Ga naar inhoud

ameya

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    119

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door ameya

  1. ameya
    Kan er alsjeblieft iemand helpen? Ik heb Windows 7 op mijn laptop en heb vandaag het volgende virus binnengehaald: delta Search Toolbar. Het veroorzaakt ongewenste websites bij browsen en toont continu reclame. Heb ergens gelezen dat dit virus iets met het virus Babylon te maken heeft. Kan iemand me een veilige downloadsite voor Hijack This geven ook want ik kom telkens op besmette websites uit en ook nog uitleg over HJT a.u.b.
  2. ameya
    Dank je voor je goeie hulp!!!!!!;-)
  3. ameya
    Windows IP-configuratie Hostnaam . . . . . . . . . . . . : toshiba-TOSH Primair DNS-achtervoegsel . . . . : Knooppunttype . . . . . . . . . . : broadcast IP-routering ingeschakeld . . . . : nee WINS-proxy ingeschakeld . . . . . : nee DNS-achtervoegselzoeklijst. . . . : telenet.be Ethernet-adapter voor LAN-verbinding: Verbindingsspec. DNS-achtervoegsel: telenet.be Beschrijving. . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) Fysiek adres. . . . . . . . . . . : 04-7D-7B-05-78-33 DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Link-local IPv6-adres . . . . . . : fe80::1d34:8902:156e:f894%11(voorkeur) IPv4-adres. . . . . . . . . . . . : 78.23.161.214(voorkeur) Subnetmasker. . . . . . . . . . . : 255.255.252.0 Lease verkregen . . . . . . . . . : zondag 12 augustus 2012 11:34:45 Lease verlopen. . . . . . . . . . : zondag 12 augustus 2012 14:04:45 Standaardgateway. . . . . . . . . : 78.23.160.1 DHCP-server . . . . . . . . . . . : 195.130.137.10 DHCPv6 IAID . . . . . . . . . . . : 241232745 DHCPv6-client DUID. . . . . . . . : 00-01-00-01-16-38-60-98-04-7D-7B-05-78-33 DNS-servers . . . . . . . . . . . : 195.130.130.130 195.130.131.130 NetBIOS via TCPIP . . . . . . . . : ingeschakeld Tunnel-adapter voor isatap.telenet.be: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: telenet.be Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja Tunnel-adapter voor 6TO4 Adapter: Verbindingsspec. DNS-achtervoegsel: telenet.be Beschrijving. . . . . . . . . . . : Microsoft 6to4 Adapter Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja IPv6-adres. . . . . . . . . . . . : 2002:4e17:a1d6::4e17:a1d6(voorkeur) Standaardgateway. . . . . . . . . : 2002:c058:6301::c058:6301 DNS-servers . . . . . . . . . . . : 195.130.130.130 195.130.131.130 NetBIOS via TCPIP . . . . . . . . : uitgeschakeld Tunnel-adapter voor Teredo Tunneling Pseudo-Interface: Verbindingsspec. DNS-achtervoegsel: Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : ja IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fb:3003:3b25:b1e8:5e29(voorkeur) Link-local IPv6-adres . . . . . . : fe80::3003:3b25:b1e8:5e29%17(voorkeur) Standaardgateway. . . . . . . . . : NetBIOS via TCPIP . . . . . . . . : uitgeschakeld Mijn type modem is : Touchstone Telephony modem Arris. Meer kan ik er niet van lezen want staat heel dicht tegen de muur. Ik had met Telenet gebeld over het probleem dat mijn draadloos netwerk in gebruik was door anderen maar ze konden me niet helpen zeiden ze. Ik moest mijn pc en mijn modem gewoon eens aan en afzetten. Dit leverde niks op natuurlijk. De vrouw aan de lijn leek er volgens mij zelf niks vanaf te weten.
  4. ameya
    Het is opgelost denk ik. Heb rondgesurfd en de oplossing gevonden. Via Computer, Systeemeigenschappen, Apparaatbeheer, Netwerkadapters, heb ik het draadloos netwerk uitgeschakeld en nu zijn de gebruikers verdwenen van mijn netwerk en staat enkel de breedbandverbinding actief. Ik hoop dat dit voldoende veilig is zo en ik er nu voorgoed van ben verlost. Toch bedankt voor je hulp. Dankzij jou zocht ik op het net verder om een draadloos netwerk uit te schakelen.
  5. ameya
    Ik heb 192.168.1.1. ingetikt in mijn webbrowser maar toen kwam er een foutmelding, een time out. Er kon geen verbinding met de server gemaakt worden. Ik heb geen router. Kan ik dan echt niks doen om die mensen van mijn draadloos netwerk te halen? Ben ik nu verplicht een router te kopen? O ja, kan je alsjeblieft zoveel mogelijk uitleg geven over waar dingen in menu's staan enzo want ik ken echt zo goed als niks van draadloze netwerken. Alvast bedankt voor je snelle reactie. Ik hoop op een snelle oplossing want weet me echt geen raad.
  6. ameya
    Hallo, Ik heb een probleempje. Ik heb een Toshiba laptop met Windows 7 erop. Als ik klik op het icoon voor de internetverbinding zie ik bij "Draadloze netwerken" gebruikersnamen van anderen staan in een lijstje. Ik werk echter met een internetkabel en modem en volgens mijn laptop is mijn draadloos internet niet actief enkel mijn breedbandverbinding zou actief moeten zijn. Het netwerk staat ingesteld op Openbaar netwerk. Is mijn laptop nu gehackt of waar komen die gebruikersnamen vandaan? Alvast bedankt voor de hulp.
