Ga naar inhoud

acer73

Lid
  • Items

    22
  • Registratiedatum

  • Laatst bezocht

acer73's prestaties

  1. ik wil nog niet opgeven.. is dr nog iets wat ik kan doen.. iets laten runnen.. anti malware ... search and distroy.. iets??
  2. heb jij een windows xp disk?? mag ik je dat vragen??
  3. ik hoorde iemand zegge.. alles dr afdonderen en xp opnieuw instaleren.. maar ik heb geen disk met xp professionl dr op.. zou dit alles wel het probleem oplossen??
  4. kape, ooo wat erg dit allemaal.. het lukt niet... de F8 toets doet niets als ik dat zwarte scherm in het begin zie.. er popt niets op.. na de start zijn alle files wederom verdwenen.. valt die POST ook na het opstarten op te roepen?? zie jij nog een uitweg??
  5. Bij het opstarten geeft ie dit aan: Windows cannot load the locally stored profile, insufficiant security right. en Windows cannot find the locally profile and is login you to a temporaly file.
  6. deze blijft maar opkomen bij ccleaner. Unused file extension {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79 Registry key HKCR/80b8c23c etc etc.. heb deze handmatig moeten overnemen hierboven copy c en copy v werkte niet. heb combofix niet kunnen vinden.. op desktop was die al weer weggevaagd.. toen ik Qoobox intoetste kwamen daar ook files van combofix, die heb ik handmatig verwijderd. en vanuit de recyclebin ook verwijderd.. bij het opstarten vd computer verdwijnt googlechrome nog steeds en andere..??? pppfff tjesusnogantoe!
  7. Dit is het log van evenger, na het heropstarten van mn computer waren wederom een aantal zaken vd desktop verdwenen. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\system32\drivers\inpirbui.sys" not found! Deletion of file "c:\windows\system32\drivers\inpirbui.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\drivers\njud.sys" not found! Deletion of file "c:\windows\system32\drivers\njud.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "zysfmrom" deleted successfully. Driver "inpirbui" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  8. uitkomst: ComboFix 11-07-12.04 - Rob 19-07-2011 22:10:01.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.462 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\system32\drivers\inpirbui.sys" "c:\windows\system32\drivers\njud.sys" . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 16:15 . 2011-07-19 16:15 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys 2011-07-19 16:14 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\mpengine.dll 2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft 2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKslf4020c74;MpKslf4020c74;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6EE36C3-AC76-4832-96E8-8CF0248DA4BA}\MpKslf4020c74.sys [19-7-2011 18:15 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLF4020C74 . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003UA.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 22:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2744) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-19 22:18:25 ComboFix-quarantined-files.txt 2011-07-19 20:18 ComboFix2.txt 2011-07-19 12:03 ComboFix3.txt 2011-07-19 11:49 ComboFix4.txt 2011-07-19 09:18 . Pre-Run: 9.578.541.056 bytes free Post-Run: 9.569.624.064 bytes free . - - End Of File - - F031576398A239DA71FE15364462D20B
  9. Kape, is dit een uitzonderlijk probleem? weet even niet wat ik moet doen. hoop dat je me kan genezen! ben me ervan bewust dat we nu best lang bezig zijn al. ben vast niet de enige met problemen. ---------- Post toegevoegd om 16:44 ---------- Vorige post was om 16:39 ---------- zo ziet hijack er nu uit. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:44:25, on 19-7-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\PixArt\PAC7311\Monitor.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\acer\Wireless\Utility\WlanUtil.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [acerWireless] C:\Program Files\acer\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- End of file - 9358 bytes
  10. hoop dat ik alles goed doe zo! dit is het log wat eruit kwam.. ComboFix 11-07-12.04 - Rob 19-07-2011 13:57:51.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.452 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\TEMP.ROBBERT\Desktop\CFScript.txt..txt AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . FILE :: "c:\windows\system32\ConduitEngine.tmp" "c:\windows\system32\drivers\inpirbui.sys" "c:\windows\system32\drivers\njud.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 11:20 . 2011-07-19 11:20 -------- d-----w- c:\program files\Reviversoft 2011-07-19 11:20 . 2011-05-17 12:51 16704 ----a-w- c:\windows\system32\roboot.exe 2011-07-19 06:29 . 2011-07-19 06:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys 2011-07-18 19:47 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\mpengine.dll 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] "Registry Reviver"="c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe" [2011-05-17 1736000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKsle511d34b;MpKsle511d34b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys [19-7-2011 8:29 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPFILTERDRIVER *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSERVICE *NewlyCreated* - MPKSLE511D34B . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 13:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-07-19 14:03:32 ComboFix-quarantined-files.txt 2011-07-19 12:03 ComboFix2.txt 2011-07-19 11:49 ComboFix3.txt 2011-07-19 09:18 . Pre-Run: 9.001.283.584 bytes free Post-Run: 8.986.345.472 bytes free . - - End Of File - - C12AC9BE1B54083AF21571DEC4DAD063
  11. speciall, ik begrijp niet wat je bedoelt, ben wel een leek hier Kape heeft me tot dusver geholpen.. het laatste wat ik gedaan heb is het log opgestuurd.. zie je daar wat raars aan??
