Ga naar inhoud

Aanbevolen berichten

Dag allemaal,

Ik kreeg een foutmelding dat mijn harde schijf iets voorhad maar het is volgens mij een virus/spyware.

Ik heb geen enkel toegang meer tot mijn eigen map, mijn bureaublad is plots veranderd en ik heb geen snelkoppelinen, geen snelstartmenu meer...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:48:08, on 10/05/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Safari\Safari.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 11654 bytes

--

End of file - 10418 bytes

aangepast door DavidClaes
Link naar bericht
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKCU\..\Run: [trwKcwHFGPMgtX] C:\ProgramData\trwKcwHFGPMgtX.exe

O8 - Extra context menu item: &AOL-werkbalk Zoeken - C:\ProgramData\AOL\ieToolbar\resources\nl-BE\local\search.html

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar bericht
Delen op andere sites

De PC is nu alvast trug snel (het ging geïnfecteerd verschrikkelijk trager).

Ik ben echter precies mijn snelstartmenu (zie nr 2 op onderstaande afbeelding) en mijn start-programma's (nr 1) kwijt.

naamloospx.jpg

Verder ben ik precies alles kwijt wat in mijn persoonlijke map stond. Ik vind er niets van terug door klikkend te zoeken. Met de zoekfunctie kan ik echter wel bestanden opzoeken en ze ook daadwerkelijk openen. Ze zijn in ieder geval niet weg, aangezien mijn beschikbaar geheugen niet vermeerderd is, dus ze staan ERGENS, maar ik weet niet waar..

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6557

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

11/05/2011 23:23:53

mbam-log-2011-05-11 (23-23-53).txt

Scantype: Snelle scan

Objecten gescand: 154649

Verstreken tijd: 7 minuut/minuten, 45 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 2

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\XA5RJ9EADJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\programdata\40886008.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

c:\Users\Özhan\AppData\Local\Temp\tmpFEDC.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.

c:\Users\Özhan\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

c:\Users\Özhan\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

c:\Users\Public\documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\Public\documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:39:24, on 11/05/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Safari\Safari.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_7c71e337\STacSV.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 11685 bytes

aangepast door DavidClaes
Link naar bericht
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar bericht
Delen op andere sites

ComboFix 11-05-11.04 - Özhan 12/05/2011 19:16:19.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3037.1620 [GMT 2:00]

Gestart vanuit: c:\users\Özhan\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))

.

.

2011-05-12 17:33 . 2011-05-12 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-11 21:43 . 2011-05-11 21:43 -------- d-----w- c:\users\Özhan\AppData\Local\{03897765-F225-413D-8FF7-552A83201771}

2011-05-11 20:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD6DC930-779A-4612-9C8A-25BB99BDDBBA}\mpengine.dll

2011-05-10 21:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-05-10 17:08 . 2011-05-10 17:08 -------- d--h--w- c:\users\Özhan\AppData\Local\{77B24EB1-2BBE-4B7C-9586-CF4D3A73EE4C}

2011-05-09 16:28 . 2011-05-09 16:28 -------- d--h--w- c:\users\Özhan\AppData\Local\{CA0D6869-B0BB-4F21-B738-627975D9B495}

2011-05-08 19:54 . 2011-05-08 19:54 -------- d--h--w- c:\users\Özhan\AppData\Local\{83A640E1-9C7E-4C17-A30F-BBDFBAEF066F}

2011-05-07 06:22 . 2011-05-07 06:22 -------- d--h--w- c:\users\Özhan\AppData\Local\{B5DBECDD-9EB5-4DEC-B842-7BAF063C4AD4}

2011-05-06 13:45 . 2011-05-06 13:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{DDBA5139-04C5-4861-8C31-F4F05D6A4A29}

2011-05-05 16:49 . 2011-05-05 16:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{6B165EDF-63A8-41DE-8A13-CD8B361836E4}

2011-05-04 19:16 . 2011-05-04 19:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{677B3AC7-F0A4-47B3-987A-BBF108DE46A3}

2011-05-04 18:40 . 2011-05-04 18:40 -------- d--h--w- c:\users\Özhan\AppData\Local\{888C3697-017F-47B7-AC58-C2E0812EFCEA}

2011-05-04 06:22 . 2011-05-04 06:22 -------- d--h--w- c:\users\Özhan\AppData\Local\{7B459EF2-304A-4CC7-8A48-2E7144E3648F}