  7. ameya
    Heb alles uitgevoerd. Het gevolg was wel dat mijn printer plots niet meer werd herkend. Maar na wissen en opnieuw installeren van het stuurprogramma ervan doet hij het weer. Oef. Heel erg bedankt kape. Mijn pc-tje is weer helemaal schoon!
  8. ameya
    ComboFix 11-04-03.03 - beque 04/04/2011 17:35:36.5.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.4094.2687 [GMT 2:00] Gestart vanuit: c:\users\beque\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\beque\Desktop\CFScript.txt AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))) . . 2011-04-04 15:40 . 2011-04-04 15:40 -------- d-----w- c:\users\Standaard\AppData\Local\temp 2011-04-04 15:40 . 2011-04-04 15:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-04-04 15:40 . 2011-04-04 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-04 15:40 . 2011-04-04 15:40 -------- d-----w- c:\users\beque\AppData\Local\temp 2011-04-03 16:31 . 2011-04-03 16:31 -------- d-----w- c:\users\beque\AppData\Roaming\vlc 2011-04-02 16:54 . 2011-04-02 16:54 -------- d-----w- c:\users\beque\AppData\Local\PackageAware 2011-04-01 17:40 . 2011-04-01 17:40 90112 --sha-r- c:\users\beque\AppData\Roaming\WebClntt.dll 2011-04-01 06:46 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA4CFC59-9620-4DE6-82B7-061587FA0914}\mpengine.dll 2011-03-31 15:36 . 2011-03-31 15:36 -------- d-----w- c:\windows\Hewlett-Packard 2011-03-23 19:04 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-23 19:04 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-03-23 19:04 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-03-23 19:04 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-03-23 19:04 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-03-09 17:26 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 17:26 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 17:26 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 17:26 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 17:26 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 17:26 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 17:26 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 17:26 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 17:26 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 17:26 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 17:26 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 17:26 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 11:50 . 2010-04-17 15:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-02-02 17:11 . 2010-03-25 14:32 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-20 16:46 . 2011-02-09 11:42 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:17 . 2011-02-09 11:42 366592 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:17 . 2011-02-09 11:42 625152 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:16 . 2011-02-09 11:42 287232 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:16 . 2011-02-09 11:42 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:16 . 2011-02-09 11:42 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:16 . 2011-02-09 11:42 1268224 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:16 . 2011-02-09 11:42 748544 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:16 . 2011-02-09 11:42 47104 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:16 . 2011-02-09 11:42 3548672 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:16 . 2011-02-09 11:42 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:14 . 2011-02-09 11:42 278528 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:14 . 2011-02-09 11:42 195072 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:08 . 2011-02-09 11:42 478720 ----a-w- c:\windows\SysWow64\dxgi.dll 2011-01-20 16:08 . 2011-02-09 11:42 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-01-20 16:08 . 2011-02-09 11:42 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 11:42 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll 2011-01-20 16:08 . 2011-02-09 11:42 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll 2011-01-20 16:07 . 2011-02-09 11:42 258048 ----a-w- c:\windows\SysWow64\winspool.drv 2011-01-20 16:07 . 2011-02-09 11:42 586240 ----a-w- c:\windows\SysWow64\stobject.dll 2011-01-20 16:06 . 2011-02-09 11:42 2873344 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-20 16:04 . 2011-02-09 11:42 209920 ----a-w- c:\windows\SysWow64\mfplat.dll 2011-01-20 16:04 . 2011-02-09 11:42 98816 ----a-w- c:\windows\SysWow64\mfps.dll 2011-01-20 15:01 . 2011-02-09 11:42 3068416 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 15:01 . 2011-02-09 11:42 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:59 . 2011-02-09 11:42 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:58 . 2011-02-09 11:42 1461760 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:57 . 2011-02-09 11:42 231936 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:42 . 2011-02-09 11:42 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:41 . 2011-02-09 11:42 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:40 . 2011-02-09 11:42 345088 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:40 . 2011-02-09 11:42 34304 ----a-w- c:\windows\system32\mfpmp.exe 2011-01-20 14:40 . 2011-02-09 11:42 377344 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:37 . 2011-02-09 11:42 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:35 . 2011-02-09 11:42 566272 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 14:28 . 2011-02-09 11:42 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 11:42 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-01-20 14:25 . 2011-02-09 11:42 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 11:42 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 11:42 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 11:42 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 11:42 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 11:42 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 11:42 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 11:42 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2011-01-20 14:06 . 2011-02-09 11:42 834048 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:47 . 2011-02-09 11:42 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-08 09:03 . 2011-02-09 11:42 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 11:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 11:42 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 11:42 292352 ----a-w- c:\windows\SysWow64\atmfd.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-04_09.34.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2011-04-04 15:26 58128 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2006-11-02 15:45 . 2011-04-04 09:17 71508 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2011-04-04 15:26 71508 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-03-24 14:17 . 2011-04-04 15:26 15434 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050645390-275591096-2826518037-1000_UserData.bin - 2010-03-24 13:55 . 2011-04-04 09:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-24 13:55 . 2011-04-04 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-24 13:54 . 2011-04-04 09:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-24 13:54 . 