Hans_832
Lid-
Items
13 -
Registratiedatum
-
Laatst bezocht
Hans_832's prestaties
-
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste, Bedankt. Er zijn geen echte problemen meer. Het laden van pagina's en videos gaat nu wel sneller en ik word niet naar andere pagina's rondgestuurd. Toch duurt het wel wat lang, het gebeurt in schokjes, maar ik weet niet meer zo goed hoelang het vroeger duurde dus ben ik eigenlijk wel tevreden. Kan ik mijn google instellingen ook resetten zoals met firefox herinitialiseren? Ik heb wel nog een beetje last van (denk ik) tracking cookies. Bij het bekijken van youtube filmpjes krijg ik nu reclame over maleware protection en dergelijke of kan hier niets aan gedaan worden. Ik heb ook nog enkele vragen. Wat moet ik doen met de programma's die ik op mijn computer geïnstalleerd heb, bijvoorbeeld: Malewarebytes anti-Maleware (dit is een freetrail)? Dien ik dit programma te verwijderen? De andere programma's zal ik, denk ik, laten staan. Is het nuttig om bijvoorbeeld adwcleaner en combofix af en toe eens te laten draaien om eventuele fouten op te sporen of is dit niet goed? Is Avast een goede virusscanner of dien ik een andere te gebruiken, aan te kopen? Moet ik ook een malewarescanner installeren of doet Avast dit? Bedankt om mijn probleem op lossen en mijn vragen te beantwoorden mvg -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste, Firefox is verwijderd. Het resultaat van de DDS kan u vinden in onderstaand logje. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2 Run by Hannes at 14:53:42 on 2014-11-27 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1610 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\RtkAudioService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\Dwm.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Windows\system32\wuauclt.exe C:\Windows\Explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conime.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160] R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928] R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632] S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] SUnknown MSRSService;MSRSService; [x] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2014-11-27 12:31:43 -------- d-sh--w- C:\$RECYCLE.BIN 2014-11-27 12:26:33 -------- d-----w- c:\program files\CCleaner 2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp 2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner 2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll 2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr . ==================== Find3M ==================== . 2014-11-26 17:01:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-11-26 17:01:10 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe . ============= FINISH: 14:54:56,04 =============== -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Geachte, Eerst wil ik u toch wel eens bedanken voor uw hulp. Ondertussen heb ik CCleaner laten draaien. Hierna deed ik de volgende stap: het herinitialiseren van firefox. Dit lukt echter niet. Ik vind de pagina Probleemoplossingsinformatie maar de knop Firefox herinitialiseren staat niet op de pagina. Ik heb er enkele print-screens van gemaakt maar weet niet echt goed hoe ik ze in dit bestand moet toevoegen. De versie van Firefox is denk ik zeer verouderd. Ik heb deze een aantal jaar geleden eens gedownload omdat ik een nieuwe browser zocht. Mijn keuze viel uiteindelijk op google chrome. Dus mijn Firefox heb ik in geen jaren meer gebruikt. Bij het openen van firefox komt het bericht dat ik niet verbonden ben met het internet. Terwijl ik dit bericht en mijn mails vlot kan checken met Google Chrome. - - - Updated - - - Hieronder vind u de printscreens. mvg -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Eerst krijg ik de pagina wel te zien maar daarna wordt de pagina blanco. In de adresbalk staat dithttp://www.piriform.com/ccleaner/download/slim/downloadfile maar de pagina is wit en ik krijg niet de tijd om iets te downloaden. -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste het lukt me niet om Ccleaner te downloaden. Als ik op uw link klik gebeurt er niets. Kan ik ook de standaard of een andere van de free-trail ccleaner gebruiken. -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Wanneer ik de pagina van hln.be bezoek, komt er kort traffic.outbrain.com in mijn balkje van Google chrome. Daarna verdwijnt dit en wordt de pagina geopend in een nieuw venster. Ik weet niet of dit iets extra is of niet maar ik vermeld het gewoon even. -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
De uitslag van de DDS log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2 Run by Hannes at 15:39:10 on 2014-11-26 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1677 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\RtkAudioService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\Dwm.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Windows\system32\SearchProtocolHost.exe C:\ComboFix\PEV.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko6.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko7.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko8.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko9.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160] R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928] R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MSRSService;MSRS Recording System;"c:\program files\nch software\msrs\msrs.exe" -service --> c:\program files\nch software\msrs\msrs.