Ga naar inhoud

Der

Lid
  • Items

    12
  • Registratiedatum

  • Laatst bezocht

Der's prestaties

  1. firefox blijft nog regelmatig hangen IE heeft hier veel minder last van firefox verwijderd en opnieuw geïnstaleerd. andere laptop via draadloos werkt op dezelfde tijd dat deze hangt uitstekend
  2. Ik ga IE proberen en probeer zo rond het middaguur te posten of er problemen zijn
  3. Helaas laadt hij soms de pagina nog steeds niet of heel traag, na rfresh pakt hij hem soms wel meteen. En andere keer laadt hij dezelfde pagina wel gewoon wel dirct
  4. Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 26-1-2012 21:11:47 Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 26-1-2012 21:13:03 Key: HKEY_CURRENT_USER\software\ThankSoft Ontdekt: Trace.Registry.MaskSurf!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Ontdekt: Trace.Registry.Trymedia!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Ontdekt: Trace.Registry.Trymedia!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1060 Ontdekt: Trace.TrackingCookie.adserv!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1166 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:3998 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5565 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5566 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5567 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5569 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5570 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5571 Ontdekt: Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\alt.binaries.b4e\Frostwire\googleearthprodec0depatch.exe Ontdekt: Trojan.Win32.Patcher.AMN!A2 C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\wizard\Nero 9.2.5.0+Keygen[h33t]MasterUploader\Keygen\nero9 keygen STR!D3R.exe Ontdekt: Riskware.Keygen.Nero!IK C:\Program Files\Google\Google Earth Pro\googleearthprodec0depatch.exe Ontdekt: Trojan.Win32.Patcher.AMN!A2 C:\Program Files\HijackThis\backups\backup-20120126-000712-808.dll Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Program Files\Shockwave.com\Super Collapse! II\product\Relapse.exe Ontdekt: Backdoor.Win32.VB.mly!A2 C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Ontdekt: Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Program Files\winzip\WinZip_Pro_12.0.8252\WinZip Pro 12.0.8252\Keygen\keygen.exe Ontdekt: Riskware.Keygen.WinZIP!IK C:\Program Files\Zylom Games\Super Collapse! Puzzle Gallery 5 Deluxe\supercollapsepuzzlegallery5.exe Ontdekt: AdWare.SuspectCRC!IK C:\Qoobox\Quarantine\C\WINDOWS\system32\ntDefender.exe.vir Ontdekt: Trojan.Win32.SuspectCRC!IK C:\System Volume Information\_restore{FB680ACD-4DB6-449F-8F17-D44ACAB9732A}\RP610\A0086822.exe Ontdekt: Trojan.Win32.SuspectCRC!IK Gescand Bestanden: 358314 Sporen: 404020 Cookies: 1035 Processen: 58 Gevonden Bestanden: 11 Sporen: 3 Cookies: 10 Processen: 0 Registersleutels: 0 Scan Geëindigd: 27-1-2012 0:13:32 Scantijd: 3:00:29 C:\Qoobox\Quarantine\C\WINDOWS\system32\ntDefender.exe.vir Verwijderd Trojan.Win32.SuspectCRC!IK C:\System Volume Information\_restore{FB680ACD-4DB6-449F-8F17-D44ACAB9732A}\RP610\A0086822.exe Verwijderd Trojan.Win32.SuspectCRC!IK C:\Program Files\Zylom Games\Super Collapse! Puzzle Gallery 5 Deluxe\supercollapsepuzzlegallery5.exe Verwijderd AdWare.SuspectCRC!IK C:\Program Files\winzip\WinZip_Pro_12.0.8252\WinZip Pro 12.0.8252\Keygen\keygen.exe Verwijderd Riskware.Keygen.WinZIP!IK C:\Program Files\Shockwave.com\Super Collapse! II\product\Relapse.exe Verwijderd Backdoor.Win32.VB.mly!A2 C:\Program Files\HijackThis\backups\backup-20120126-000712-808.dll Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Verwijderd Trojan.Win32.Toolbar.SearchSuite.AMN!A2 C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\wizard\Nero 9.2.5.0+Keygen[h33t]MasterUploader\Keygen\nero9 keygen STR!D3R.exe Verwijderd Riskware.Keygen.Nero!IK C:\Documents and Settings\Dennis\Mijn documenten\UseNeXT\alt.binaries.b4e\Frostwire\googleearthprodec0depatch.exe Verwijderd Trojan.Win32.Patcher.AMN!A2 C:\Program Files\Google\Google Earth Pro\googleearthprodec0depatch.exe Verwijderd Trojan.Win32.Patcher.AMN!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5565 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5566 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5567 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5569 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5570 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:5571 Verwijderd Trace.TrackingCookie.zedo.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:3998 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1166 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\cookies.sqlite:1060 Verwijderd Trace.TrackingCookie.adserv!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Verwijderd Trace.Registry.Trymedia!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Verwijderd Trace.Registry.Trymedia!A2 Key: HKEY_CURRENT_USER\software\ThankSoft Verwijderd Trace.Registry.MaskSurf!A2 Verwijderd Bestanden: 11 Sporen: 3 Cookies: 9
  5. De computer is opnieuw opgestart. site zoals Telegraaf.nl laadt nog steeds ultra langzaam en na een paar x refreshen gaat hij verder. Andere laptop ook draadloos ernaast gezet geen enkle probleem ! Hieronder een nieuwe log. ps alvast bedankt voor de moeite die je hier in steekt ComboFix 12-01-26.01 - Dennis 26-01-2012 16:49:05.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1156 [GMT 1:00] Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Dennis\Mijn documenten\Downloads\cfscript.txt AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . FILE :: "c:\windows\system32\ntDefender.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Dennis\AppData c:\documents and settings\Dennis\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} c:\documents and settings\Dennis\Application Data\searchquband c:\windows\system32\ntDefender.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BRMJVBKN -------\Service_brmjvbkn . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))) . . 2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro 2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy 2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe 2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys . ((((((((((((((((((((((((((((( SnapShot@2012-01-26_09.16.