Ga naar inhoud

Jan2222

Lid
  • Items

    25
  • Registratiedatum

  • Laatst bezocht

Over Jan2222

  • Verjaardag 08-08-1962

Jan2222's prestaties

  1. Op andere forums zie ik veel vergelijkbare klachten/problemen met de interne memory van deze telefoon. Maar weinig voor mij begrijpelijke oplossingen. Is er iemand die kan helpen ? Zo niet, dan ook svp aangeven, dan zal ik verder zoeken. Bvd
  2. Op zich is HTC Wildfire S een prima telefoon. Echter het interne geheugen is belachelijk klein (512Mb) en wordt ook nog eens door niet-verplaatsbare voor-geinstalleerde apps beperkt, zodat er maar 150 Mb "vrij" is. En dit is met een paar apps (die ook niet altijd naar de SD verplaatst kunnen worden) snel vol. Vaak zelfs te vol zodat updates (ook van HTC) al niet meer kunnen draaien. Het "manage apps" en andere standaard HTC aanpakken brengen geen oplossing. En overal zie je klacthen over dit onmogelijk kleine interne geheugen. Op andere forums lees ik dat er d.m.v. trucs een "vergroot" intern geheugen (tot 2 Gb) op de SD kaart te creeren is. Bijv. op Achteraf het interne geheugen vergroten Wildfire S Nou moet je hiervoor de SD card partitioneren (dat kan ik nog wel), tools? als app2sd gebruiken (wat doet dit?), en Data2SD flashen (hier wordt het moeilijker voor mij ...), etc. Zouden jullie mij een 'handleiding' met stappen kunnen geven wat en hoe te doen ? Veel dank alvast.
  3. Beste, Ik moet toegeven ik ben begonnen op een maagdelijke PC (nooit eerder TomTom geinstalleerd gehad) en kreeg het niet voor elkaar (misschien omdat ik t niet in de standaard directory wilde zetten). Daarna geen enkele opschoning/installatie werkte. Jouw complete cleanup werkte wel ! Zowaar is het me nu gelukt om TTH geinstalleerd te krijgen ! Veel dank.
  4. Beste, Ik heb geen Norton. Wel Panda ... maar na de post hier heb ik verder (ook USA) gecheckt, en het lijkt er op dat TomTom Home bijna nooit goed werkt met de 64 bit versie Windows7. Ofwel de installatie hangt halverwege (HP Compaq desktop) of wel uiteindelijk geinstalleerd (Dell D6400) maar met bovengemelde fout melding bij opstarten van de applicatie. Ook heb ik vele 'bypasses' geprobeerd: - run-as-admin - installeren in C:\progr~2 directory - etc Allemaal zonder effect. Tenzij als jullie een slimme truc weten ?
  5. Beste, Op mijn pc wil ik TomTom Home2 installeren (v.2.8). Als al op vele andere forums aangegeven het lijkt er op dat TTH niet goed werkt met W7 64 bit. Inmiddels vele keren geprobeerd (install - uninstall), maar ook bij 1e poging werkt het niet. TTH wil wel installeren (uiteindelijk) maar wil niet opstarten: error message zie onder. Wie weet raad ? Ik heb al vele opties geprobeerd: - oudere versies (v.2.5) werkt ook niet - DEP uitschakelen werkt ook niet - Run as Admin werkt ook niet Wat te doen ? ERROR: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIProperties.get]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://tthome/content/logic/settings.js :: anonymous :: line 282" data: no] in chrome://tthome/content/logic/settings.js:282 Stack: 0. chrome://tthome/content/logic/settings.js:282 this._dataDir = directoryService.get("Pers", CI.nsIFile); 1. chrome://tthome/content/logic/settings.js:257 this._initAppDirectories(); 2. chrome://tthome/content/logic/app.js:38 this.settings.start(); 3. chrome://tthome/content/ui/mainwin/mainWin.js:44 gApplication.start(); 4. function onLoad chrome://tthome/content/ui/mainwin/mainWin.js:14 gMainWindow.start(); 5. function onload chrome://tthome/content/ui/mainwin/mainWin.xul:1 <?xml version="1.0"?> Time: Wed, 20 Jun 2012 18:17:02 GMT
  6. W7 herinstallatie uitgevoerd, succesvol. Registry is die exe nu ook kwijt. Alles doet het weer gewoon. En de programma's die ik kwijt was of leek te zijn, moet ik gewoon opnieuw installeren. Desktop HP Compag CQ5340nl, met Windows7. Overigens prima pc, geen problemen. Dank voor de support en de tips ! Ga zo door.
