bakker86
-
Items
15 -
Registratiedatum
-
Laatst bezocht
bakker86's prestaties
-
als ik inlog op mijn ouders account en dan dat bestandje zoekt staat er in C:\gebruikers\openbaar\AppData\Local\Temp helemaal niks in in mijn map en ook die van mijn ouders zit geen appdata mapje alleen in de openbaar
-
ik heb het dr web programma volledig gevolgt na 5:45 uur gaf ie geen fouten aan het probleem blijft zich jammer genoeg nog steeds voor doen kan ik niet het bestandje wat hij zoekt kopieeren en in de goede map plakken of zo iets dergelijks ---------------------------- ----------------------------------------------------------------------------- Scan statistieken ----------------------------------------------------------------------------- Objecten gescand: 316529 Geïnfecteerde objecten gevonden: 0 Gemodificeerde objecten gevonden: 0 Verdachte objecten gevonden: 0 Adware programma's gevonden: 0 Dialer programma's gevonden: 0 Joke programma's gevonden: 0 Riskware programma's gevonden: 0 Hacktool programma's gevonden: 0 Objecten gerepareerd: 0 Objecten verwijderd: 0 Objecten hernoemd: 0 Objecten verplaatst: 0 Objecten genegeerd: 0 Scan snelheid: 156 Kb/s Scan tijd: 5:44:14 ----------------------------------------------------------------------------- ============================================================================= Totale sessie statistieken ============================================================================= Objecten gescand: 0 Geïnfecteerde objecten gevonden: 0 Gemodificeerde objecten gevonden: 0 Verdachte objecten gevonden: 0 Adware programma's gevonden: 0 Dialer programma's gevonden: 0 Joke programma's gevonden: 0 Riskware programma's gevonden: 0 Hacktool programma's gevonden: 0 Objecten gerepareerd: 0 Objecten verwijderd: 0 Objecten hernoemd: 0 Objecten verplaatst: 0 Objecten genegeerd: 0 Scan snelheid: 0 Kb/s Scan tijd: 0:00:00
-
ok ik heb niethelemaal gedaan wat je zei ik ben vanmiddag met een voledige scan begonnen het duurde vrij lang dus ben na een uur weggegaan na 4 uur stond de pc uit, hij zal omdat er niks meer actief gebeurde ofzo zichzelf afgesloten hebben. wel had ie in dat eerste uur een fout gevonden en gerepareerd/verwijderd savonds heb ik het wel gedaan volgens jou schema snelle scan duurde een uur en de volledige scan heb ik na 4 uur ofzo zelf onderbroken hij heeft zon 60% gehad maar kan hem niet telkens van de zelf uitschakeling ..??..... afhouden. nu bewoog ik zo om het half uur met de muis.. ik moet nu slapen enz maar heb wel wat van een logboek ook deze keer had ie 1 fout gevonden het is maar een heel klein stukje omdat het al een mega grote lijst is kan ik straks niet de rest verder scannen of moet ik weer helemaal opnieuw beginnen C:\Windows\winsxs\x86_agp.inf.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_1cb2e0f2a3163b32\agp.inf_loc - OK C:\Windows\winsxs\x86_agp.inf.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_1cb2e0f2a3163b32\GAGP30KX.SYS.mui - OK C:\Windows\winsxs\x86_agp.inf.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_1cb2e0f2a3163b32\UAGP35.SYS.mui - OK C:\Windows\winsxs\x86_agp.inf_31bf3856ad364e35_6.0.6001.18000_none_6c002146e0cbc529\agp.inf - OK C:\Windows\winsxs\x86_agp.inf_31bf3856ad364e35_6.0.6001.18000_none_6c002146e0cbc529\GAGP30KX.SYS - OK C:\Windows\winsxs\x86_agp.inf_31bf3856ad364e35_6.0.6001.18000_none_6c002146e0cbc529\UAGP35.SYS - leesfout - decompressiefout ----------------------------------------------------------------------------- Scan statistieken ----------------------------------------------------------------------------- Objecten gescand: 254225 Geïnfecteerde objecten gevonden: 1 Gemodificeerde objecten gevonden: 0 Verdachte objecten gevonden: 0 Adware programma's gevonden: 0 Dialer programma's gevonden: 0 Joke programma's gevonden: 0 Riskware programma's gevonden: 0 Hacktool programma's gevonden: 0 Objecten gerepareerd: 1 Objecten verwijderd: 0 Objecten hernoemd: 0 Objecten verplaatst: 0 Objecten genegeerd: 0 Scan snelheid: 270 Kb/s Scan tijd: 4:08:27 -----------------------------------------------------------------------------
-
combofix is er nu wel af op de c schijf staan nog wel het bestandje C:\32788R22fwjfw de andere 2 zijn weg en opnieuw een geeft ie nog steeds in mijn map de fout aan
-
ik heb de naam ingevoerd met hoodletters en spaties en al, hij gaat dus opnieuw scannen. en na het rapport staat hij er nog op kan ik eventueel niet verder met ccleaner en dan toch combofix erop laten staan ---------- Post toegevoegd om 18:15 ---------- Vorige post was om 18:07 ---------- ben ik weer, ik heb dus nog wel steeds combofix op de pc staan. maar wel heb ik 5 keer ccleaner laten scannen (2 keer gaf hij dus fouten aan) als ik weer mijn eigen account opstart krijg ik jammer genoeg nog steeds de zelfde melding. het is dus ook nog steeds zo dat als ik msn/ explorer of wat adn ook wil opstarten dat hij dan vraagt/zoekt naar een bestandje zodat het geopend kan worden. (wat een gedoe zeg zon virus.)