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-26 16:05 . 2012-01-26 16:05 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728] "EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dleecoms.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336] S3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - cpuz132 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job - c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57] . 2012-01-26 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = local uInternet Settings,ProxyServer = 127.0.0.1:8118 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\ FF - prefs.js: browser.search.selectedEngine - Google . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-26 17:10 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2420) c:\documents and settings\Dennis\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\dleecoms.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\simlock remote client\fah\FahCore_a4.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Voltooingstijd: 2012-01-26 17:15:05 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-26 16:15 ComboFix2.txt 2012-01-26 14:24 ComboFix3.txt 2012-01-26 09:17 . Pre-Run: 27.996.737.536 bytes beschikbaar Post-Run: 28.160.581.632 bytes beschikbaar . - - End Of File - - 4E40C98828C908D04435569ED7D37782
  6. ComboFix 12-01-26.01 - Dennis 26-01-2012 15:15:15.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.1161 [GMT 1:00] Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))) . . 2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro 2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy 2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\AppData 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\Application Data\searchquband . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe 2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-05-31 14:25 179201 --sh--r- c:\windows\system32\ntDefender.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728] "EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dleecoms.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 brmjvbkn;IP Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [15-4-2008 13:00 14336] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192] S2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ135 *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs brmjvbkn . Inhoud van de 'Gedeelde Taken' map . 2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job - c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57] . 2012-01-24 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = local uInternet Settings,ProxyServer = 127.0.0.1:8118 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q= . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Banner Maker Pro 6_is1 - c:\program files\Banner Maker Pro 6\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-26 15:23 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\netprovcredman.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(5856) c:\documents and settings\Dennis\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll . Voltooingstijd: 2012-01-26 15:24:54 ComboFix-quarantined-files.txt 2012-01-26 14:24 ComboFix2.txt 2012-01-26 09:17 . Pre-Run: 28.307.660.800 bytes beschikbaar Post-Run: 28.345.536.512 bytes beschikbaar . - - End Of File - - E420F272152F5E68DEDEF5088B690744
  7. Tekst opgeslagen hoe het bestand in combofix te krijgen ? Map op c schijf genaamd combofix lijkt leeg te zijn heeft het zich ergens anders geinstaleerd
  8. Nu wel compleet ! ComboFix 12-01-23.02 - Dennis 26-01-2012 10:04:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.733 [GMT 1:00] Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\documents and settings\All Users\Application Data\TEMP c:\program files\Internet Explorer\iesettings.ceb c:\program files\Setup-SopCast-3.2.9-2010-3-23.exe c:\windows\system32\dllcache\ciadmin.dll.new c:\windows\system32\launch.bat c:\windows\system32\launch.vbs c:\windows\system32\logg.txt c:\windows\system32\net.vbs c:\windows\tmp.log c:\windows\tmpp.log . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))) . . 2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro 2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy 2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\AppData 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\Application Data\searchquband . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe 2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-05-31 14:25 179201 --sh--r- c:\windows\system32\ntDefender.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-02-07 13:55 . B8C5DB62C058D42FA711996A493C96D6 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2010-02-07 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "dleemon.exe"="c:\program files\Dell V715w\dleemon.exe" [2011-01-23 770728] "EzPrint"="c:\program files\Dell V715w\ezprint.exe" [2011-01-23 139944] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mcafee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dleecoms.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [31-10-2010 8:22 14208] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15-6-2011 16:33 249648] R2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe -service --> c:\windows\system32\dleecoms.exe -service [?] R3 cpuz135;cpuz135;\??\c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Dennis\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3-4-2009 12:07 108032] R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3-4-2009 12:00 51288] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3-4-2009 12:00 43608] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 brmjvbkn;IP Traffic Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [15-4-2008 13:00 14336] S2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dleeserv.exe [16-10-2011 21:35 193192] S2 srsfah;srsfah;c:\program files\Simlock Remote Client\Fah\fah.exe [18-9-2010 16:22 422400] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7-7-2011 18:31 195336] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 13:49 227232] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ZD1211BU(Atheros);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [14-8-2009 14:19 500736] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ135 *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs brmjvbkn . Inhoud van de 'Gedeelde Taken' map . 