2011-05-03 13:31 . 2011-05-03 13:31 -------- d--h--w- c:\users\Özhan\AppData\Local\{9E16AA0C-4DE1-4DB6-AB67-A6EA0FF7958D}

2011-05-03 13:31 . 2011-05-03 13:31 -------- d--h--w- c:\users\Özhan\AppData\Local\{3F555E11-9A5A-4E4E-8EB6-AC8D42DF5B2B}

2011-05-02 13:19 . 2011-05-02 13:19 -------- d--h--w- c:\users\Özhan\AppData\Local\{551B8BBF-851F-42F9-816A-5A3F64B665B9}

2011-05-01 07:37 . 2011-05-01 07:37 -------- d--h--w- c:\users\Özhan\AppData\Local\{D6E19451-3380-4872-A0CE-7513E73801F2}

2011-04-30 19:02 . 2011-04-30 19:02 -------- d--h--w- c:\users\Özhan\AppData\Local\{FC3CEAAD-BC14-42DE-8C07-19F5C0397199}

2011-04-30 06:50 . 2011-04-30 06:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{53B4C300-0393-44C9-B099-C9A3CFEC76E0}

2011-04-30 06:32 . 2011-04-30 06:32 -------- d--h--w- c:\users\Özhan\AppData\Local\{2768199F-7E74-431A-81C0-2E25452519B7}

2011-04-29 16:50 . 2011-04-29 16:50 -------- d--h--w- c:\users\Özhan\AppData\Local\{20613654-3DA3-4F90-B6B7-DFD2DFFADA9E}

2011-04-28 18:11 . 2011-04-28 18:11 -------- d--h--w- c:\users\Özhan\AppData\Local\{F63CEAE5-DC09-4DAF-8408-07CF5551E100}

2011-04-28 07:26 . 2011-04-28 07:26 -------- d--h--w- c:\users\Özhan\AppData\Local\{3986008D-3730-4EED-85BC-466F4A4B74E5}

2011-04-27 13:30 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-04-27 13:30 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-27 13:30 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-27 13:20 . 2011-04-27 13:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{79B10640-B1A3-43AD-A564-AD039A0D391E}

2011-04-26 13:57 . 2011-04-26 13:57 -------- d--h--w- c:\users\Özhan\AppData\Local\{5C1124DE-5F0F-4BCE-BB44-E8A445C71285}

2011-04-26 08:04 . 2011-04-26 08:04 -------- d--h--w- c:\users\Özhan\AppData\Local\{3CB56B16-8198-41D0-A2C7-4A1D057AF863}

2011-04-26 06:40 . 2011-04-26 06:40 -------- d--h--w- c:\users\Özhan\AppData\Local\{05F93685-2A93-4083-BA76-BB0EFBA24FD9}

2011-04-25 20:42 . 2011-04-25 20:42 -------- d--h--w- c:\users\Özhan\AppData\Local\{95B76AC4-ED4B-4ADA-8576-B38E7617EB67}

2011-04-25 07:38 . 2011-04-25 07:38 -------- d--h--w- c:\users\Özhan\AppData\Local\{DB031B21-0CF7-4118-A511-49B674015424}

2011-04-24 10:45 . 2011-04-24 10:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{E1287560-34C9-4570-995B-68C0C5196A20}

2011-04-23 21:55 . 2011-04-23 21:56 -------- d--h--w- c:\users\Özhan\AppData\Local\{D5A0771F-B978-436C-9DFE-F540050979B3}

2011-04-23 08:28 . 2011-04-23 08:29 -------- d--h--w- c:\users\Özhan\AppData\Local\{8060D7DC-3224-48FD-A90C-363CEEDFC744}

2011-04-23 07:36 . 2011-04-23 07:36 -------- d--h--w- c:\users\Özhan\AppData\Local\{C28A647A-C7A9-4B0A-8B59-01AB2D38C13D}

2011-04-22 14:57 . 2011-04-22 14:57 -------- d--h--w- c:\users\Özhan\AppData\Local\{E581C6B9-3D01-46F4-91D9-2B4E32898C14}

2011-04-21 18:35 . 2011-04-21 18:35 -------- d--h--w- c:\users\Özhan\AppData\Local\{058DA037-F348-4C86-B777-558FE3944D27}

2011-04-21 06:34 . 2011-04-21 06:34 -------- d--h--w- c:\users\Özhan\AppData\Local\{693BD419-070E-405C-AF9A-385E92D04AAC}