2011-04-04 15:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-24 13:55 . 2011-04-04 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-24 13:55 . 2011-04-04 09:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-27 19:24 . 2011-04-04 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-27 19:24 . 2011-04-02 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-27 19:24 . 2011-04-02 17:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-27 19:24 . 2011-04-04 15:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-27 19:24 . 2011-04-04 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-27 19:24 . 2011-04-02 17:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 09:56 . 2011-04-04 15:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 09:56 . 2011-04-04 09:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-26 09:56 . 2011-04-04 09:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-26 09:56 . 2011-04-04 15:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-04-04 09:15 . 2011-04-04 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-04-04 15:24 . 2011-04-04 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-04-04 09:15 . 2011-04-04 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-04-04 15:24 . 2011-04-04 15:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-24 03:15 . 2011-04-04 09:22 676950 c:\windows\system32\perfh013.dat + 2008-06-24 03:15 . 2011-04-04 15:31 676950 c:\windows\system32\perfh013.dat - 2006-11-02 12:46 . 2011-04-04 09:22 595798 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2011-04-04 15:31 595798 c:\windows\system32\perfh009.dat + 2008-06-24 03:15 . 2011-04-04 15:31 129980 c:\windows\system32\perfc013.dat - 2008-06-24 03:15 . 2011-04-04 09:22 129980 c:\windows\system32\perfc013.dat - 2006-11-02 12:46 . 2011-04-04 09:22 103872 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2011-04-04 15:31 103872 c:\windows\system32\perfc009.dat - 2010-03-24 19:17 . 2011-04-03 13:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-03-24 19:17 . 2011-04-04 15:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-02-09 15:07 . 2011-04-04 14:35 332872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-02-09 15:07 . 2011-04-03 18:31 332872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-09-19 84752] R3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 PCD5SRVC{E2AF211B-86DA020A-05040000};PCD5SRVC{E2AF211B-86DA020A-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms [2008-03-26 25888] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-20 988216] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-12-11 2953808] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-04 103944] S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-20 399416] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x] S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-12 1571416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}] "ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Voltooingstijd: 2011-04-04 17:41:32 ComboFix-quarantined-files.txt 2011-04-04 15:41 ComboFix2.txt 2011-04-04 10:16 ComboFix3.txt 2011-04-04 09:51 ComboFix4.txt 2011-04-04 09:36 ComboFix5.txt 2011-04-04 15:31 . Pre-Run: 588.277.121.024 bytes beschikbaar Post-Run: 588.226.142.208 bytes beschikbaar . - - End Of File - - F722BBD6D327721471C6E4782A777423 ---------- Post toegevoegd om 15:52 ---------- Vorige post was om 15:44 ---------- De foutmelding is volledig verdwenen nu!! Ook in HJT is er geen spoor meer van te bekennen. 1000x dank kape voor je snelle fantastische hulp! ---------- Post toegevoegd om 15:53 ---------- Vorige post was om 15:52 ---------- Hoe verwijder ik Combofix weer correct van mijn pc?
  9. ameya
    ComboFix 11-04-03.03 - beque 04/04/2011 11:45:50.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.4094.2614 [GMT 2:00] Gestart vanuit: c:\users\beque\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))) . . 2011-04-04 09:50 . 2011-04-04 09:50 -------- d-----w- c:\users\Standaard\AppData\Local\temp 2011-04-04 09:50 . 2011-04-04 09:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-04-04 09:50 . 2011-04-04 09:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-04 09:50 . 2011-04-04 09:50 -------- d-----w- c:\users\beque\AppData\Local\temp 2011-04-03 16:31 . 2011-04-03 16:31 -------- d-----w- c:\users\beque\AppData\Roaming\vlc 2011-04-02 16:54 . 2011-04-02 16:54 -------- d-----w- c:\users\beque\AppData\Local\PackageAware 2011-04-01 17:40 . 2011-04-01 17:40 90112 --sha-r- c:\users\beque\AppData\Roaming\WebClntt.dll 2011-04-01 06:46 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA4CFC59-9620-4DE6-82B7-061587FA0914}\mpengine.dll 2011-03-31 15:36 . 2011-03-31 15:36 -------- d-----w- c:\windows\Hewlett-Packard 2011-03-23 19:04 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-23 19:04 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-03-23 19:04 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-03-23 19:04 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-03-23 19:04 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-03-09 17:26 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 17:26 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 17:26 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 17:26 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 17:26 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 17:26 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 17:26 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 17:26 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 17:26 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 17:26 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 17:26 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 17:26 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 11:50 . 2010-04-17 15:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-02-02 17:11 . 2010-03-25 14:32 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-01-20 16:46 . 2011-02-09 11:42 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:17 . 2011-02-09 11:42 366592 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:17 . 2011-02-09 11:42 625152 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:16 . 2011-02-09 11:42 287232 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:16 . 2011-02-09 11:42 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:16 . 2011-02-09 11:42 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:16 . 2011-02-09 11:42 1268224 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:16 . 2011-02-09 11:42 748544 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:16 . 2011-02-09 11:42 47104 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:16 . 2011-02-09 11:42 3548672 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:16 . 2011-02-09 11:42 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:14 . 2011-02-09 11:42 278528 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:14 . 2011-02-09 11:42 195072 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:08 . 2011-02-09 11:42 478720 ----a-w- c:\windows\SysWow64\dxgi.dll 2011-01-20 16:08 . 2011-02-09 11:42 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-01-20 16:08 . 