-
ja dat wel maar dan geeft ie weer aan dat ie gaat scanne ofzo ( of hij scant eerst en verwijderd dan ofzo?)
-
als ik dat invoer bij uitvoeren, dan begint combofix opnieuw met opstarten (er staan geen typische verwijder dingen zoals weet u zeker dat u wilt verwijderen.) ik kan ook geen un unstal linkje vinden op de pc. dus combofix staat er nog steeds op. ik heb al wel ccleaner erop staan
-
[h=3]Jotti's malware scan[/h][TABLE=class: top left] [TR] [TD=width: 100]Bestandsnaam:[/TD] [TD]startup.exe[/TD] [/TR] [TR] [TD]Status:[/TD] [TD]Scan voltooid. 0 uit 20 scanners vonden malware. [/TD] [/TR] [TR] [TD]Scan genomen op: [/TD] [TD]do 23 jun 2011 11:40:12 (CET) Permalink[/TD] [/TR] [TR] [TD][/TD] [TD][/TD] [TD][/TD] [TD][/TD] [/TR] [/TABLE] [h=3]Extra informatie[/h][TABLE=class: scannertable] [TR] [TD=width: 100]Bestandsgrootte:[/TD] [TD]72208 bytes[/TD] [/TR] [TR] [TD=width: 100]Bestandstype:[/TD] [TD]PE32 executable for MS Windows (GUI) Intel 80386 32-bit[/TD] [/TR] [TR] [TD]MD5:[/TD] [TD]64fc2310ec8dee43cd01ca610d4ebc24[/TD] [/TR] [TR] [TD]SHA1:[/TD] [TD]4d52ed5bab05d0f6cd646db1167b6ebb2688ec1a[/TD] [/TR] [/TABLE] [h=3]Scanners[/h][TABLE=class: scannertable] [TR] [TD=width: 85][/TD] [TD=class: vcentre]arcavir 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]f-secure 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]avasst! 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]g data 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]avg 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]ikarus 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]antivir 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]kaspersky 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]bitdefender 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]nod 32 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]clam av 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]panda 2011-06-22 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]cp secure 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]quick heal 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]dr. web 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]sophos 2011-06-23 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]emsisoft 2011-06-23 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]vba32 2011-06-22 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]f.prot 2011-06-22 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]virusbuster 2011-06-22 Niets gevonden [/TD] [/TR] [/TABLE]
-
ComboFix 11-06-21.08 - venhorst 22-06-2011 12:44:23.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1271 [GMT 2:00] Gestart vanuit: d:\venhorst\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\venhorst\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mark\AppData\Local\{026509AF-8C35-466D-9AD1-011C91ECAABB} c:\users\Mark\AppData\Local\{026AE78C-C4C7-4E5B-9EBE-14122040B0B1} c:\users\Mark\AppData\Local\{08053603-350D-43E2-AD2E-A21C90C09E0B} c:\users\Mark\AppData\Local\{09766101-14F3-4275-B166-17358FC2DE83} c:\users\Mark\AppData\Local\{0E9588C6-1C7A-4BF8-9A18-BA8DF02FC7CB} c:\users\Mark\AppData\Local\{0F6AEB5B-1DF7-47FA-A2E8-895D0D9A742F} c:\users\Mark\AppData\Local\{11CA78C0-0E42-484C-871C-9EB01503652F} c:\users\Mark\AppData\Local\{18806BB1-B4F4-41C9-9018-EDE7503ECA78} c:\users\Mark\AppData\Local\{1D02BF8A-9B72-46D1-81C8-24F4F1FFD60A} c:\users\Mark\AppData\Local\{245D401B-3E48-4137-9C8A-C51A0DA3509F} c:\users\Mark\AppData\Local\{2FBEFC7A-C47D-4824-96F0-6076562A8F3F} c:\users\Mark\AppData\Local\{30347CDA-899A-44CA-8FAB-4B336EE79735} c:\users\Mark\AppData\Local\{3CFEAB6E-3F93-4701-81F8-3BF03AA21471} c:\users\Mark\AppData\Local\{3EA682A2-0BE6-4F88-8EF4-201EE3AEFC66} c:\users\Mark\AppData\Local\{448A1939-F9AB-4E4B-817A-C49DA4C856AB} c:\users\Mark\AppData\Local\{486212BC-1503-416C-A103