  7. Het is hardnekkig. In de registry het proberen te verwijderen blijkt niet mogelijk "unable to delete all specified values"; geldt voor alle 3 items (default, recycle, kb..) in beide locaties. Uw stap hierna het verwijderen van KB828131.exe lukt ook niet, deze file is niet aanwezig op genoemde dir, maar ook nergens in C:\Windows. Het zit kennelijk allemaal erg diep en onaantastbaar. Als eerder gemeld, ik wil W7 herinstallatie gaan doen, dan heb ik tenminste weer schone lei. Echter, weet ik dan zeker dat dit probleem ook echt weg is ? Dwz. bijv. wordt er dan een geheel nieuwe Registry opgebouwd ? Of moet ik een bepaald soort herinstallatie doen ? Veel dank voor de pogingen en de support !
  8. OK, gedaan. Bij de eerste vond hij 2 hits (in dezelfde 'run', eerst bij 'default' de 2e bij 4Y3...etc). Dus intotaal 3 exports: (Als ik hierna iets in de registry moet doen, geen probleem heb ik wel eens eerder moeten doen) Windows Registry Editor Version 5.00 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "4Y3Y0C3AWF7W0VWDBNJJC"="C:\\Recycle.Bin\\B6232F3AFAD.exe /q" "KB828131.exe"="\"C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\KB828131.exe\"" Key Name: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 14-Sep-11 - 19:55 Value 0 Name: 4Y3Y0C3AWF7W0VWDBNJJC Type: REG_SZ Data: C:\Recycle.Bin\B6232F3AFAD.exe /q Value 1 Name: KB828131.exe Type: REG_SZ Data: "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" Key Name: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 14-Sep-11 - 19:55 Value 0 Name: 4Y3Y0C3AWF7W0VWDBNJJC Type: REG_SZ Data: C:\Recycle.Bin\B6232F3AFAD.exe /q Value 1 Name: KB828131.exe Type: REG_SZ Data: "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe"
  9. Avenger leek gewerkt te hebben (geen vaudmeldingen bijv). Maar geen txt file aangemaakt noch te vinden. Daarom maar een nieuwe Hijackthis, maar hier komt de file C:\Recycle.Bin\B6232F3AFAD.exe nog steeds terug (lijkt onuitroeibaar; maar is deze file schadelijk zo vraag ik me af), en mijn diverse progamma's zijn ook nog steeds onvinbaar. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:13:42, on 14-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Talsbak\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [KB828131.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8347 bytes
  10. Als ik Kill.bat opstart, krijg ik reactie in een message.txt file "Unsupported version". In de file uitgepakt zijn er verder nog files zoals: smwncv.exe swreg.exe reboot.exe process.exe regdacl.exe restart.exe Wat moet ik anders doen om het programmatje te laten lopen ?
  11. Hierbij de Hijacklog: Ik begrijp dat je zegt dat de combofix er goed uitziet, maar vele exe prgrammas zowel via start als direct via explorer blijven onvindbaar. Is op dit moment niet de betere oplossing een W7 herinstallatie en herinstallatie van mijn diverese programmas ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:50:11, on 13-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Safe mode with network support Running processes: C:\Users\Talsbak\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [KB828131.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8223 bytes
  12. Hi, Bijgaand de log van combofix, en ook alvast daarna de laatste log van hijackthis. Maar ik zie wel dat die C:\Recycle.Bin\B6232F3AFAD.exe erg hardnekkig is, het is er nog steeds. En de diverse programmas in Startmenu staan nog steeds op <empty> en ook nog steeds onvindbar in explorer. Kan het zijn dat de diverse .exe files toch gewoon gewist zijn ? NB. Ik had in begin gemeld dat 'ik' wel bij het eerste optreden van het virus perongeluk die S.M.A.R.T. had opgestart, kan dat de oorzaak zijn ? Veel dank voor de hulp ! ComboFix 12-05-11.03 - Talsbak 11-May-12 21:54:47.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2112 [GMT 2:00] Running from: c:\users\Talsbak\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marit\Documents\~WRL0099.tmp c:\users\Marit\Documents\~WRL0394.tmp c:\users\Talsbak\AppData\Roaming\Adobe\plugs c:\users\Talsbak\AppData\Roaming\Adobe\shed c:\users\Talsbak\WINDOWS c:\windows\SysWow64\Temp c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1327273388.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1331767812.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_beforeDec_1331767810.dat . . ((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))) . . 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Tessa\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Marit\AppData\Local\temp 2012-05-10 20:10 . 