2012-01-26 c:\windows\Tasks\PCCT - MAGIX AG.job - c:\progra~1\MAGIX\PC_CHE~1\MxTray.exe [2010-10-31 16:57] . 2012-01-24 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-06-18 20:18] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = local uInternet Settings,ProxyServer = 127.0.0.1:8118 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\nk1x80jq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) HKLM-Run-ZDWLan_Utility - (no file) HKLM-Run-AutoEJCD_0ACE20FF - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-26 10:15 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\netprovcredman.dll c:\windows\system32\igfxdev.dll . Voltooingstijd: 2012-01-26 10:17:53 ComboFix-quarantined-files.txt 2012-01-26 09:17 . Pre-Run: 25.671.127.040 bytes beschikbaar Post-Run: 28.373.037.056 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A01FF4A03ABBFDD29BB9FC8FA27B39E2
  9. ComboFix 12-01-23.02 - Dennis 26-01-2012 10:04:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1977.733 [GMT 1:00] Gestart vanuit: c:\documents and settings\Dennis\Mijn documenten\Downloads\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\documents and settings\All Users\Application Data\TEMP c:\program files\Internet Explorer\iesettings.ceb c:\program files\Setup-SopCast-3.2.9-2010-3-23.exe c:\windows\system32\dllcache\ciadmin.dll.new c:\windows\system32\launch.bat c:\windows\system32\launch.vbs c:\windows\system32\logg.txt c:\windows\system32\net.vbs c:\windows\tmp.log c:\windows\tmpp.log . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))) . . 2012-01-25 23:13 . 2012-01-25 23:13 388096 ----a-r- c:\documents and settings\Dennis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-25 23:13 . 2012-01-25 23:13 -------- d-----w- c:\program files\Trend Micro 2012-01-24 18:15 . 2012-01-25 16:38 -------- d-----w- c:\program files\Speccy 2012-01-24 16:53 . 2012-01-24 16:53 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\AppData 2012-01-04 18:21 . 2012-01-04 18:21 -------- d-----w- c:\documents and settings\Dennis\Application Data\searchquband . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2008-04-15 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2008-04-15 12:00 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-10 04:54 . 2011-01-24 08:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2009-04-03 16:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2008-04-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2001-01-26 22:37 . 2009-05-23 08:23 172605 ----a-w- c:\program files\mproxy12.exe 2012-01-24 16:53 . 2012-01-21 22:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-05-31 14:25 179201 --sh--r- c:\windows\system32\ntDefender.exe
  10. Malwarebytes' Anti-Malware 1.44 Database versie: 3697 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 24-1-2012 22:07:52 mbam-log-2012-01-24 (22-07-52).txt Scan type: Volledige Scan (C:\|) Objecten gescand: 282551 Verstreken tijd: 1 hour(s), 59 minute(s), 25 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:14:18, on 26-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MAGIX\PC_CHE~1\MxTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell V715w\dleemon.exe C:\Program Files\Dell V715w\ezprint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\dleecoms.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\simlock remote client\fah\fah.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\simlock remote client\fah\FahCore_a4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\mcafee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dleemon.exe] "C:\Program Files\Dell V715w\dleemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell V715w\ezprint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: dleeCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe O23 - Service: dlee_device - - C:\WINDOWS\system32\dleecoms.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: srsfah - Unknown owner - C:\Program Files\simlock remote client\fah\fah.exe -- End of file - 11405 bytes
  11. Logfile of HijackThis v1.99.1 Scan saved at 11:34:00, on 25-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\MAGIX\PC_CHE~1\MxTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Freecorder\FLVSrvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell V715w\dleemon.exe C:\Program Files\Dell V715w\ezprint.exe C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\dleecoms.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\simlock remote client\fah\fah.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\simlock remote client\fah\FahCore_a4.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Speccy\Speccy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Documents and Settings\Dennis\Mijn documenten\Downloads\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\mcafee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dleemon.exe] "C:\Program Files\Dell V715w\dleemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Dell V715w\ezprint.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: lnvpjguc - smlzugr.dll (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: dleeCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleeserv.exe O23 - Service: dlee_device - - C:\WINDOWS\system32\dleecoms.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: srsfah - Unknown owner - C:\Program Files\simlock remote client\fah\fah.exe" -svcstart -d "C:\Program Files\simlock remote client\fah (file missing)
  12. Ik heb sins een dag of 2 last dat sommige pagina's zeer traag laden welke door refreshen dan soms wel willen Werk draadloos, andere gebruiker van draadloos heeft geen problemen. Malware scan loopt virusscanner geeft geen problemen piriform gestart Cache geheugen, tijdelijke internet bestanden en cookies verwijderd Ping en downloadsnelheid etcwerkt prima dus ik vermoed toch iets in de eigen laptop Zowel bij IE als FF alles geupdated ook java.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.