2011-04-20 07:44 . 2011-04-20 07:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{432D6624-7B00-4230-99B9-68CA9002C7B9}

2011-04-20 07:43 . 2011-04-20 07:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{DCB6226B-6694-4645-9C3D-1EA3CE9431EC}

2011-04-19 10:43 . 2011-04-19 10:44 -------- d--h--w- c:\users\Özhan\AppData\Local\{0724F91D-3102-431E-BC4B-5F9B92A09DB9}

2011-04-18 22:16 . 2011-04-18 22:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{E5863781-D501-4B8E-AC80-EC6CACD21EB4}

2011-04-18 22:16 . 2011-04-18 22:16 -------- d--h--w- c:\users\Özhan\AppData\Local\{AADA36C5-BCF0-4546-83AB-E7491F851DC3}

2011-04-18 09:13 . 2011-04-18 09:13 -------- d--h--w- c:\users\Özhan\AppData\Local\{1C95AC7C-83F9-4734-8512-630CA766934E}

2011-04-17 20:45 . 2011-04-17 20:45 -------- d--h--w- c:\users\Özhan\AppData\Local\{41CB89B8-5807-45FB-8459-2D0024B5A28C}

2011-04-15 07:23 . 2011-04-15 07:23 -------- d--h--w- c:\users\Özhan\AppData\Local\{CBEA1396-5D2D-4EDF-823F-1E196280BB3A}

2011-04-14 18:33 . 2011-04-14 18:33 -------- d--h--w- c:\users\Özhan\AppData\Local\{7C5A024F-F9F3-4F20-BCD8-F3A269A11D42}

2011-04-14 06:21 . 2011-04-14 06:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{FDA3D47A-60CD-4748-A719-BC30A38F82A2}

2011-04-14 06:18 . 2011-04-14 06:21 -------- d--h--w- c:\users\Özhan\AppData\Local\{3D263058-8233-4F24-B40C-6D1955C18104}

2011-04-13 13:03 . 2011-04-13 13:03 -------- d--h--w- c:\users\Özhan\AppData\Local\{6EB30799-E542-42A5-B760-0A26FA052FE5}

2011-04-13 13:02 . 2011-04-13 13:02 -------- d--h--w- c:\users\Özhan\AppData\Local\{90252519-E183-4B8E-B3CA-E86E8E9B6B92}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 12:46 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-03 15:40 . 2011-04-27 13:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-27 13:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-27 13:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-27 13:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-02-22 14:13 . 2011-03-24 07:16 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-24 07:16 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-24 07:16 797696 ----a-w- c:\windows\system32\FntCache.dll

2010-01-06 18:07 . 2010-08-23 21:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-11 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-07 1148200]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]

"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-06 124240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\users\™zhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-11-26 10:19 548352 ---ha-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-11-26 12872]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-11-26 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-11-26 67656]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/13 08:16];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-01-07 23:19 87536]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-01-06 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-01-06 116096]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Özhan\AppData\Roaming\Mozilla\Firefox\Profiles\o3289nvn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.khanacademy.org/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-12 19:34

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2756444411-2769091417-4138663883-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:de,7f,f6,fb,10,15,e1,b4,1d,d4,0e,51,58,48,ed,e7,78,15,33,f8,c2,14,8e,

61,bc,40,13,fe,10,d7,29,6f,f3,8e,36,1d,78,b8,ea,0c,8b,ca,c2,d3,04,09,c2,ee,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

Voltooingstijd: 2011-05-12 19:43:00

ComboFix-quarantined-files.txt 2011-05-12 17:42

.

Pre-Run: 42.860.552.192 bytes beschikbaar

Post-Run: 43.488.018.432 bytes beschikbaar

.

- - End Of File - - 29A321C46A672EF9F808655995C5A8B3

aangepast door DavidClaes
Link naar bericht
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Özhan\AppData\Local\{03897765-F225-413D-8FF7-552A83201771}