2012-05-10 20:10 -------- d-----w- c:\program files\CCleaner 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\users\Talsbak\AppData\Roaming\Malwarebytes 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\programdata\Malwarebytes 2012-05-08 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 23:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8763E0E7-C835-47C2-8A06-E6E51174CF18}\mpengine.dll 2012-05-06 22:50 . 2012-05-06 23:07 -------- d-----w- c:\windows\system32\MpEngineStore 2012-05-02 11:48 . 2012-05-02 11:48 -------- d-----w- c:\users\Tessa\.jordan 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\users\Talsbak\AppData\Local\Google 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\program files (x86)\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 15:20 . 2012-03-01 15:20 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-23 08:18 . 2010-08-30 19:44 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\0 programs\Apple iTunes\iTunesHelper.exe" [2011-11-12 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\0 programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vtcdrv;GoGear Recovery Mode;c:\windows\system32\DRIVERS\vtcdrv_amd64.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800] S2 MBAMService;MBAMService;c:\0 programs\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: softpedia.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) Wow6432Node-HKU-Default-Run-4Y3Y0C3AWF7W0VWDBNJJC - c:\recycle.bin\B6232F3AFAD.exe Wow6432Node-HKU-Default-Run-KB828131.exe - c:\windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\java.exe c:\windows\SysWOW64\ping.exe c:\windows\SysWOW64\ping.exe . ************************************************************************** . Completion time: 2012-05-11 22:13:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-11 20:13 . Pre-Run: 183,856,726,016 bytes free Post-Run: 184,425,504,768 bytes free . - - End Of File - - 5D4F8681D1CBE14F874570C530FA13A1 ComboFix 12-05-11.03 - Talsbak 11-May-12 21:54:47.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3071.2112 [GMT 2:00] Running from: c:\users\Talsbak\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marit\Documents\~WRL0099.tmp c:\users\Marit\Documents\~WRL0394.tmp c:\users\Talsbak\AppData\Roaming\Adobe\plugs c:\users\Talsbak\AppData\Roaming\Adobe\shed c:\users\Talsbak\WINDOWS c:\windows\SysWow64\Temp c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1327273388.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_afterDec_1331767812.xml c:\windows\SysWow64\Temp\ROL\MemoryRead_beforeDec_1331767810.dat . . ((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))) . . 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Tessa\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-05-11 19:59 . 2012-05-11 19:59 -------- d-----w- c:\users\Marit\AppData\Local\temp 2012-05-10 20:10 . 2012-05-10 20:10 -------- d-----w- c:\program files\CCleaner 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\users\Talsbak\AppData\Roaming\Malwarebytes 2012-05-08 17:35 . 2012-05-08 17:35 -------- d-----w- c:\programdata\Malwarebytes 2012-05-08 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-06 23:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8763E0E7-C835-47C2-8A06-E6E51174CF18}\mpengine.dll 2012-05-06 22:50 . 2012-05-06 23:07 -------- d-----w- c:\windows\system32\MpEngineStore 2012-05-02 11:48 . 2012-05-02 11:48 -------- d-----w- c:\users\Tessa\.jordan 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\users\Talsbak\AppData\Local\Google 2012-04-30 15:48 . 2012-04-30 15:49 -------- d-----w- c:\program files (x86)\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 15:20 . 2012-03-01 15:20 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-23 08:18 . 2010-08-30 19:44 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoTerm.exe"="c:\program files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464] "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\0 programs\Apple iTunes\iTunesHelper.exe" [2011-11-12 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\0 programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648] R3 PCTV340_801;YUAN based TV tuner device;c:\windows\system32\Drivers\dvb7700all.sys [x] R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x] R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vtcdrv;GoGear Recovery Mode;c:\windows\system32\DRIVERS\vtcdrv_amd64.