2011-02-09 11:42 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 11:42 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll 2011-01-20 16:08 . 2011-02-09 11:42 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll 2011-01-20 16:07 . 2011-02-09 11:42 258048 ----a-w- c:\windows\SysWow64\winspool.drv 2011-01-20 16:07 . 2011-02-09 11:42 586240 ----a-w- c:\windows\SysWow64\stobject.dll 2011-01-20 16:06 . 2011-02-09 11:42 2873344 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-20 16:04 . 2011-02-09 11:42 209920 ----a-w- c:\windows\SysWow64\mfplat.dll 2011-01-20 16:04 . 2011-02-09 11:42 98816 ----a-w- c:\windows\SysWow64\mfps.dll 2011-01-20 15:01 . 2011-02-09 11:42 3068416 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 15:01 . 2011-02-09 11:42 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:59 . 2011-02-09 11:42 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:58 . 2011-02-09 11:42 1461760 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:57 . 2011-02-09 11:42 231936 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:42 . 2011-02-09 11:42 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:41 . 2011-02-09 11:42 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:40 . 2011-02-09 11:42 345088 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:40 . 2011-02-09 11:42 34304 ----a-w- c:\windows\system32\mfpmp.exe 2011-01-20 14:40 . 2011-02-09 11:42 377344 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:37 . 2011-02-09 11:42 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:35 . 2011-02-09 11:42 566272 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 14:28 . 2011-02-09 11:42 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 11:42 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-01-20 14:25 . 2011-02-09 11:42 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 11:42 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 11:42 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 11:42 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 11:42 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 11:42 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 11:42 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 11:42 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2011-01-20 14:06 . 2011-02-09 11:42 834048 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:47 . 2011-02-09 11:42 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-08 09:03 . 2011-02-09 11:42 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 11:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 11:42 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 11:42 292352 ----a-w- c:\windows\SysWow64\atmfd.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-04-04_09.34.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2011-04-04 09:40 58104 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2006-11-02 15:45 . 2011-04-04 09:17 71508 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2011-04-04 09:40 71508 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-03-24 14:17 . 2011-04-04 09:40 15418 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050645390-275591096-2826518037-1000_UserData.bin - 2010-03-24 14:17 . 2011-04-04 09:17 15418 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4050645390-275591096-2826518037-1000_UserData.bin - 2010-03-24 13:55 . 2011-04-04 09:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-24 13:55 . 2011-04-04 09:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-24 13:54 . 2011-04-04 09:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-24 13:54 . 2011-04-04 09:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-03-24 13:55 . 2011-04-04 09:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-03-24 13:55 . 2011-04-04 09:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-04-04 09:38 . 2011-04-04 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-04-04 09:15 . 2011-04-04 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-04-04 09:38 . 2011-04-04 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-04-04 09:15 . 2011-04-04 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-24 03:15 . 2011-04-04 09:22 676950 c:\windows\system32\perfh013.dat + 2008-06-24 03:15 . 2011-04-04 09:45 676950 c:\windows\system32\perfh013.dat - 2006-11-02 12:46 . 2011-04-04 09:22 595798 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2011-04-04 09:45 595798 c:\windows\system32\perfh009.dat - 2008-06-24 03:15 . 2011-04-04 09:22 129980 c:\windows\system32\perfc013.dat + 2008-06-24 03:15 . 2011-04-04 09:45 129980 c:\windows\system32\perfc013.dat + 2006-11-02 12:46 . 2011-04-04 09:45 103872 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2011-04-04 09:22 103872 c:\windows\system32\perfc009.dat - 2010-03-24 19:17 . 2011-04-03 13:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-03-24 19:17 . 2011-04-04 09:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-02-09 15:07 . 2011-04-04 09:37 332872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-02-09 15:07 . 2011-04-03 18:31 332872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Wdlxnk"="c:\users\beque\AppData\Roaming\WebClntt.dll" [2011-04-01 90112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-09-19 84752] R3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x] R3 PCD5SRVC{E2AF211B-86DA020A-05040000};PCD5SRVC{E2AF211B-86DA020A-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms [2008-03-26 25888] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-20 988216] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-12-11 2953808] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-04 103944] S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-20 399416] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x] S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-12 1571416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}] "ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Voltooingstijd: 2011-04-04 11:51:58 ComboFix-quarantined-files.txt 2011-04-04 09:51 ComboFix2.txt 2011-04-04 09:36 ComboFix3.txt 2010-12-20 11:22 . Pre-Run: 588.282.810.368 bytes beschikbaar Post-Run: 588.235.530.240 bytes beschikbaar . - - End Of File - - 169CD0D5A7C12E0B296B9C0AF72E2DE4 ---------- Post toegevoegd om 10:04 ---------- Vorige post was om 09:55 ---------- Ik vrees dat ik wat verknoeit heb. Ik had per ongeluk eerst bij Combofix.exe op Uitvoeren geklikt uit pure gewoonte. Dus ik kon het niet opslaan op bureaublad. Bij lopen van het programma zag ik duidelijk verschijnen dat hij die foutieve dll verwijderde. Ik wilde de log hier plakken maar raakte niet meer op het net. Waarschijnlijk doordat Bitdefender nog afstond. Ik heb toen domweg heropgestart en was daarna de log van Combofix kwijt. De map van Combofix bleek leeg? Ik heb dan Combofix opnieuw gedownload via link 2 en deze keer wel opgeslaan op bureaublad en laten scannen. Deze log staat nu hier. Maar bij heropstarten blijft die run dll foutmelding gewoon verschijnen. Is er dus nog niet af? ---------- Post toegevoegd om 10:08 ---------- Vorige post was om 10:04 ---------- Maar waarom mag ik bij scan van HJT regel04 niet fixen waarin die foutieve dll staat? Ik snap wel totaal niet dat die regel 04 in mijn logbestand er niet bijstaat? Die regel staat enkel te lezen meteen na scan van HJT?
