Knip
-
Items
71 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Knip
-
Kom meteen op Google terecht als ik cijfers invoer
-
Betreft een wireless modem van Cisco EPC 3925 Na lang wachten geefgt hij limited or no connectivity, met repair functie doet hij vervolgens niets ---------- Post toegevoegd om 10:46 ---------- Vorige post was om 10:45 ---------- Geen idee of eea WEP of WPA is heb verder niets ingesteld, op andere laptoip en I pad werkt eea prima.
-
Goedemiddag, Kan dit bericht sturen met een tweedehands laptop via mijn onbeveiligde netwerk en oude modem. Bij nieuwe modem krijg ik de melding dat ik mijn network key moet invullen, als ik dit correct doe vind hij daarnha mijn netwerk niet, blijft zoeken. Zal misschien iets niet goed staan vanuit verleden in de laptop ? Graag uw hulp. Gr Ronald
-
Laptop compleet overleden doet niets meer. Ga maar even langs de winkel bednkt voor de hulp mag in dit geval niet baten, alles zwart inmiddels
-
Helaas niet te openen, gaat hem niet worden Volgende gebeurd: Opstarten HJT vanaf stickje Opslaan onder C:program files Install Melding Warning 1909 could not create shortcut HJT Verify that the destanation folder exsits and that you can acces it. Kan wel via mijn computer gewoon in C en program files ????????
-
Weet dat dat met print screen moet maar hoe plak ik het vervolgens hier in ? Geeft geen paste met rechter muisknop in dit veld
-
Hallo, Aantal icoontjes zijn automatisch voorzien van een wit vakje met een zwarte pijl ( tbv synchroniseren ) In start menu krijg ik alleen nog icoontjes type shortcut. Hijack wil zich niet instaleren geeft melding warning 1909 verify that the destination folders excists ??? Geen idee wat er aan de hand is verder niets gedownload of gedaan en vanmiddag werkte eea perfect...............
-
Heb ik ook gedraaid bij deze de gegevens: ComboFix 10-10-10.03 - rokn01 11-10-2010 17:45:55.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1275 [GMT 2:00] Gestart vanuit: c:\documents and settings\rokn01\Desktop\ComboFix1.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5} . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))) . 2010-10-11 15:38 . 2010-10-11 15:44 -------- d-----w- C:\ComboFix1 2010-10-11 14:43 . 2010-02-16 12:20 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll 2010-10-11 14:27 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-11 14:27 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-11 14:27 . 2010-10-11 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-11 13:17 . 2010-10-11 13:17 388096 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-01 11:36 . 2010-10-01 11:36 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\Help 2010-09-28 11:36 . 2010-09-08 23:22 136512 ----a-w- c:\windows\system32\KevlarSigs.dll 2010-09-28 11:36 . 2010-02-16 12:20 60344 ----a-w- c:\windows\system32\HcApi.dll 2010-09-28 11:36 . 2010-02-16 12:20 225144 ----a-w- c:\windows\system32\HcSql.dll 2010-09-28 11:36 . 2010-02-16 12:20 20256 ----a-w- c:\windows\system32\HcSvc.dll 2010-09-28 11:36 . 2010-02-16 12:20 44448 ----a-w- c:\windows\system32\hipqa.dll 2010-09-28 11:36 . 2010-02-16 12:20 38680 ----a-w- c:\windows\system32\drivers\HIPPSK.sys 2010-09-28 11:36 . 2010-02-16 12:20 35584 ----a-w- c:\windows\system32\drivers\HIPQK.sys 2010-09-28 11:36 . 2010-02-16 12:20 25912 ----a-w- c:\windows\system32\mfehida.dll 2010-09-28 11:36 . 2010-02-16 12:20 107896 ----a-w- c:\windows\system32\drivers\HIPK.sys 2010-09-28 11:36 . 2008-10-17 13:26 44680 ----a-w- c:\windows\system32\drivers\firehk.sys 2010-09-28 11:36 . 2010-09-28 11:36 -------- d-----w- c:\program files\Common Files\McAfee Inc 2010-09-28 11:30 . 2010-02-16 12:20 70728 ----a-w- c:\windows\system32\mfevtps.exe 2010-09-28 11:30 . 2009-10-22 18:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-09-21 14:01 . 2010-09-21 14:01 -------- d-----w- c:\documents and settings\itsp01\Local Settings\Application Data\Google 2010-09-13 15:59 . 2010-09-13 16:00 -------- d-----w- c:\program files\GPLGS 2010-09-13 15:58 . 2010-09-13 15:58 -------- d-----w- c:\program files\Acro Software . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-10-08 53600] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680] "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530] "Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626] "Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056] "Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-15 124224] "McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-02-16 979104] "DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-02-04 78848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-3-22 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-3-22 734872] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AT&T Global Network Client\\SwiApiMux.