c:\users\Özhan\AppData\Local\{77B24EB1-2BBE-4B7C-9586-CF4D3A73EE4C}

c:\users\Özhan\AppData\Local\{CA0D6869-B0BB-4F21-B738-627975D9B495}

c:\users\Özhan\AppData\Local\{83A640E1-9C7E-4C17-A30F-BBDFBAEF066F}

c:\users\Özhan\AppData\Local\{B5DBECDD-9EB5-4DEC-B842-7BAF063C4AD4}

c:\users\Özhan\AppData\Local\{DDBA5139-04C5-4861-8C31-F4F05D6A4A29}

c:\users\Özhan\AppData\Local\{6B165EDF-63A8-41DE-8A13-CD8B361836E4}

c:\users\Özhan\AppData\Local\{677B3AC7-F0A4-47B3-987A-BBF108DE46A3}

c:\users\Özhan\AppData\Local\{888C3697-017F-47B7-AC58-C2E0812EFCEA}

c:\users\Özhan\AppData\Local\{7B459EF2-304A-4CC7-8A48-2E7144E3648F}

c:\users\Özhan\AppData\Local\{9E16AA0C-4DE1-4DB6-AB67-A6EA0FF7958D}

c:\users\Özhan\AppData\Local\{3F555E11-9A5A-4E4E-8EB6-AC8D42DF5B2B}

c:\users\Özhan\AppData\Local\{551B8BBF-851F-42F9-816A-5A3F64B665B9}

c:\users\Özhan\AppData\Local\{D6E19451-3380-4872-A0CE-7513E73801F2}

c:\users\Özhan\AppData\Local\{FC3CEAAD-BC14-42DE-8C07-19F5C0397199}

c:\users\Özhan\AppData\Local\{53B4C300-0393-44C9-B099-C9A3CFEC76E0}

c:\users\Özhan\AppData\Local\{2768199F-7E74-431A-81C0-2E25452519B7}

c:\users\Özhan\AppData\Local\{20613654-3DA3-4F90-B6B7-DFD2DFFADA9E}

c:\users\Özhan\AppData\Local\{F63CEAE5-DC09-4DAF-8408-07CF5551E100}

c:\users\Özhan\AppData\Local\{3986008D-3730-4EED-85BC-466F4A4B74E5}

c:\users\Özhan\AppData\Local\{79B10640-B1A3-43AD-A564-AD039A0D391E}

c:\users\Özhan\AppData\Local\{5C1124DE-5F0F-4BCE-BB44-E8A445C71285}

c:\users\Özhan\AppData\Local\{3CB56B16-8198-41D0-A2C7-4A1D057AF863}

c:\users\Özhan\AppData\Local\{05F93685-2A93-4083-BA76-BB0EFBA24FD9}

c:\users\Özhan\AppData\Local\{95B76AC4-ED4B-4ADA-8576-B38E7617EB67}

c:\users\Özhan\AppData\Local\{DB031B21-0CF7-4118-A511-49B674015424}

c:\users\Özhan\AppData\Local\{E1287560-34C9-4570-995B-68C0C5196A20}

c:\users\Özhan\AppData\Local\{D5A0771F-B978-436C-9DFE-F540050979B3}

c:\users\Özhan\AppData\Local\{8060D7DC-3224-48FD-A90C-363CEEDFC744}

c:\users\Özhan\AppData\Local\{C28A647A-C7A9-4B0A-8B59-01AB2D38C13D}

c:\users\Özhan\AppData\Local\{E581C6B9-3D01-46F4-91D9-2B4E32898C14}

c:\users\Özhan\AppData\Local\{058DA037-F348-4C86-B777-558FE3944D27}

c:\users\Özhan\AppData\Local\{693BD419-070E-405C-AF9A-385E92D04AAC}

c:\users\Özhan\AppData\Local\{432D6624-7B00-4230-99B9-68CA9002C7B9}

c:\users\Özhan\AppData\Local\{DCB6226B-6694-4645-9C3D-1EA3CE9431EC}

c:\users\Özhan\AppData\Local\{0724F91D-3102-431E-BC4B-5F9B92A09DB9}

c:\users\Özhan\AppData\Local\{E5863781-D501-4B8E-AC80-EC6CACD21EB4}

c:\users\Özhan\AppData\Local\{AADA36C5-BCF0-4546-83AB-E7491F851DC3}

c:\users\Özhan\AppData\Local\{1C95AC7C-83F9-4734-8512-630CA766934E}

c:\users\Özhan\AppData\Local\{41CB89B8-5807-45FB-8459-2D0024B5A28C}

c:\users\Özhan\AppData\Local\{CBEA1396-5D2D-4EDF-823F-1E196280BB3A}

c:\users\Özhan\AppData\Local\{7C5A024F-F9F3-4F20-BCD8-F3A269A11D42}

c:\users\Özhan\AppData\Local\{FDA3D47A-60CD-4748-A719-BC30A38F82A2}

c:\users\Özhan\AppData\Local\{3D263058-8233-4F24-B40C-6D1955C18104}

c:\users\Özhan\AppData\Local\{6EB30799-E542-42A5-B760-0A26FA052FE5}

c:\users\Özhan\AppData\Local\{90252519-E183-4B8E-B3CA-E86E8E9B6B92}

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar bericht
Delen op andere sites