  10. ameya
    Zoals ik al schreef vindt CCleaner geen registerfouten. In Msconfig vind ik het bestand ook niet in de lijst van bestanden bij Opstarten. Ik vrees dat het een virus is die een bestand heeft beschadigd en zo die opstartfout veroorzaakt. Heb voor de veiligheid HJT-log gepost.
  11. ameya
    Meteen na het uitvoeren van HJT zie je eerst een scherm met alle resultaten. Op dat scherm zag ik in een regel 04 die C:\Users\...\WebClntt.dll erin staan. Als ik echter klik op logfile maken en deze hier plaats zie ik die regel er niet meer in staan? Of is die nu anders weergegeven? Mag ik anders op dat eerste scherm van HJT die regel 04 aanvinken en klikken op de knop "Fix item" ? Of is dat gevaarlijk?
  12. ameya
    Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6255 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 3/04/2011 15:47:09 mbam-log-2011-04-03 (15-47-09).txt Scantype: Volledige scan (C:\|) Objecten gescand: 306844 Verstreken tijd: 41 minuut/minuten, 15 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  13. ameya
    Wegens volgende Rundll foutmelding: Er is een fout opgetreden tijdens het laden van C:\Users\beque\AppData\Roaming\WebClntt.dll C:\Users\beque\AppData\Roaming\WebClntt.dll is geen geldig Win32-toepassing. (zie ook mijn post bij "Windows") Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:20:34, on 21/12/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Safe mode Running processes: C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7638 bytes
  14. ameya
    Hallo, Ik krijg plots bij het opstarten van de pc volgende foutmelding: Run dll: Er is een fout opgetreden tijdens het laden van C:\Users\beque\AppData\Roaming\WebClntt.dll C:\Users\beque\AppData\Roaming\WebClntt.dll is geen geldige Win32-toepassing Ik heb al Crapcleaner gedraaid om het proberen weg te krijgen maar deze spoort de fout blijkbaar niet op. Hoe kan ik deze foutmelding weg krijgen?
  15. ameya
    Bedankt kape dat je mij zo snel en zo lang met alles hebt geholpen!!
  16. ameya
    Dus die Unlocker zou moeten werken zonder dat ik dat moet aanklikken in een menu ofzo? In ieder geval het doet helemaal niks, ook niet in Veilige Modus en ik zou die Unlocker liever terug willen verwijderen. Ik lees nu dat sommigen daar een potentiëel gevaar inzien en dat het toch niet zo onschuldig is. Maar het staat niet bij de programma's. Hoe kan ik dat wissen want ik vind het niet terug waar het nu geïnstalleerd is. Wat ik wel heb gezien als ik rechts klik op die map Qoobox dat ik ondermeer de keuze van Bitdefender : Bestand vernietigen heb. Mag ik dat aanklikken om die map weg te krijgen? ---------- Post toegevoegd om 18:07 ---------- Vorige post was om 17:56 ---------- Het is gelukt. De map Qoobox is gewist! Ik had de map eerst geopend en dan op een map die erin stond rechtsgeklikt. Er stond terug dat ik niet gemachtigd was maar nu kwam er een venster dat ik via "Beveiliging" de machtigingen kon wijzigen. En voila, daar alles aangevinkt op toestaan en ik kon de hele handel wissen. Maar die Unlocker zou ik nog graag wissen. Kan je dat nog juist zeggen hoe ik die er terug afkrijg?
  17. ameya
    Heb Unlocker gedownload maar snap niet hoe ik het moet opstarten. Ik zie gewoon nu rechts onderaan een toverstafje staan maar als ik de map Qoobox selecteer en probeer te wissen blijft het onmogelijk (niet bevoegd).
  18. ameya
    Die map Qoobox is wel degelijk aanwezig maar ik kan ze niet manueel wissen. Er komt een foutmelding dat ik niet bevoegd ben om dat te doen? Ik ben nochtans ingelogd als administrator? Rest is gelukt.
  19. ameya
    Log van ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=12 esets_scanner_update returned -1 esets_gle=12 ESET gaf na scan aan geen bedreigingen te hebben gevonden. Log van HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:20:34, on 21/12/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Safe mode Running processes: C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP Consumer | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\WINDOWS\SysWOW64\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7638 bytes Regel 03 is er nog steeds zelfs na fixen in Veilige modus.