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632] S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp 2014-11-26 14:14:14 -------- d-sh--w- C:\$RECYCLE.BIN 2014-11-26 13:45:56 -------- d-----w- C:\ComboFix 2014-11-26 11:14:52 98816 ----a-w- c:\windows\sed.exe 2014-11-26 11:14:52 256000 ----a-w- c:\windows\PEV.exe 2014-11-26 11:14:52 208896 ----a-w- c:\windows\MBR.exe 2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner 2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll 2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr . ==================== Find3M ==================== . 2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-12 13:00:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-11-12 13:00:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe . ============= FINISH: 15:40:12,53 =============== - - - Updated - - - De uitslag van de DDS log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.67.2 Run by Hannes at 15:39:10 on 2014-11-26 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1677 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\RtkAudioService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\Dwm.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Windows\system32\SearchProtocolHost.exe C:\ComboFix\PEV.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Hannes\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hannes\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\hannes\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: SoftwareSASGeneration = dword:1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0D455155-ADB2-4336-B3C2-74ABCCA2BBEC} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6F58BDF9-FBF6-43DD-9C16-C7E475C3C1B3} : DHCPNameServer = 134.58.126.3 134.58.127.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: VESWinlogon - VESWinlogon.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko6.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko7.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko8.dll FF - component: c:\users\hannes\appdata\roaming\mozilla\firefox\profiles\ty7cbw5x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko9.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-24 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-24 206248] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2011-3-22 787800] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2008-10-30 423784] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-6 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-10-30 70384] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 50344] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-25 1871160] R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-25 968504] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-30 299008] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-9 104992] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-9 411488] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-25 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-25 114904] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-25 51928] R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-9 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 MSRSService;MSRS Recording System;"c:\program files\nch software\msrs\msrs.exe" -service --> c:\program files\nch software\msrs\msrs.exe [?] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-23 54632] S3 fsssvc;De service Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-30 30192] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-30 103712] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-30 353568] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-30 62752] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-30 337184] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-30 83232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2014-11-26 14:23:13 -------- d-----w- c:\users\hannes\appdata\local\temp 2014-11-26 14:14:14 -------- d-sh--w- C:\$RECYCLE.BIN 2014-11-26 13:45:56 -------- d-----w- C:\ComboFix 2014-11-26 11:14:52 98816 ----a-w- c:\windows\sed.exe 2014-11-26 11:14:52 256000 ----a-w- c:\windows\PEV.exe 2014-11-26 11:14:52 208896 ----a-w- c:\windows\MBR.exe 2014-11-25 20:36:11 -------- d-----w- C:\AdwCleaner 2014-11-25 19:52:00 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 19:50:52 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 19:50:52 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 19:50:52 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 19:50:52 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 19:50:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-25 10:23:30 8941456 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c82a702-b823-4064-8e64-5cb49cf7d4f4}\mpengine.dll 2014-11-22 22:12:00 43152 ----a-w- c:\windows\avastSS.scr . ==================== Find3M ==================== . 2014-11-22 22:12:53 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-22 22:12:02 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-22 22:12:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-22 22:12:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-22 22:12:01 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-12 13:00:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-11-12 13:00:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-04 13:30:58 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-02 18:14:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2011-06-02 14:35:45 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe . ============= FINISH: 15:40:12,53 =============== - - - Updated - - - Beste, Sorry de uitslag van DDS heb ik een tweede keer gepost. Mijn excuses voor het ongemak. -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste, uit het CFScript kwam dit naar voor.ComboFix 14-11-25.01 - Hannes 26-11-2014 14:50:15.