ComboFix 11-05-12.04 - Özhan 13/05/2011 19:14:31.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3037.1733 [GMT 2:00]

Gestart vanuit: c:\users\Özhan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Özhan\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Özhan\AppData\Local\{03897765-F225-413D-8FF7-552A83201771}

c:\users\Özhan\AppData\Local\{058DA037-F348-4C86-B777-558FE3944D27}

c:\users\Özhan\AppData\Local\{05F93685-2A93-4083-BA76-BB0EFBA24FD9}

c:\users\Özhan\AppData\Local\{0724F91D-3102-431E-BC4B-5F9B92A09DB9}

c:\users\Özhan\AppData\Local\{1C95AC7C-83F9-4734-8512-630CA766934E}

c:\users\Özhan\AppData\Local\{20613654-3DA3-4F90-B6B7-DFD2DFFADA9E}

c:\users\Özhan\AppData\Local\{2768199F-7E74-431A-81C0-2E25452519B7}

c:\users\Özhan\AppData\Local\{3986008D-3730-4EED-85BC-466F4A4B74E5}

c:\users\Özhan\AppData\Local\{3CB56B16-8198-41D0-A2C7-4A1D057AF863}

c:\users\Özhan\AppData\Local\{3D263058-8233-4F24-B40C-6D1955C18104}

c:\users\Özhan\AppData\Local\{3F555E11-9A5A-4E4E-8EB6-AC8D42DF5B2B}

c:\users\Özhan\AppData\Local\{41CB89B8-5807-45FB-8459-2D0024B5A28C}

c:\users\Özhan\AppData\Local\{432D6624-7B00-4230-99B9-68CA9002C7B9}

c:\users\Özhan\AppData\Local\{53B4C300-0393-44C9-B099-C9A3CFEC76E0}

c:\users\Özhan\AppData\Local\{551B8BBF-851F-42F9-816A-5A3F64B665B9}

c:\users\Özhan\AppData\Local\{5C1124DE-5F0F-4BCE-BB44-E8A445C71285}

c:\users\Özhan\AppData\Local\{677B3AC7-F0A4-47B3-987A-BBF108DE46A3}

c:\users\Özhan\AppData\Local\{693BD419-070E-405C-AF9A-385E92D04AAC}

c:\users\Özhan\AppData\Local\{6B165EDF-63A8-41DE-8A13-CD8B361836E4}

c:\users\Özhan\AppData\Local\{6EB30799-E542-42A5-B760-0A26FA052FE5}

c:\users\Özhan\AppData\Local\{77B24EB1-2BBE-4B7C-9586-CF4D3A73EE4C}

c:\users\Özhan\AppData\Local\{79B10640-B1A3-43AD-A564-AD039A0D391E}

c:\users\Özhan\AppData\Local\{7B459EF2-304A-4CC7-8A48-2E7144E3648F}

c:\users\Özhan\AppData\Local\{7C5A024F-F9F3-4F20-BCD8-F3A269A11D42}

c:\users\Özhan\AppData\Local\{8060D7DC-3224-48FD-A90C-363CEEDFC744}

c:\users\Özhan\AppData\Local\{83A640E1-9C7E-4C17-A30F-BBDFBAEF066F}

c:\users\Özhan\AppData\Local\{888C3697-017F-47B7-AC58-C2E0812EFCEA}

c:\users\Özhan\AppData\Local\{90252519-E183-4B8E-B3CA-E86E8E9B6B92}

c:\users\Özhan\AppData\Local\{95B76AC4-ED4B-4ADA-8576-B38E7617EB67}

c:\users\Özhan\AppData\Local\{9E16AA0C-4DE1-4DB6-AB67-A6EA0FF7958D}

c:\users\Özhan\AppData\Local\{AADA36C5-BCF0-4546-83AB-E7491F851DC3}

c:\users\Özhan\AppData\Local\{B5DBECDD-9EB5-4DEC-B842-7BAF063C4AD4}

c:\users\Özhan\AppData\Local\{C28A647A-C7A9-4B0A-8B59-01AB2D38C13D}

c:\users\Özhan\AppData\Local\{CA0D6869-B0BB-4F21-B738-627975D9B495}

c:\users\Özhan\AppData\Local\{CBEA1396-5D2D-4EDF-823F-1E196280BB3A}

c:\users\Özhan\AppData\Local\{D5A0771F-B978-436C-9DFE-F540050979B3}

c:\users\Özhan\AppData\Local\{D6E19451-3380-4872-A0CE-7513E73801F2}

c:\users\Özhan\AppData\Local\{DB031B21-0CF7-4118-A511-49B674015424}

c:\users\Özhan\AppData\Local\{DCB6226B-6694-4645-9C3D-1EA3CE9431EC}

c:\users\Özhan\AppData\Local\{DDBA5139-04C5-4861-8C31-F4F05D6A4A29}

c:\users\Özhan\AppData\Local\{E1287560-34C9-4570-995B-68C0C5196A20}

c:\users\Özhan\AppData\Local\{E581C6B9-3D01-46F4-91D9-2B4E32898C14}

c:\users\Özhan\AppData\Local\{E5863781-D501-4B8E-AC80-EC6CACD21EB4}

c:\users\Özhan\AppData\Local\{F63CEAE5-DC09-4DAF-8408-07CF5551E100}

c:\users\Özhan\AppData\Local\{FC3CEAAD-BC14-42DE-8C07-19F5C0397199}

c:\users\Özhan\AppData\Local\{FDA3D47A-60CD-4748-A719-BC30A38F82A2}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))

.

.

2011-05-13 17:29 . 2011-05-13 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-13 08:02 . 2011-05-13 08:02 -------- d-----w- c:\users\Özhan\AppData\Local\{975E193F-5A2C-4ADF-ABB1-05564A48F449}