-5587BF0029D6} c:\users\Mark\AppData\Local\{4AD136E0-6B35-48BF-AEBD-7D8AAA972ECA} c:\users\Mark\AppData\Local\{53395A9B-918B-4313-8F2C-9CD71BEF64F0} c:\users\Mark\AppData\Local\{54724B90-CEE4-4143-958C-170236BCB9D6} c:\users\Mark\AppData\Local\{604C4886-79AC-4EE7-BAAF-CC5879C18FA3} c:\users\Mark\AppData\Local\{64B72EF3-6689-43FE-96EE-98ED7CF49A59} c:\users\Mark\AppData\Local\{6A8A8214-C911-4377-B8E9-68B7A3ED1E33} c:\users\Mark\AppData\Local\{718149D3-068B-46A6-B16C-71763384E652} c:\users\Mark\AppData\Local\{75D8AD08-D2A3-46C4-A323-B3B2A3B94F9C} c:\users\Mark\AppData\Local\{892C38AD-8066-4990-B4DB-BECFC459B418} c:\users\Mark\AppData\Local\{99F911CC-645E-4BB7-8A16-5CA5061877A5} c:\users\Mark\AppData\Local\{B5A39BFF-A4D1-42AC-8C11-1BE49746A571} c:\users\Mark\AppData\Local\{C461E486-0985-4E64-A0DA-E1FE672691C0} c:\users\Mark\AppData\Local\{CDB6DCA2-4D84-4231-8284-08A17CBC7252} c:\users\Mark\AppData\Local\{D6C33819-69A4-45F8-85DA-A1AE438F3ECF} c:\users\Mark\AppData\Local\{DB809130-211F-4283-A522-DF15FC7C6DF5} c:\users\Mark\AppData\Local\{E01F0E56-9761-4A71-AF13-AC204B05B352} c:\users\Mark\AppData\Local\{EAA262B5-0869-408F-9B6A-82D2AF395185} c:\users\Mark\AppData\Local\{FE4CABB2-8D3E-45D2-8E7C-FB441FB3D932} c:\users\venhorst\AppData\Local\{0086579A-385C-430E-A563-5C1F64723560} c:\users\venhorst\AppData\Local\{04672E2C-13F9-4CFC-A6AD-2F2310BAB02E} c:\users\venhorst\AppData\Local\{0EB245C0-9445-4871-B028-7E69787D3DAA} c:\users\venhorst\AppData\Local\{363610FF-745A-4632-AC92-1DF7D7D68F58} c:\users\venhorst\AppData\Local\{4653FD4E-2694-4A5E-BEFB-CFB6201F6390} c:\users\venhorst\AppData\Local\{4DF4A96E-EB41-4C79-A35F-70E97DB8496C} c:\users\venhorst\AppData\Local\{4E73AD9B-1A7E-4DA5-9100-AC83F80D2F84} c:\users\venhorst\AppData\Local\{528309E5-52D5-4FBD-9A44-1F833B708E6C} c:\users\venhorst\AppData\Local\{6425ADD2-1B1C-4C42-99E0-2323BF370011} c:\users\venhorst\AppData\Local\{7D57CF8E-1125-479F-BCAE-2947CA708D6B} c:\users\venhorst\AppData\Local\{A568BFB2-2F3E-465B-B589-0ACA487A6374} c:\users\venhorst\AppData\Local\{C3A97BB0-913A-4720-B076-5A0DA3253336} c:\users\venhorst\AppData\Local\{EF72147A-8D59-4AA4-8613-B4D1F6DA43E4} c:\users\venhorst\AppData\Local\{F09E289E-EE3B-4691-B296-55B3CAE9BC3E} . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Parameters . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))) . . 2011-06-22 10:50 . 2011-06-22 10:51 -------- d-----w- c:\users\venhorst\AppData\Local\temp 2011-06-22 10:50 . 2011-06-22 10:50 -------- d-----w- c:\users\Mark\AppData\Local\temp 2011-06-22 10:50 . 2011-06-22 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-22 10:38 . 2011-06-22 10:42 -------- d-----w- C:\32788R22FWJFW 2011-06-22 05:45 . 2011-06-22 05:45 -------- d-----w- c:\users\venhorst\AppData\Local\{981D65E7-ADC5-4798-A3C5-84A52AE6B675} 2011-06-21 11:52 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-21 11:52 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-21 11:52 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-21 10:39 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E6E6FB-8667-44BF-8B35-DC1836065E3A}\mpengine.dll 2011-06-21 10:34 . 2011-06-21 10:35 -------- d-----w- c:\users\venhorst\AppData\Local\{E3CBE598-D317-48DA-9B23-23644673187F} 2011-06-20 17:54 . 2011-06-20 17:54 -------- d-----w- c:\program files\CCleaner 2011-06-20 17:47 . 2011-06-20 17:47 -------- d-----w- c:\users\venhorst\AppData\Roaming\Reviversoft 2011-06-20 17:47 . 2011-06-15 09:34 16704 ----a-w- c:\windows\system32\roboot.exe 2011-06-20 16:01 . 2011-06-20 16:01 388096 ----a-r- c:\users\venhorst\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-20 16:01 . 2011-06-20 16:01 -------- d-----w- c:\program files\Trend Micro 2011-06-20 14:36 . 2011-06-20 14:36 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-20 14:36 . 2011-06-20 14:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-20 14:36 . 