  12. oke, heb even verder gekeken, moest op buroblad geinstalleerd worden. hier bij het log wat dr uit kwam: ComboFix 11-07-12.04 - Rob 19-07-2011 11:11:47.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.482 [GMT 2:00] Running from: c:\documents and settings\TEMP.ROBBERT\My Documents\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 06:29 . 2011-07-19 06:29 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys 2011-07-18 19:47 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\mpengine.dll 2011-07-18 18:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-18 18:51 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-18 18:51 . 2011-07-18 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-18 15:38 . 2011-07-18 15:38 -------- d-----w- c:\program files\Trend Micro 2011-07-15 13:25 . 2011-06-07 06:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-07-14 20:16 . 2011-07-14 20:16 1409 ----a-w- c:\windows\QTFont.for 2011-07-14 09:26 . 2011-07-14 09:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-07-14 09:03 . 2011-07-14 09:04 -------- d-----w- c:\documents and settings\TEMP 2011-07-14 08:57 . 2011-07-14 09:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-14 08:57 . 2011-07-14 09:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 08:57 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-07-14 08:57 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\program files\Avira 2011-07-14 08:57 . 2011-07-14 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-07-14 07:57 . 2011-07-14 07:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-07-14 07:53 . 2011-07-14 07:53 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2011-07-12 07:50 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-07-12 07:50 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-07-12 07:41 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2011-07-12 07:37 . 2011-07-12 07:37 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-07-12 07:31 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FC3D1FB0-CBE7-4022-9A02-F2B82BEF5E44}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 15:55 . 2009-05-14 18:11 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-12-18 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-26 11:07 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784] "SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096] "PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-02 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-01-01 16:41 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "anbmService"=2 (0x2) "VSS"=3 (0x3) "ImapiService"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 . R1 MpKsle511d34b;MpKsle511d34b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{666738D8-8E9E-46D7-BC64-67FEA9EE599C}\MpKsle511d34b.sys [19-7-2011 8:29 28752] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14-7-2011 10:57 136360] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-7-2011 20:51 366640] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [4-11-2004 19:29 140288] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-7-2011 20:51 22712] S0 zysfmrom;zysfmrom;c:\windows\system32\drivers\njud.sys --> c:\windows\system32\drivers\njud.sys [?] S1 inpirbui;inpirbui;\??\c:\windows\system32\drivers\inpirbui.sys --> c:\windows\system32\drivers\inpirbui.sys [?] S1 MpKsl391eed21;MpKsl391eed21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DFCEF06-E255-46EC-B112-9E8A31F4F7C8}\MpKsl391eed21.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4-12-2009 15:41 135664] S3 PAC7311;Trust CP-2300 Webcam;c:\windows\system32\drivers\PA707UCM.SYS [14-3-2007 11:57 449024] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPFILTERDRIVER *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSERVICE *NewlyCreated* - MPKSLE511D34B . Contents of the 'Scheduled Tasks' folder . 2011-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc21ea7d9468a6.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 13:40] . 2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc21c077c16c.job - c:\documents and settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 10:01] . 2011-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc40e769f38cb6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4200a05de7e6.job - c:\documents and settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-14 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4228f5d67760.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc426b7f8f5cdc.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc44b5a04fb790.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc4550b5511c56.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-920026266-682003330-1003Core1cc45dec386b6c6.job - c:\documents and settings\TEMP.ROBBERT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-19 12:33] . 2011-07-19 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . - - - - ORPHANS REMOVED - - - - . HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe MSConfigStartUp-AntiMalware - c:\program files\AntiMalware\antimalware.exe MSConfigStartUp-QuickDownloadPack - c:\program files\QuickDownloadPack\qdpack.exe MSConfigStartUp-Spontania Video Collaboration - c:\program files\Spontania Video Collaboration\SpontaniaVideoCollaboration.exe AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe AddRemove-Adobe_6c8e2cb4fd241c55406016127a6ab2e - c:\program files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe AddRemove-Adobe_719d6f144d0c086a0dfa7ff76bb9ac1 - c:\program files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-07-19 11:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(180) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-07-19 11:18:58 ComboFix-quarantined-files.txt 2011-07-19 09:18 . Pre-Run: 8.831.782.912 bytes free Post-Run: 9.044.918.272 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E3C396B096258467C4121AAACE469659
  13. Avira uitgeschakeld en microsoft security essentials..anti malwarebites krijg ik niet uigeschakeld als ik nu combifix download en laat runne begint ie te scannen ik krijg m niet op mn desktop geinstalleerd.. dan krijg ik een melding dat ik combifix niet als combifix 1 mag noemen.. alles wat dan openstaat op mn desktop verdwijnt dan... ---------- Post toegevoegd om 10:59 ---------- Vorige post was om 10:53 ---------- ik krijg dus: you cannot rename combofix as combofix (1) please use another name preferably madeup of alphanumeric caracter
  14. ben dr inderdaad mee bezig,heb hijack nogmaals laten lopen, krijg deze niet verwijderd: O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) zal nu avira proberen uit te schakelen en doen wat je zegt. spreek je zo weer. ---------- Post toegevoegd om 10:10 ---------- Vorige post was om 09:58 ---------- Kape, krijg deze niet verwijderd! heb avira op deactivated gezet. O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
  15. heb net mn computer opnieuw opgestart, wederom mn desktop leeg met dingen die dr gedownload waren.. mmmm raar hor. hoop dat je me nog een aantal handvaten kan geven! Mvg, Robert.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.