows 6.0.6000 30/06/2009 10:54:23 mbam-log-2009-06-30 (10-54-23).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 261758 Verstreken tijd: 39 minute(s), 40 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: \\?\globalroot\systemroot\System32\hjgruiqsvljbjc.dll (Trojan.TDSS) -> Delete on reboot. Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: \\?\globalroot\systemroot\System32\hjgruiqsvljbjc.dll (Trojan.TDSS) -> Quarantined and deleted successfully. Graag een handje hierbij. Dit geeft AVIRA aan: http://www.pc-helpforum.be/attachment.php?attachmentid=2281&stc=1&d=1246353849
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.