  20. ameya
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:34:49, on 19/12/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files (x86)\Secunia\PSI\psi.exe C:\hp\kbd\kbd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Consumer | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Consumer | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP Consumer | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8551 bytes ---------- Post toegevoegd om 18:05 ---------- Vorige post was om 18:01 ---------- Ik deed inmiddels ook een nieuwe scan met Bitdefender. Die gaf 11 geïnfecteerde items aan tijdens het scannen. Aan het einde van de scan stond er wel: Geen bedreigingen gevonden. Eigenlijk snap ik van het besluit van een scan van Bitdefender geen snars. Als hij gisteren een virus detecteerde maar niet kon verwijderen waarom vindt hij het dan niet bij een nieuwe scan terug? Dan zit het toch nog steeds ergens verscholen? Ik heb de technische dienst van Bitdefender hierover ook eens een mail gestuurd. Maar goed ik betrouw meer op jouw mening. Als jij vind dat mijn systeem terug clean is dan kan ik terug op mijn 2 oren slapen.
  21. ameya
    Als ik in Uitvoeren die opdrachten sc stop DFSR en sc delete DFSR tik dan zie ik enkel heel kort een zwart schermpje voorbijflitsen dat meteen weer verdwijnt. Dit zelfde bij elk van die opdrachten. Ik kreeg dus geen venster waarin ik manueel dingen kon verwijderen? Daarna heb ik HJT scan uitgevoerd en regel 03 en regel 08 gefixt. Maar bij opnieuw scannen blijft regel 03 (van Bitdefender Toolbar) gewoon staan. Enkel regel 08 is weg. Doe ik iets fout? Ik heb net ook even heropgestart en terug even HJT scan gedaan maar regel 03 blijft hardnekkig staan na fix. Ook start PC nu heel langzaam op en blijft ratelen en lijkt met heel veel bezig. IE start op met een bijna volledig wit scherm en komt pas heel veel later op startscherm van Google. Lijkt me niet pluis? Ook nu nog ratelt de pc maar door? Heb intussen die 3 RENCA.tmp bestanden kunnen wissen in SysWow 64. Ik dacht dat ik die kon wissen na die opdrachten in Uitvoeren. Maar regel 03 in HJT krijg ik niet weg. PC is nu gestopt met ratelen.
  22. ameya
    ComboFix 10-12-19.03 - beque 20/12/2010 12:16:21.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.4094.2548 [GMT 1:00] Gestart vanuit: c:\users\beque\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))) . 2010-12-20 11:20 . 2010-12-20 11:20 -------- d-----w- c:\users\Standaard\AppData\Local\temp 2010-12-20 11:20 . 2010-12-20 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-20 11:20 . 2010-12-20 11:20 -------- d-----w- c:\users\beque\AppData\Local\temp 2010-12-19 19:24 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-12-19 17:02 . 2010-12-03 09:05 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-12-19 17:02 . 2010-12-19 17:02 -------- dc----w- c:\windows\system32\DRVSTORE 2010-12-19 17:01 . 2010-12-19 17:01 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-19 17:01 . 2010-12-19 17:02 -------- d-----w- c:\programdata\Lavasoft 2010-12-19 17:01 . 2010-12-19 17:01 -------- d-----w- c:\program files (x86)\Lavasoft 2010-12-19 14:21 . 2010-12-19 14:21 388096 ----a-r- c:\users\beque\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-19 14:21 . 2010-12-19 14:21 -------- d-----w- c:\program files (x86)\Trend Micro 2010-12-17 09:05 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A1981C7-5D92-4AFA-B406-79332AECE04B}\mpengine.dll 2010-12-16 13:27 . 2010-12-16 13:27 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2010-11-24 09:29 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-24 09:29 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:42 . 2010-03-25 12:27 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-29 16:42 . 2010-03-25 12:27 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-02 11:21 . 2010-11-02 11:21 0 ----a-w- c:\windows\SysWow64\RENCA24.tmp 2010-11-02 11:21 . 2010-11-02 11:21 0 ----a-w- c:\windows\SysWow64\RENCA23.tmp 2010-11-02 11:21 . 2010-11-02 11:21 0 ----a-w- c:\windows\SysWow64\RENCA13.tmp 2010-11-02 10:31 . 2010-08-07 11:10 521448 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-02 10:27 . 2010-04-17 15:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-10-19 09:41 . 2010-03-25 14:32 270720 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-09-02 13351304] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2010-09-19 84752] R3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224] R3 PCD5SRVC{E2AF211B-86DA020A-05040000};PCD5SRVC{E2AF211B-86DA020A-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms [2008-03-26 25888] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 17456] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-04 88144] S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-12-11 2953808] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-04 103944] S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 11576] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-03-19 1379584] S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2008-02-26 615424] --- Andere Services/Drivers In Geheugen --- *Deregistered* - Lavasoft Kernexplorer HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X] "RtHDVCpl"="RAVCpl64.exe" [2008-03-31 6150656] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-12 1571416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html . - - - - ORPHANS VERWIJDERD - - - - AddRemove-Hardwood Solitaire III - c:\program files (x86)\Hardwood Solitaire III\Solitaire III.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}] "ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Voltooingstijd: 2010-12-20 12:22:19 ComboFix-quarantined-files.txt 2010-12-20 11:22 Pre-Run: 592.528.150.528 bytes beschikbaar Post-Run: 592.452.726.784 bytes beschikbaar - - End Of File - - 3246035E3AF5A1B850D738A7E1464D17
  23. ameya