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1888 [GMT 1:00] Gestart vanuit: c:\users\Hannes\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Hannes\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2014-10-26 to 2014-11-26 )))))))))))))))))))))))))))))) . . 2014-11-26 14:08 . 2014-11-26 14:14 -------- d-----w- c:\users\Hannes\AppData\Local\temp 2014-11-25 20:36 . 2014-11-25 20:47 -------- d-----w- C:\AdwCleaner 2014-11-25 19:52 . 2014-11-26 14:14 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 19:50 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 19:50 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 19:50 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 10:23 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\mpengine.dll 2014-11-22 22:12 . 2014-11-22 22:12 291352 ----a-w- c:\windows\system32\aswBoot.exe 2014-11-22 22:12 . 2014-11-22 22:12 43152 ----a-w- c:\windows\avastSS.scr . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-22 22:12 . 2011-03-22 19:37 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-22 22:12 . 2008-10-30 19:56 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-11-22 22:12 . 2013-11-24 10:47 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-22 22:12 . 2008-10-30 19:56 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-11-22 22:12 . 2014-08-06 15:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-22 22:12 . 2013-11-24 10:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-22 22:12 . 2008-10-30 19:56 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-11-22 22:12 . 2008-10-30 19:56 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-12 13:00 . 2012-10-31 15:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-11-12 13:00 . 2012-10-31 15:53 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-04 13:30 . 2009-10-03 09:30 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-02 18:14 . 2014-09-02 18:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2011-06-02 14:35 . 2011-06-02 14:34 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-11-22 22:11 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-30 24576] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-22 5226600] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] . c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 13:00] . 2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46] . 2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46] . 2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003Core.job - c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17] . 2014-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003UA.job - c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17] . 2014-05-07 c:\windows\Tasks\Norton Security Scan for Hannes.job - c:\progra~1\NORTON~2\Engine\403~1.24\Nss.exe [2013-11-18 10:38] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: deredactie.be\www Trusted Zone: google.be\www Trusted Zone: youtube.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2014-11-26 15:14 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RtkAudioService.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes Anti-Malware\mbamservice.exe c:\program files\Sony\Network Utility\NSUService.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Sony\VAIO Power Management\SPMService.exe c:\windows\system32\DllHost.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DllHost.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Malwarebytes Anti-Malware\mbam.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\windows\system32\conime.exe c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Voltooingstijd: 2014-11-26 15:23:04 - machine werd herstart ComboFix-quarantined-files.txt 2014-11-26 14:22 ComboFix2.txt 2014-11-26 11:54 . Pre-Run: 205.392.386.048 bytes beschikbaar Post-Run: 205.274.118.144 bytes beschikbaar . - - End Of File - - C4FEB169B23C9E90905CC353253E81A6 5C616939100B85E558DA92B899A0FC36 Nu zal ik het DDS programma laten draaien. -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste, Euh sorry maar wat is een DDS log en welk systeem moet ik hiervoor laten draaien? -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste dit is het resultaat na het draaien met Combofix: ComboFix 14-11-25.01 - Hannes 26-11-2014 12:19:39.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3038.1577 [GMT 1:00] Gestart vanuit: c:\users\Hannes\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2014-10-26 to 2014-11-26 )))))))))))))))))))))))))))))) . . 2014-11-26 11:48 . 2014-11-26 11:48 -------- d-----w- c:\users\Hannes\AppData\Local\temp 2014-11-26 11:48 . 2014-11-26 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-25 21:19 . 2014-11-25 21:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\offreg.dll 2014-11-25 20:36 . 2014-11-25 20:47 -------- d-----w- C:\AdwCleaner 2014-11-25 19:52 . 2014-11-25 21:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-25 19:50 . 2014-11-25 19:50 -------- d-----w- c:\programdata\Malwarebytes 2014-11-25 19:50 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-25 19:50 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-25 19:50 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-25 10:23 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C82A702-B823-4064-8E64-5CB49CF7D4F4}\mpengine.dll 2014-11-22 22:12 . 2014-11-22 22:12 291352 ----a-w- c:\windows\system32\aswBoot.exe 2014-11-22 22:12 . 2014-11-22 22:12 43152 ----a-w- c:\windows\avastSS.scr . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-22 22:12 . 2011-03-22 19:37 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-11-22 22:12 . 2008-10-30 19:56 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-11-22 22:12 . 