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AT&T Global Network Client\\NetClient.exe"= R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 20:00 26624] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [16-2-2010 14:20 1498224] R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [28-9-2010 13:57 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [16-12-2009 20:31 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [22-10-2009 20:07 21256] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [28-9-2010 13:30 70728] R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [8-10-2009 13:48 342368] R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18-9-2009 18:48 9216] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 20:00 3712] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [28-9-2010 13:36 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [28-9-2010 13:36 107896] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [28-9-2010 13:36 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [28-9-2010 13:36 35584] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8-6-2007 8:36 81280] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-7-2010 10:31 136176] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30-6-2009 17:22 96256] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27-8-2010 15:23 112640] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [28-9-2010 13:36 44680] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27-8-2010 15:30 100480] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17-5-2010 14:10 7680] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28-9-2010 13:30 65448] S3 NetLogSvc;NetLogSvc;c:\progra~1\AT&TGL~1\NETLOG~1.EXE [8-10-2009 13:48 75616] S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [30-6-2009 17:22 65664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Inhoud van de 'Gedeelde Taken' map 2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31] 2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31] 2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] 2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] 2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://hands-online.cardo.net/Pages/Default.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\HcApi.dll c:\windows\system32\KevlarSigs.dll - - - - - - - > 'lsass.exe'(764) c:\windows\system32\HcApi.dll c:\windows\system32\KevlarSigs.dll - - - - - - - > 'explorer.exe'(1300) c:\windows\system32\WININET.dll c:\windows\system32\HcApi.dll c:\windows\system32\KevlarSigs.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\windows\system32\msi.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\WPDShServiceObj.dll - - - - - - - > 'csrss.exe'(688) c:\windows\system32\HcApi.dll c:\windows\system32\KevlarSigs.dll . Voltooingstijd: 2010-10-11 17:49:39 ComboFix-quarantined-files.txt 2010-10-11 15:49 Pre-Run: 61.775.667.200 bytes free Post-Run: 61.751.783.424 bytes free - - End Of File - - 7214164AD391DAB93591FF39A234C6D7
-
Resultaten van de scans Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4794 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11-10-2010 16:39:26 mbam-log-2010-10-11 (16-39-26).txt Scantype: Snelle scan Objecten gescand: 157876 Verstreken tijd: 6 minuut/minuten, 18 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 9 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XA5RJ9EADJ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:47:07, on 11-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AT&T Global Network Client\netcfgsvr.exe C:\Program Files\AT&T Global Network Client\NetClientSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\userinit.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hands-online.cardo.net/Pages/Default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hands-online.cardo.net/Pages/Default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe" O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258357224073 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\Software\..\Telephony: DomainName = cardo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: AT&T Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Global Network Client\NetClientSvc.exe O23 - Service: NetLogSvc - AT&T - C:\PROGRA~1\AT&TGL~1\NETLOG~1.EXE O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 12096 bytes
-
Dit is eruit komen rollen Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:18:59, on 11-10-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AT&T Global Network Client\netcfgsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AT&T Global Network Client\NetClientSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\DWRCST.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\PROGRA~1\AT&TGL~1\NETLOG~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hands-online.cardo.net/Pages/Default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hands-online.cardo.net/Pages/Default.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe" O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258357224073 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\Software\..\Telephony: DomainName = cardo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: AT&T Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Global Network Client\NetClientSvc.exe O23 - Service: NetLogSvc - AT&T - C:\PROGRA~1\AT&TGL~1\NETLOG~1.EXE O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 12339 bytes
-
Hallo allemaal, Kan de achtergrond van mijn laptop niet meer wijzigen, iemand een idee hoe of wat ? Alvast bedankt.