    Heb ook een Ad Aware scan gedaan. Die verwijderde 26 cookies maar ik zie niet meteen die Hotbar.2 erbij staan of kan die een andere naam hebben? Logfile created: 19/12/2010 18:23:21 Ad-Aware version: 9.0.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: beque *********************** Definitions database information *********************** Lavasoft definition file: 150.186 Genotype definition file version: Unknown Extended engine definition file: 7475.0 ******************************** Scan results: ********************************* Scan profile name: Vol. scan (ID: full) Objects scanned: 195137 Objects detected: 26 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 26 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *.comclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409086 Family ID: 0 Description: *276* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408944 Family ID: 0 Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0 Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0 Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0 Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0 Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0 Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0 Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0 Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0 Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0 Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0 Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0 Description: *trafficmp* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408787 Family ID: 0 Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Scan and cleaning complete: Finished correctly after 7243 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vol. scan ID: folderstoscan, enabled:1, value: C:\,D:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 19 18:02:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 19 00:02:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 19 06:02:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 19 12:02:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 19 18:02:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: PC_VAN_BEQUE Processor name: Intel® Core2 Quad CPU Q9300 @ 2.50GHz Processor identifier: Intel64 Family 6 Model 23 Stepping 7 Processor speed: ~2499MHZ Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5895, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3] Physical memory available: 2681425920 bytes Physical memory total: 4293279744 bytes Virtual memory available: 1798873088 bytes Virtual memory total: 2147352576 bytes Memory load: 37% Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002) Windows startup mode: Running processes: PID: 560 name: C:\WINDOWS\System32\smss.exe owner: SYSTEEM domain: NT AUTHORITY PID: 628 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY PID: 688 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEEM domain: NT AUTHORITY PID: 708 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEEM domain: NT AUTHORITY PID: 744 name: C:\WINDOWS\System32\services.exe owner: SYSTEEM domain: NT AUTHORITY PID: 756 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEEM domain: NT AUTHORITY PID: 764 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEEM domain: NT AUTHORITY PID: 916 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 960 name: C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe owner: SYSTEEM domain: NT AUTHORITY PID: 988 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEEM domain: NT AUTHORITY PID: 376 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY PID: 424 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 600 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 616 name: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe owner: SYSTEEM domain: NT AUTHORITY PID: 908 name: C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1040 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1096 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1108 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1204 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1220 name: C:\WINDOWS\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1272 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1380 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1508 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1644 name: C:\WINDOWS\System32\taskeng.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1712 name: C:\WINDOWS\System32\spoolsv.exe owner: SYSTEEM domain: NT AUTHORITY PID: 1748 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1940 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2060 name: C:\WINDOWS\SysWOW64\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2124 name: C:\hp\HPEZBTN\HPBtnSrv.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2200 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2220 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2288 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2336 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2380 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2420 name: C:\WINDOWS\System32\SearchIndexer.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2628 name: C:\WINDOWS\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2640 name: C:\WINDOWS\servicing\TrustedInstaller.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2864 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEEM domain: NT AUTHORITY PID: 2972 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEEM domain: NT AUTHORITY PID: 3092 name: C:\WINDOWS\System32\taskeng.exe owner: beque domain: PC_van_beque PID: 3172 name: C:\WINDOWS\System32\dwm.exe owner: beque domain: PC_van_beque PID: 3180 name: C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe owner: beque domain: PC_van_beque PID: 3192 name: C:\WINDOWS\explorer.exe owner: beque domain: PC_van_beque PID: 3716 name: C:\Program Files\Windows Defender\MSASCui.exe owner: beque domain: PC_van_beque PID: 3728 name: C:\WINDOWS\RAVCpl64.exe owner: beque domain: PC_van_beque PID: 3772 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: beque domain: PC_van_beque PID: 3824 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: beque domain: PC_van_beque PID: 3844 name: C:\WINDOWS\ehome\ehtray.exe owner: beque domain: PC_van_beque PID: 3912 name: C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe owner: beque domain: PC_van_beque PID: 3952 name: C:\hp\support\hpsysdrv.exe owner: beque domain: PC_van_beque PID: 3976 name: C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe owner: beque domain: PC_van_beque PID: 4008 name: C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe owner: beque domain: PC_van_beque PID: 3224 name: C:\WINDOWS\Samsung\PanelMgr\caller64.exe owner: beque domain: PC_van_beque PID: 3448 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: beque domain: PC_van_beque PID: 2648 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1580 name: C:\WINDOWS\System32\taskeng.exe owner: beque domain: PC_van_beque PID: 1560 name: C:\Program Files (x86)\Secunia\PSI\psi.exe owner: beque domain: PC_van_beque PID: 3104 name: C:\WINDOWS\ehome\ehmsas.exe owner: beque domain: PC_van_beque PID: 3552 name: C:\WINDOWS\ehome\ehsched.