2011-06-20 14:36 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-06-20 14:36 . 2011-06-20 14:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-20 14:36 . 2011-06-20 14:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-20 14:36 . 2011-06-20 14:36 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe 2011-06-20 14:36 . 2011-06-20 14:36 161792 ----a-w- c:\windows\system32\msls31.dll 2011-06-20 14:36 . 2011-06-20 14:36 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-20 14:36 . 2011-06-20 14:36 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe 2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2011-06-20 13:36 . 2011-06-20 13:36 -------- d-----w- c:\users\venhorst\AppData\Local\{5FB75C1F-ECDE-4AF6-AB5A-4AE3AC5420A4} 2011-06-16 07:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 07:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 07:08 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 07:08 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 07:08 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 07:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 07:08 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 07:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 07:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-16 07:08 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2011-03-19 04:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2011-03-19 04:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14 . 2009-10-03 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-17 15:04 . 2011-05-17 15:04 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-18 18:03 . 2011-03-23 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-03 90112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13515296] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-22 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\venhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ setup_9.0.0.722_18.03.2011_10-06[1].lnk - d:\venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe [2011-3-18 72208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 09:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] 2007-03-01 06:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] 2008-04-10 13:14 1107848 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 13:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-10-22 11:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-12-05 03:31 4710400 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] 2009-01-28 11:07 325768 ----a-w- c:\program files\SPAMfighter\SFAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2824765490-2991581602-2276664270-1001] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 FXDrv32;FXDrv32;F:\FXDrv32.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968] S0 69891592;69891592 Boot Guard Driver;c:\windows\system32\DRIVERS\69891592.sys [2009-10-22 37392] S1 69891591;69891591;c:\windows\system32\DRIVERS\69891591.sys [2009-09-25 128016] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyServer = proxy.arnhem.chello.nl:80 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-22 12:51 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2824765490-2991581602-2276664270-1000\Software\SecuROM\License information*] "datasecu"=hex:d9,79,5d,ef,9e,5d,f1,a5,8b,3c,bb,81,23,24,cc,2f,67,95,e4,0e,04, d0,cf,33,7d,a4,4d,72,e2,d4,02,29,d5,a1,53,10,d3,c4,c5,50,69,8c,4d,bb,5f,6e,\ "rkeysecu"=hex:28,64,c1,a7,73,4b,fa,73,eb,8f,6e,9b,28,f5,1b,35 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-06-22 12:56:33 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-22 10:56 ComboFix2.txt 2011-06-21 21:13 . Pre-Run: 2.023.362.560 bytes beschikbaar Post-Run: 1.975.668.736 bytes beschikbaar . - - End Of File - - D46A59B1BAB6FF1E158A05D9B62C886A gedaan wat je zei hellaas moet ik melden dat nog steeds het probleem zich voor doet ik zie wel dat er op de c schijf 3 nieuwe bestandjes zijn $RECYCLE.BIN 32788R22fwjfw Qoobox (de eerste 2 zijn leeg) de Qoobox staan een paar bestanden in zoals map: backEnv map: quarantine txt: add-remove programs txt: cfscript_user-2011-22-12.44.06 txt: combofix2 txt: combofix2-quarantined-files dat: snapshot@2011-06-22_10.51.51.dat