-
Jippie ben er ( nu ) van verlost Ontzettend bedankt is opgelost naar het zich laat aanzien xD
-
He heeeeee gelukt ComboFix 10-07-30.04 - rokn01 31-07-2010 20:08:44.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1787 [GMT 2:00] Gestart vanuit: c:\documents and settings\rokn01\Desktop\Scan.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.\documents\settings Besmet exemplaar van c:\windows\system32\drivers\amsint.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-31 )))))))))))))))))))))))))))))) . 2010-07-31 17:16 . 2010-07-31 17:16 -------- d-----w- c:\program files\uTorrent 2010-07-31 15:53 . 2010-07-31 15:54 -------- d-----w- C:\Scan 2010-07-28 09:38 . 2010-07-28 11:09 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-27 11:23 . 2010-07-27 11:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-26 09:18 . 2010-07-26 09:18 -------- d-----w- c:\program files\Common Files\Java 2010-07-26 09:18 . 2010-07-26 09:18 61440 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33590cef-n\decora-sse.dll 2010-07-26 09:18 . 2010-07-26 09:18 503808 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\msvcp71.dll 2010-07-26 09:18 . 2010-07-26 09:18 499712 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\jmc.dll 2010-07-26 09:18 . 2010-07-26 09:18 348160 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\msvcr71.dll 2010-07-26 09:18 . 2010-07-26 09:18 12800 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33590cef-n\decora-d3d.dll 2010-07-26 09:18 . 2010-07-26 09:17 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-26 09:17 . 2010-07-26 09:17 -------- d-----w- c:\program files\Java 2010-07-26 08:36 . 2010-07-26 08:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\Google 2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\program files\Google 2010-07-24 17:49 . 2010-07-24 17:49 -------- d-----w- c:\program files\CCleaner 2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\documents and settings\rokn01\Application Data\Malwarebytes 2010-07-24 16:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-24 16:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-24 16:14 . 2010-07-24 16:14 388096 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-24 16:14 . 2010-07-24 16:14 -------- d-----w- c:\program files\Trend Micro 2010-07-24 14:40 . 2010-07-24 14:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-07-24 14:37 . 2010-07-24 14:37 202752 ----a-w- c:\windows\Xvahua.exe 2010-07-24 14:37 . 2010-07-31 14:34 -------- d-----w- C:\QUARANTINE 2010-07-24 14:37 . 2010-07-24 14:37 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\tdlmbyjbq 2010-07-05 16:26 . 2010-07-05 16:42 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\ApplicationHistory 2010-07-05 16:26 . 2010-07-05 16:26 6766 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{DB527AF3-93DE-400E-BC8D-9ABB3C458F7A}\_69525f90.exe 2010-07-05 16:26 . 2010-07-05 16:26 6766 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{DB527AF3-93DE-400E-BC8D-9ABB3C458F7A}\_16496df1.exe 2010-07-05 16:26 . 2010-07-05 16:26 -------- d-----w- c:\program files\Frontwave 2010-07-03 11:00 . 2010-07-03 11:00 -------- d-----w- c:\program files\Maxis . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-31 18:00 . 2009-11-13 12:31 836 ----a-w- c:\windows\bthservsdp.dat 2010-07-31 17:41 . 2010-06-13 17:52 -------- d-----w- c:\documents and settings\rokn01\Application Data\uTorrent 2010-07-31 16:26 . 2010-05-17 18:24 -------- d-----w- c:\program files\PokerStars 2010-07-31 16:11 . 2010-05-31 08:58 -------- d-----w- c:\documents and settings\rokn01\Application Data\vlc 2010-07-16 06:27 . 2010-05-17 11:53 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-13 08:55 . 2010-05-31 13:08 74080680 ----a-w- c:\documents and settings\All Users\Application Data\AGNS\NetClient\agnc_laptopconnect.exe 2010-06-24 08:32 . 2010-06-24 08:32 -------- d-----w- c:\documents and settings\rokn01\Application Data\dvdcss 2010-06-17 10:59 . 2010-06-17 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir 2010-06-12 07:46 . 2010-05-20 08:54 144184 ----a-w- c:\windows\hpwins10.dat 2010-05-27 13:43 . 2010-05-27 13:43 1956808 ----a-w- c:\documents and settings\rokn01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-05-17 20:47 . 2010-05-17 20:47 268435456 --sha-w- C:\WinPEpge.sys 2010-05-17 16:04 . 2010-05-17 16:04 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe 2010-05-17 16:04 . 2010-05-17 16:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe 2010-05-17 16:04 . 2010-05-17 16:04 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-05-17 16:04 . 2010-05-17 16:04 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe 2010-05-17 12:19 . 2010-05-17 12:19 30344 ----a-w- c:\documents and settings\rokn01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-17 12:09 . 2010-05-17 12:09 8464 ----a-w- c:\windows\system32\SpOrder.dll 2010-05-17 11:41 . 2010-05-17 11:41 5273759 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe . ((((((((((((((((((((((((((((( SnapShot@2010-07-24_18.09.25 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-30 23:00 . 2010-07-31 17:54 74004 c:\windows\system32\perfc009.dat - 2009-06-30 23:00 . 2010-07-24 17:57 74004 c:\windows\system32\perfc009.dat + 2010-07-26 08:31 . 2010-07-26 08:31 22528 c:\windows\Installer\1ad9b1.msi + 2010-07-26 08:31 . 2010-07-26 08:31 24064 c:\windows\Installer\1ad9ac.msi - 2009-06-30 23:00 . 2010-07-24 17:57 448302 c:\windows\system32\perfh009.dat + 2009-06-30 23:00 . 2010-07-31 17:54 448302 c:\windows\system32\perfh009.dat + 2010-07-26 09:18 . 