2013-11-24 10:47 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-11-22 22:12 . 2008-10-30 19:56 57928 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-11-22 22:12 . 2014-08-06 15:35 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-11-22 22:12 . 2013-11-24 10:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-11-22 22:12 . 2008-10-30 19:56 55240 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-11-22 22:12 . 2008-10-30 19:56 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-11-12 13:00 . 2012-10-31 15:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-11-12 13:00 . 2012-10-31 15:53 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-04 13:30 . 2009-10-03 09:30 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-09-02 18:14 . 2014-09-02 18:15 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2011-06-02 14:35 . 2011-06-02 14:34 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-11-22 22:11 723976 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\Hannes\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-10-30 24576] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-11-22 5226600] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] . c:\users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-07 10:28 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 13:00] . 2014-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46] . 2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-21 19:46] . 2014-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003Core.job - c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17] . 2014-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3298375610-3275499674-1174804114-1003UA.job - c:\users\Hannes\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-12 17:17] . 2014-05-07 c:\windows\Tasks\Norton Security Scan for Hannes.job - c:\progra~1\NORTON~2\Engine\403~1.24\Nss.exe [2013-11-18 10:38] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: deredactie.be\www Trusted Zone: google.be\www Trusted Zone: youtube.com\www TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Avast Online Security: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file) HKLM-Run-MSRS - c:\program files\NCH Software\MSRS\msrs.exe AddRemove-Express - c:\program files\NCH Software\Express\uninst.exe AddRemove-MSRS - c:\program files\NCH Software\MSRS\uninst.exe AddRemove-Scribe - c:\program files\NCH Software\Scribe\uninst.exe AddRemove-Van Dale pocketwoordenboeken - c:\windows\ISUN0413.EXE AddRemove-Xvid Video Codec 1.3.1 - c:\program files\Xvid\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2014-11-26 12:48 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . Voltooingstijd: 2014-11-26 12:54:15 ComboFix-quarantined-files.txt 2014-11-26 11:54 . Pre-Run: 202.727.442.432 bytes beschikbaar Post-Run: 205.740.982.272 bytes beschikbaar . - - End Of File - - 863472DD11C45918E28C705A16C7FC1D 5C616939100B85E558DA92B899A0FC36 -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste, Ondertussen heb ik beide programma's laten draaien. Uit stap 1: is dit het Logje: Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Scan Date: 25-11-2014 Scan Time: 20:56:30 Logfile: mbamlog Hans.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.25.13 Rootkit Database: v2014.11.22.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 1 CPU: x86 File System: NTFS User: Hannes Scan Type: Threat Scan Result: Completed Objects Scanned: 332204 Time Elapsed: 30 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) - - - Updated - - - uit stap 2 volgt dit: # AdwCleaner v4.102 - Rapport aangemaakt 25/11/2014 op 21:46:37 # Laatste Update 23/11/2014 door Xplode # Database : 2014-11-23.7 [Local] # Besturingssysteem : Windows Vista Home Premium Service Pack 1 (32 bits) # Gebruikersnaam : Hannes - HANNES_VAIO # Gestart vanuit : C:\Users\Hannes\Downloads\adwcleaner_4.102.exe # Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** Map Verwijderd : C:\ProgramData\NCH Software Map Verwijderd : C:\ProgramData\Premium Map Verwijderd : C:\ProgramData\SoftSafe Map Verwijderd : C:\Program Files\NCH Software Map Verwijderd : C:\Users\Hannes\AppData\Local\Conduit Map Verwijderd : C:\Users\Hannes\AppData\LocalLow\Conduit Map Verwijderd : C:\Users\Hannes\AppData\LocalLow\HPAppData Map Verwijderd : C:\Users\Hannes\AppData\Roaming\NCH Software Map Verwijderd : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\Extensions\info@allpremiumplay.info Bestand Verwijderd : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\ty7cbw5x.default\user.js ***** [ Taken ] ***** ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** Waarde Verwijderd : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [info@allpremiumplay.info] Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\ppjemjejnnojomfekgbpbbnecicblllf Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Sleutel Verwijderd : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8187691c Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Sleutel Verwijderd : HKCU\Software\Conduit Sleutel Verwijderd : HKCU\Software\performersoft llc Sleutel Verwijderd : HKCU\Software\AppDataLow\Toolbar Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijderd : HKLM\SOFTWARE\Conduit Sleutel Verwijderd : HKLM\SOFTWARE\SP Global Sleutel Verwijderd : HKLM\SOFTWARE\SProtector ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6001.18639 -\\ Mozilla Firefox v3.6.13 (nl) [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..clientLogIsEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.AppTrackingLastCheckTime", "Mon Oct 15 2012 01:00:32 