-
tot nu toe gelukt (ik schakel de firewall enz weer in) dit is het logbestandje ComboFix 11-06-21.05 - venhorst 21-06-2011 22:59:41.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1264 [GMT 2:00] Gestart vanuit: d:\venhorst\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\HyvesToolbar\Hyves Toolbar\tbHElper.dll c:\windows\system32\8cb6910.log . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Parameters . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))) . . 2011-06-21 11:52 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-21 11:52 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-21 11:52 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-21 10:39 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E6E6FB-8667-44BF-8B35-DC1836065E3A}\mpengine.dll 2011-06-21 10:34 . 2011-06-21 10:35 -------- d-----w- c:\users\venhorst\AppData\Local\{E3CBE598-D317-48DA-9B23-23644673187F} 2011-06-20 17:54 . 2011-06-20 17:54 -------- d-----w- c:\program files\CCleaner 2011-06-20 17:47 . 2011-06-20 17:47 -------- d-----w- c:\users\venhorst\AppData\Roaming\Reviversoft 2011-06-20 17:47 . 2011-06-15 09:34 16704 ----a-w- c:\windows\system32\roboot.exe 2011-06-20 16:01 . 2011-06-20 16:01 388096 ----a-r- c:\users\venhorst\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-20 16:01 . 2011-06-20 16:01 -------- d-----w- c:\program files\Trend Micro 2011-06-20 14:36 . 2011-06-20 14:36 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-20 14:36 . 2011-06-20 14:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-20 14:36 . 2011-06-20 14:36 748336 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-06-20 14:36 . 2011-06-20 14:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-20 14:36 . 2011-06-20 14:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-20 14:36 . 2011-06-20 14:36 307200 ----a-w- c:\program files\Internet Explorer\iediagcmd.exe 2011-06-20 14:36 . 2011-06-20 14:36 161792 ----a-w- c:\windows\system32\msls31.dll 2011-06-20 14:36 . 2011-06-20 14:36 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-20 14:36 . 2011-06-20 14:36 107008 ----a-w- c:\program files\Internet Explorer\iecleanup.exe 2011-06-20 14:06 . 2011-06-20 14:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2011-06-20 13:36 . 2011-06-20 13:36 -------- d-----w- c:\users\venhorst\AppData\Local\{5FB75C1F-ECDE-4AF6-AB5A-4AE3AC5420A4} 2011-06-20 11:00 . 2011-06-20 11:00 -------- d-----w- c:\users\Mark\AppData\Local\{64B72EF3-6689-43FE-96EE-98ED7CF49A59} 2011-06-20 03:35 . 2011-06-20 03:35 -------- d-----w- c:\users\Mark\AppData\Local\{026AE78C-C4C7-4E5B-9EBE-14122040B0B1} 2011-06-19 14:32 . 2011-06-19 14:33 -------- d-----w- c:\users\venhorst\AppData\Local\{363610FF-745A-4632-AC92-1DF7D7D68F58} 2011-06-19 09:47 . 2011-06-19 09:47 -------- d-----w- c:\users\Mark\AppData\Local\{026509AF-8C35-466D-9AD1-011C91ECAABB} 2011-06-18 05:26 . 2011-06-18 05:26 -------- d-----w- c:\users\Mark\AppData\Local\{11CA78C0-0E42-484C-871C-9EB01503652F} 2011-06-17 16:59 . 2011-06-17 17:00 -------- d-----w- c:\users\venhorst\AppData\Local\{A568BFB2-2F3E-465B-B589-0ACA487A6374} 2011-06-17 08:05 . 2011-06-17 08:05 -------- d-----w- c:\users\Mark\AppData\Local\{18806BB1-B4F4-41C9-9018-EDE7503ECA78} 2011-06-16 10:35 . 