2010-07-26 09:17 153376 c:\windows\system32\javaws.exe + 2010-07-26 09:18 . 2010-07-26 09:17 145184 c:\windows\system32\javaw.exe + 2010-07-26 09:18 . 2010-07-26 09:17 145184 c:\windows\system32\java.exe + 2010-07-26 09:18 . 2010-07-26 09:18 180224 c:\windows\Installer\43930c.msi + 2010-07-26 09:17 . 2010-07-26 09:17 677376 c:\windows\Installer\439307.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-10-08 53600] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680] "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530] "Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626] "Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056] "Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512] "MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-06-08 111952] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-3-22 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-3-22 734872] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AT&T Global Network Client\\SwiApiMux.exe"= R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 20:00 26624] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-7-2010 10:31 136176] S2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [8-10-2009 13:48 342368] S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4-11-2008 11:39 14336] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30-6-2009 17:22 96256] S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 20:00 3712] S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8-6-2007 8:36 81280] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17-5-2010 14:10 7680] S3 NetLogSvc;NetLogSvc;c:\progra~1\AT&TGL~1\NETLOG~1.EXE [8-10-2009 13:48 75616] S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [30-6-2009 17:22 65664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 . Inhoud van de 'Gedeelde Taken' map 2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31] 2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31] 2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] 2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] 2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://hands-online.cardo.net/Pages/Default.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html LSP: bmnet.dll . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-31 20:12 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'lsass.exe'(1728) c:\windows\system32\bmnet.dll . Voltooingstijd: 2010-07-31 20:13:34 ComboFix-quarantined-files.txt 2010-07-31 18:13 ComboFix2.txt 2010-07-24 18:13 Pre-Run: 63.144.697.856 bytes free Post-Run: 63.175.106.560 bytes free - - End Of File - - 656D1F7D978A0A715071B11ED905E299
-
F 8 werkt inderdaad prima maar kan niet met mijn gewone inlog naam inloggen ??? Beetje vreemd
-
Ben een leek hoe doe ik dat in veilige modus ? Met een dubbelklik begint eea meteen
-
Daar heeft hij gen trek in 2 x melding van vriscan zoals boven omschreven en dan sluit de computer zelf af. Melding dat er een probleem is ontstaan etc . etc.
-
klik op de M onder in de werkbalk en kan dan inderdaad beveiliging updaten maar gebeurd niets. krijg ook melding Autoupdate dagelijks 17.00 uur: de update is mislukt ( onder all programs en mcAfee )
-
Hallo allemaal krijg de onderstaande melding bij opstarten van mijn computer: Waarschuwing van VirusScan! Naam: C:\Program Files\Internet Explorer\IEXPLORE.EXE:WS2_32.socket Gedetecteerd als: Bufferoverloop:Schrijfbaar Bufferoverloop:Heap Status: Geblokkeerd door Bufferoverloopbeveiliging Is gekomen nadat ik succesvol ( dankzij jullie ) virus van antimale ware doctor heb verwijderd. Alles werkt verder prima maar blijft deze melding geven.
-
Echt geweldig bedankt voor goede en snelle antwoorden. Zelfs een leek als ik begrijp hoe ik eea moet doen echt geweldig. Nogmaals dank.
-
Heb eea 2 x laten draaien en dit is laatste lijst van MBAM. Hoop dat ik er van verlost ben , alvast super bedankt !!!!!!! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26-7-2010 11:23:52 mbam-log-2010-07-26 (11-23-52).txt Scantype: Snelle scan Objecten gescand: 135224 Verstreken tijd: 5 minuut/minuten, 25 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
-
Hallo allemaal , ook k ben helaas ten prooi gevallen aan dit vervelende virus. Kan iemand aangeven hoe verder heb overzicht Hijack al toegevoegd. Alvast bedankt Knip ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:24:15, on 25-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\bmwebcfg.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\AT&T Global Network Client\netcfgsvr.exe C:\Program Files\AT&T Global Network Client\NetClientSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\AT&TGL~1\NETLOG~1.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\rokn01\Local Settings\Temp\{6056AEFE-BB9C-4513-8A99-F1A79B00C1C4}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O10 - Unknown file in Winsock LSP: bmnet.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274095228406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258357224073 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\Software\..\Telephony: DomainName = cardo.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cardo.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cardo.net O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe O23 - Service: Opdracht op afstand iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: AT&T Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Global Network Client\NetClientSvc.exe O23 - Service: NetLogSvc - AT&T - C:\PROGRA~1\AT&TGL~1\NETLOG~1.EXE O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- End of file - 9698 bytes