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x] S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x] S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200] S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800] S2 MBAMService;MBAMService;c:\0 programs\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [x] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 15:48] . 2010-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-29 16335464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: softpedia.com\www TCP: DhcpNameServer = 88.159.1.200 88.159.1.201 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-NPSStartup - (no file) Wow6432Node-HKU-Default-Run-4Y3Y0C3AWF7W0VWDBNJJC - c:\recycle.bin\B6232F3AFAD.exe Wow6432Node-HKU-Default-Run-KB828131.exe - c:\windows\system32\config\systemprofile\AppData\Roaming\KB828131.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\java.exe c:\windows\SysWOW64\ping.exe c:\windows\SysWOW64\ping.exe . ************************************************************************** . Completion time: 2012-05-11 22:13:13 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-11 20:13 . Pre-Run: 183,856,726,016 bytes free Post-Run: 184,425,504,768 bytes free . - - End Of File - - 5D4F8681D1CBE14F874570C530FA13A1
  13. Hi, Ik vrees dat het niet veel opgelost heeft. De AMService bestond niet, dus ook geen gestopt/gedeleted. Hijack gedraaid, met fix en clean, CCclearner gedraaid, daarna ook nog Unhide, en ge-reboot. En tenslotte weer de Hijack, zie log hieronder. Echter bijv. de B6232F3AFAD.exe zit er nog steeds in (lijkt onuitroeibaar). En mijn files via Start menu, bijv LInkSys, bijv Panda zijn weg (empty). Maar als eerder gezegd ook via Windows Explorer zijn ook niet te vinden (ook niet na diverse Unhide's). Zouden ze echt geheel gedeleted kunnen zijn ? Bij het aanloggen van jullie site kreeg ik nu een MBAM foutmedling: ... malacious process attempting to start ... C:\USERS\TALSBAK\APPDATA\LOCAL\TEMP\0.9530072868350183.EXE EXPLOIT.DROP.4 Ik heb maar Quarantine gedaan. Dank voor de hulp ! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:32:58, on 10-May-12 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Windows\SysWOW64\java.exe C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\SysWOW64\ping.exe C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\ping.exe C:\Users\Talsbak\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\0 PROGRAMS\Apple iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4Y3Y0C3AWF7W0VWDBNJJC] C:\Recycle.Bin\B6232F3AFAD.exe /q (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: Free Downloads Encyclopedia - Softpedia O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\0 PROGRAMS\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9919 bytes
  14. SOrry, had ik vergeten te melden, Unhide had ik al een paar keer gedraaid, dit had weinig verbetering. De geschetste situatie en Hijack log is van na deze unhide. Dus ik ben nog steeds veel programmas in Start menu kwijt, en eigenlijk ook dus in de WIndows Explorers. Bijv. de panda exe is niet te vinden, is 'weg'.
  15. Toch nog ff een derde reactie. Behalve eerder genoemde zaken: - mijn toolbar is weg - Panda antivirus lijkt compleet ge-de-installeerd (weg) Ook mijn Start > All Programs, bij vele programs is het opstart programma weg, bijv. Administrative Tools, bijv. Panda, bijv. iTunes, bijv. Linksys, bijv. Microsoft Silverlight, bijv. Roxio, bijv. Windows Live, etc etc. Sommige kan ik wel weer re-installeren, maar is er misschien een snellere / completere herstel van deze structuur ? Zijn de programma's er nog wel, of zijn deze echt gewist ? NB. We hebben bij de eerste keer optreden van het virus waarbij er Hard Disk problems gemeld werden geclickt op een 'analysis' button, of zoiets. Dus er is toen misschien wel iets geprocessed. Of is dit normaal gevolg van dit virus ? Met dank !
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.