2011-06-16 10:35 -------- d-----w- c:\users\Mark\AppData\Local\{1D02BF8A-9B72-46D1-81C8-24F4F1FFD60A} 2011-06-16 07:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 07:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 07:08 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 07:08 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 07:08 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 07:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 07:08 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 07:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 07:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-16 07:08 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-16 07:01 . 2011-06-16 07:01 -------- d-----w- c:\users\venhorst\AppData\Local\{EF72147A-8D59-4AA4-8613-B4D1F6DA43E4} 2011-06-15 11:35 . 2011-06-15 11:35 -------- d-----w- c:\users\venhorst\AppData\Local\{F09E289E-EE3B-4691-B296-55B3CAE9BC3E} 2011-06-15 09:02 . 2011-06-15 09:02 -------- d-----w- c:\users\Mark\AppData\Local\{245D401B-3E48-4137-9C8A-C51A0DA3509F} 2011-06-14 15:05 . 2011-06-14 15:05 -------- d-----w- c:\users\Mark\AppData\Local\{FE4CABB2-8D3E-45D2-8E7C-FB441FB3D932} 2011-06-14 03:04 . 2011-06-14 03:05 -------- d-----w- c:\users\Mark\AppData\Local\{30347CDA-899A-44CA-8FAB-4B336EE79735} 2011-06-13 17:28 . 2011-06-13 17:29 -------- d-----w- c:\users\venhorst\AppData\Local\{0EB245C0-9445-4871-B028-7E69787D3DAA} 2011-06-13 10:05 . 2011-06-13 10:05 -------- d-----w- c:\users\Mark\AppData\Local\{3EA682A2-0BE6-4F88-8EF4-201EE3AEFC66} 2011-06-12 07:21 . 2011-06-12 07:22 -------- d-----w- c:\users\Mark\AppData\Local\{0E9588C6-1C7A-4BF8-9A18-BA8DF02FC7CB} 2011-06-11 11:56 . 2011-06-11 11:56 -------- d-----w- c:\users\venhorst\AppData\Local\{4DF4A96E-EB41-4C79-A35F-70E97DB8496C} 2011-06-11 09:49 . 2011-06-11 09:49 -------- d-----w- c:\users\Mark\AppData\Local\{604C4886-79AC-4EE7-BAAF-CC5879C18FA3} 2011-06-10 04:34 . 2011-06-10 04:34 -------- d-----w- c:\users\Mark\AppData\Local\{53395A9B-918B-4313-8F2C-9CD71BEF64F0} 2011-06-09 18:48 . 2011-06-09 18:48 -------- d-----w- c:\users\venhorst\AppData\Local\{4E73AD9B-1A7E-4DA5-9100-AC83F80D2F84} 2011-06-09 08:02 . 2011-06-09 08:02 -------- d-----w- c:\users\Mark\AppData\Local\{D6C33819-69A4-45F8-85DA-A1AE438F3ECF} 2011-06-08 07:48 . 2011-06-08 07:49 -------- d-----w- c:\users\Mark\AppData\Local\{99F911CC-645E-4BB7-8A16-5CA5061877A5} 2011-06-07 17:37 . 2011-06-07 17:37 -------- d-----w- c:\users\venhorst\AppData\Local\{7D57CF8E-1125-479F-BCAE-2947CA708D6B} 2011-06-07 07:36 . 2011-06-07 07:36 -------- d-----w- c:\users\Mark\AppData\Local\{54724B90-CEE4-4143-958C-170236BCB9D6} 2011-06-06 16:34 . 2011-06-06 16:34 -------- d-----w- c:\users\Mark\AppData\Local\{CDB6DCA2-4D84-4231-8284-08A17CBC7252} 2011-06-06 04:33 . 2011-06-06 04:33 -------- d-----w- c:\users\Mark\AppData\Local\{2FBEFC7A-C47D-4824-96F0-6076562A8F3F} 2011-06-05 19:42 . 2011-06-05 19:43 -------- d-----w- c:\users\venhorst\AppData\Local\{0086579A-385C-430E-A563-5C1F64723560} 2011-06-05 10:05 . 2011-06-05 10:05 -------- d-----w- c:\users\Mark\AppData\Local\{4AD136E0-6B35-48BF-AEBD-7D8AAA972ECA} 2011-06-04 16:45 . 2011-06-04 16:46 -------- d-----w- c:\users\Mark\AppData\Local\{09766101-14F3-4275-B166-17358FC2DE83} 2011-06-04 04:44 . 2011-06-04 04:45 -------- d-----w- c:\users\Mark\AppData\Local\{C461E486-0985-4E64-A0DA-E1FE672691C0} 2011-06-03 08:10 . 2011-06-03 08:10 -------- d-----w- c:\users\Mark\AppData\Local\{DB809130-211F-4283-A522-DF15FC7C6DF5} 2011-06-02 10:08 . 2011-06-02 10:08 -------- d-----w- c:\users\Mark\AppData\Local\{448A1939-F9AB-4E4B-817A-C49DA4C856AB} 2011-06-02 10:01 . 2011-06-02 10:01 -------- d-----w- c:\users\venhorst\AppData\Local\{C3A97BB0-913A-4720-B076-5A0DA3253336} 2011-06-01 20:23 . 2011-06-01 20:24 -------- d-----w- c:\users\venhorst\AppData\Local\{04672E2C-13F9-4CFC-A6AD-2F2310BAB02E} 2011-06-01 09:13 . 2011-06-01 09:13 -------- d-----w- c:\users\Mark\AppData\Local\{0F6AEB5B-1DF7-47FA-A2E8-895D0D9A742F} 2011-05-31 10:41 . 