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2448 name: C:\WINDOWS\ehome\ehrecvr.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 5032 name: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe owner: SYSTEEM domain: NT AUTHORITY PID: 4228 name: C:\hp\KBD\kbd.exe owner: beque domain: PC_van_beque PID: 4900 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: beque domain: PC_van_beque PID: 4204 name: C:\WINDOWS\System32\wbem\WMIADAP.exe owner: SYSTEEM domain: NT AUTHORITY PID: 4572 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: beque domain: PC_van_beque Startup items: Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: hpsysdrv imagepath: c:\hp\support\hpsysdrv.exe Name: KBD imagepath: C:\HP\KBD\KbdStub.EXE Name: Name: HP Software Update imagepath: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe Name: Samsung PanelMgr imagepath: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: a2AntiMalware displayname: Emsisoft Anti-Malware 5.0 - Service Name: AeLookupSvc displayname: Application Experience Name: AudioEndpointBuilder displayname: Windows Audio Endpoint Builder Name: AudioSrv displayname: Windows Audio Name: BFE displayname: Base Filtering Engine Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: DPS displayname: Diagnostic Policy Service Name: EapHost displayname: Extensible Authentication Protocol Name: ehRecvr displayname: Windows Media Center Receiver-service Name: ehSched displayname: Windows Media Center Scheduler-service Name: EMDMgmt displayname: ReadyBoost Name: Eventlog displayname: Windows Event Log Name: EventSystem displayname: COM+ Event System Name: ezSharedSvc displayname: Easybits Shared Services for Windows Name: fdPHost displayname: Function Discovery Provider Host Name: FDResPub displayname: Function Discovery Resource Publication Name: gpsvc displayname: Group Policy Client Name: hidserv displayname: Human Interface Device Access Name: HP Health Check Service displayname: HP Health Check Service Name: HPBtnSrv displayname: HP Chasis Button Service Name: IAANTMON displayname: Intel® Matrix Storage Event Monitor Name: IKEEXT displayname: IKE and AuthIP IPsec Keying Modules Name: iphlpsvc displayname: IP Helper Name: KeyIso displayname: CNG Key Isolation Name: KtmRm displayname: KtmRm for Distributed Transaction Coordinator Name: LanmanServer displayname: Server Name: LanmanWorkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LightScribeService displayname: LightScribeService Direct Disc Labeling Service Name: LIVESRV displayname: BitDefender Desktop-updateservice Name: lmhosts displayname: TCP/IP NetBIOS Helper Name: MMCSS displayname: Multimedia Class Scheduler Name: MpsSvc displayname: Windows Firewall Name: Netman displayname: Network Connections Name: netprofm displayname: Network List-service Name: NlaSvc displayname: Network Location Awareness Name: nsi displayname: Network Store Interface-service Name: nvsvc displayname: NVIDIA Display Driver Service Name: PcaSvc displayname: Program Compatibility Assistant-service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPsec Policy Agent Name: ProfSvc displayname: User Profile-service Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification-service Name: ShellHWDetection displayname: Shell Hardware Detection Name: slsvc displayname: Software Licensing Name: Spooler displayname: Print Spooler Name: SSDPSRV displayname: SSDP Discovery Name: SstpSvc displayname: SSTP-service (Secure Socket Tunneling Protocol) Name: stisvc displayname: WIA (Windows Image Acquisition) Name: SysMain displayname: Superfetch Name: TabletInputService displayname: Tablet PC Input-service Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: TrustedInstaller displayname: Windows Modules Installer Name: upnphost displayname: UPnP Device Host Name: UxSms displayname: Desktop Window Manager Session Manager Name: VSSERV displayname: BitDefender Virus Shield Name: W32Time displayname: Windows Time Name: WdiSystemHost displayname: Diagnostic System Host Name: WebClient displayname: WebClient Name: WerSvc displayname: Windows Error Reporting-service Name: WinDefend displayname: Windows Defender Name: WinHttpAutoProxySvc displayname: WinHTTP Web Proxy Auto-Discovery-service Name: Winmgmt displayname: Windows Management Instrumentation Name: Wlansvc displayname: WLAN Auto Config Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing-service Name: WPDBusEnum displayname: Portable Device Enumerator-service Name: wscsvc displayname: Security Center Name: WSearch displayname: Windows Search Name: wuauserv displayname: Windows Update Name: wudfsvc displayname: Windows Driver Foundation - User-mode Driver Framework
  24. ameya
    Hijack This log is gelukt. Bij deze: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:34:49, on 19/12/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files (x86)\Secunia\PSI\psi.exe C:\hp\kbd\kbd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Consumer | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP Consumer | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP Consumer | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8551 bytes
  25. ameya
    Hallo, kan iemand helpen alsjeblieft? Ik heb dus bovenstaand virus te pakken en naar wat ik erover lees is het geen lieverdje. Bitdefender vond het wel maar meldde doodleuk dat hij het niet kan desinfecteren of in quarantaine zetten omdat de toegang tot het object wordt geweigerd? Ik merk dat Bitdefender dit elke keer doet als hij een virus vindt? Is toch nutteloos zo hé. Heb al systeemherstel geprobeerd maar op het eind krijg ik foutmelding dat dit niet werd voltooid wegens het optreden van een onbekende fout. Maar to the point nu. Ik wil Hijack This laten lopen maar ik kan als ik rechts klik op het logo nergens kiezen voor: run as administrator. (Ik heb dus windows vista) waar staat die optie juist. Hijack This loopt wel als ik erop dubbelklik maar geeft ook een foutmelding bij het begin : For some reason your system denied write access to Host.file Dan komt er nog een hele uitleg met het besluit dat ik dan zelf deze file moet editen maar ik snap niet hoe. Kan iemand me hieruit helpen? Alvast bedankt
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.