2011-05-12 17:52 . 2011-05-12 17:52 -------- d-----w- c:\users\Özhan\AppData\Local\{195342DD-7A3C-4452-AE15-0B7C1FB3C4C2}

2011-05-12 17:52 . 2011-05-12 17:52 -------- d-----w- c:\users\Özhan\AppData\Local\{14909596-8EEC-404F-8864-B7F74159993D}

2011-05-11 20:41 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD6DC930-779A-4612-9C8A-25BB99BDDBBA}\mpengine.dll

2011-05-10 21:53 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-04-27 13:30 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-04-27 13:30 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-27 13:30 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 12:46 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-03 15:40 . 2011-04-27 13:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-27 13:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-27 13:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-27 13:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-02-22 14:13 . 2011-03-24 07:16 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-24 07:16 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-24 07:16 797696 ----a-w- c:\windows\system32\FntCache.dll

2010-01-06 18:07 . 2010-08-23 21:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-11 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-01-07 1148200]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-01-08 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-01-08 189736]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-01-23 484408]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-21 483420]

"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-06 124240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\users\™zhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2010-11-26 10:19 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-11-26 12872]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-11-26 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-11-26 67656]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/13 08:16];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-01-07 23:19 87536]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-01-06 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-01-06 116096]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Özhan\AppData\Roaming\Mozilla\Firefox\Profiles\o3289nvn.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.khanacademy.org/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-13 19:29

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2756444411-2769091417-4138663883-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:de,7f,f6,fb,10,15,e1,b4,1d,d4,0e,51,58,48,ed,e7,78,15,33,f8,c2,14,8e,

61,bc,40,13,fe,10,d7,29,6f,f3,8e,36,1d,78,b8,ea,0c,8b,ca,c2,d3,04,09,c2,ee,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

Voltooingstijd: 2011-05-13 19:33:05

ComboFix-quarantined-files.txt 2011-05-13 17:32

ComboFix2.txt 2011-05-12 17:43

.

Pre-Run: 42.735.026.176 bytes beschikbaar

Post-Run: 43.925.499.904 bytes beschikbaar

.

- - End Of File - - 9884534634D8D003208FFC8A84B0C858

Link naar bericht
Delen op andere sites

Deze mappen mag je nog manueel verwijderen :

c:\users\Özhan\AppData\Local\{975E193F-5A2C-4ADF-ABB1-05564A48F449}

c:\users\Özhan\AppData\Local\{195342DD-7A3C-4452-AE15-0B7C1FB3C4C2}

c:\users\Özhan\AppData\Local\{14909596-8EEC-404F-8864-B7F74159993D}

... en laat dan even weten hoe de toestand nu is ?

Link naar bericht
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...