2011-05-31 10:41 -------- d-----w- c:\users\Mark\AppData\Local\{75D8AD08-D2A3-46C4-A323-B3B2A3B94F9C} 2011-05-30 15:13 . 2011-05-30 15:14 -------- d-----w- c:\users\Mark\AppData\Local\{718149D3-068B-46A6-B16C-71763384E652} 2011-05-30 03:12 . 2011-05-30 03:13 -------- d-----w- c:\users\Mark\AppData\Local\{6A8A8214-C911-4377-B8E9-68B7A3ED1E33} 2011-05-29 18:58 . 2011-05-29 18:59 -------- d-----w- c:\users\venhorst\AppData\Local\{6425ADD2-1B1C-4C42-99E0-2323BF370011} 2011-05-29 10:12 . 2011-05-29 10:12 -------- d-----w- c:\users\Mark\AppData\Local\{E01F0E56-9761-4A71-AF13-AC204B05B352} 2011-05-28 08:12 . 2011-05-28 08:13 -------- d-----w- c:\users\Mark\AppData\Local\{3CFEAB6E-3F93-4701-81F8-3BF03AA21471} 2011-05-27 08:32 . 2011-05-27 08:32 -------- d-----w- c:\users\Mark\AppData\Local\{08053603-350D-43E2-AD2E-A21C90C09E0B} 2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- c:\users\venhorst\AppData\Local\{528309E5-52D5-4FBD-9A44-1F833B708E6C} 2011-05-26 10:31 . 2011-05-26 10:31 -------- d-----w- c:\users\Mark\AppData\Local\{892C38AD-8066-4990-B4DB-BECFC459B418} 2011-05-25 13:11 . 2011-05-25 13:11 -------- d-----w- c:\users\Mark\AppData\Local\{486212BC-1503-416C-A103-5587BF0029D6} 2011-05-24 09:01 . 2011-05-24 09:01 -------- d-----w- c:\users\Mark\AppData\Local\{B5A39BFF-A4D1-42AC-8C11-1BE49746A571} 2011-05-23 18:55 . 2011-05-23 18:55 -------- d-----w- c:\users\Mark\AppData\Local\{EAA262B5-0869-408F-9B6A-82D2AF395185} 2011-05-23 11:59 . 2011-05-23 11:59 -------- d-----w- c:\users\venhorst\AppData\Local\{4653FD4E-2694-4A5E-BEFB-CFB6201F6390} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2011-03-19 04:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2011-03-19 04:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14 . 2009-10-03 08:00 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-17 15:04 . 2011-05-17 15:04 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-18 18:03 . 2011-03-23 15:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-03 90112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13515296] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-22 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\venhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ setup_9.0.0.722_18.03.2011_10-06[1].lnk - d:\venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe [2011-3-18 72208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2008-11-20 09:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] 2007-03-01 06:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] 2008-04-10 13:14 1107848 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 13:30 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 13:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-10-22 11:11 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-12-05 03:31 4710400 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] 2009-01-28 11:07 325768 ----a-w- c:\program files\SPAMfighter\SFAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2824765490-2991581602-2276664270-1001] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 FXDrv32;FXDrv32;F:\FXDrv32.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-28 184968] S0 69891592;69891592 Boot Guard Driver;c:\windows\system32\DRIVERS\69891592.sys [2009-10-22 37392] S1 69891591;69891591;c:\windows\system32\DRIVERS\69891591.sys [2009-09-25 128016] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03] . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 13:03] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyServer = proxy.arnhem.chello.nl:80 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 FF - ProfilePath - . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{AB8DC1E0-22BE-4181-B77E-02C495E031F8} - c:\program files\HyvesToolbar\Hyves Toolbar\tbcore3.dll HKLM-Run-NPSStartup - (no file) MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-21 23:09 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2824765490-2991581602-2276664270-1000\Software\SecuROM\License information*] "datasecu"=hex:d9,79,5d,ef,9e,5d,f1,a5,8b,3c,bb,81,23,24,cc,2f,67,95,e4,0e,04, d0,cf,33,7d,a4,4d,72,e2,d4,02,29,d5,a1,53,10,d3,c4,c5,50,69,8c,4d,bb,5f,6e,\ "rkeysecu"=hex:28,64,c1,a7,73,4b,fa,73,eb,8f,6e,9b,28,f5,1b,35 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-06-21 23:13:26 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-21 21:13 . Pre-Run: 1.134.051.328 bytes beschikbaar Post-Run: 1.986.080.768 bytes beschikbaar . - - End Of File - - CFFDA7D6D1CDBBA33693FA0DD0EAE751
-
hij staat zowiezo onder C:\windows\system32 Ps ik zit nu wel steeds in mijn ouders account. via daar zoek ik alles op en ben ik steeds online, en scan ik alles. maar dat moet dacht ik toch niet uitmaken)
-
Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6903 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 21-6-2011 13:22:09 mbam-log-2011-06-21 (13-22-09).txt Scantype: Volledige scan (C:\|D:\|) Objecten gescand: 298030 Verstreken tijd: 38 minuut/minuten, 10 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:30:20, on 21-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:80 O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe -rem O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: setup_9.0.0.722_18.03.2011_10-06[1].lnk = D:\Venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7324 bytes ---------- Post toegevoegd om 13:39 ---------- Vorige post was om 13:31 ---------- ik heb gedaan wat er gezegd is. maar nu ik weer op mijn eigen account inlog blijft nog steeds hetzelfde probleem
-
ok dan ga ik slapen en ben morgen weer online al vast bedankt voor de hulp
-
dit is mijn scan (ik heb ook al dingen geprobeerd met ccleaner maar dat werkte ook niet (wel zijn er veel bstanden hersteld en verwijderd) Bij mijn anti-malwarebytes programma staan de verwijderde infecties nog wel in de quarantaine box Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:57:36, on 20-6-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.arnhem.chello.nl:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file) O2 - BHO: TBSB00081 - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\ShareazaTb\ShareazaDx.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - C:\Program Files\ShareazaTb\ShareazaDx.dll O3 - Toolbar: Hyves Toolbar - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe -rem O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: setup_9.0.0.722_18.03.2011_10-06[1].lnk = D:\Venhorst\Desktop\Virus Removal Tool\setup_9.0.0.722_18.03.2011_10-06[1]\startup.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7885 bytes
-
Ik heb een verkeerde site gezeten en toen ik later de dag de pc ging opstarten kreeg ik deze melding Kan het bestand C:\Users\gebruikersnaam\AppData\Local\Temp\csrss.exe, dat in het register staat vermeld, niet laden of starten. Controleer of dit bestand bestaat op uw computer of verwijder de verwijzing naar dit bestand uit het register. Ik heb via mijn ouders acount de volgende stappen ondernomen. Ik heb vervolgens malwarebytes anti-malware, voledig erover heen gescand. en hij had 9 trojan.. gevonden. die heb ik verwijderd. vervolgens ben ik in mijn eigen acount ingelogt en bleef het berichtje zich voordoen. ditmaal heb ik via malwarebytes een snelle scan gedaan maar geen resultaat ( de oude verwijderde bestanden staan nog wel in de quarantaine lijst) ik heb al een paar berichten na gelopen via internet en lees steeds dingen over trend micro hijackthis. ik heb het al wel gedownload en een scan gedaan maar weet niet wat ik nu verder moet doen. wie kan mij helpen zodat ik in mijn eigen acount gewoon weer kan internetten/msn enz....