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.CTID", "CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.CurrentServerDate", "15-10-2012"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DSInstall", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DialogsAlignMode", "LTR"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DialogsGetterLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.DownloadReferralCookieData", ""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.EMailNotifierPollDate", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstServerDate", "26-11-2011"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstTime", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FirstTimeFF3", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.FixPageNotFoundErrors", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.GroupingServerCheckInterval", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HPInstall", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HasUserGlobalKeys", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HomePageProtectorEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.Initialize", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InitializeCommonPrefs", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationId", "ConduitNSISIntegration"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstallationType", "ConduitXPEIntegration"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InstalledDate", "Sat Nov 26 2011 12:45:17 GMT+0100 (Romance (standaardtijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.InvalidateCache", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsAlertDBUpdated", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsGrouping", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsInitSetupIni", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsMulticommunity", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsOpenThankYouPage", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsOpenUninstallPage", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.IsProtectorsInit", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LastLogin_3.8.1.0", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.LatestVersion", "3.8.1.0"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.Locale", "en-us"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipHeight", "83"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MCDetectTooltipWidth", "295"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.MyStuffEnabledAtInstallation", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.OriginalFirstVersion", "3.8.1.0"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioIsPodcast", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastCheckTime", "Mon Oct 15 2012 01:00:29 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastUpdateIPServer", "3"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMediaID", "21435220"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMediaType", "Media Player"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioShrinkedFromSetup", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SHRINK_TOOLBAR", 1); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SavedHomepage", "resource:/browserconfig.properties"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchEngineBeforeUnload", "NCH EN Customized Web Search"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchFromAddressBarIsInit", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchProtectorEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SearchProtectorToolbarDisabled", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SendProtectorDataViaLogin", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ServiceMapLastCheckTime", "Mon Oct 15 2012 01:00:20 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SettingsLastCheckTime", "Mon Oct 15 2012 01:00:19 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.SettingsLastUpdate", "1350222207"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsInterval", 504); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Mon Oct 15 2012 01:00:18 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ToolbarShrinkedFromSetup", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...] [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.UserID", "UN37320870010453167"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.ValidationData_Toolbar", 2); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherNetwork", ""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherPollDate", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.WeatherUnit", "C"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.alertChannelId", "1194029"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...] [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Mon Oct 15 2012 01:00:25 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.homepageProtectorEnableByLogin", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.initDone", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.isAppTrackingManagerOn", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.isFirstRadioInstallation", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffPublihserMinWidth", 400); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffServiceIntervalMM", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129306881624563129,129797778032571509,129797781958509142,129343840936544328,129812392486745713,12979950[...] [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.revertSettingsEnabled", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.searchProtectorEnableByLogin", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.testingCtid", ""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CT2801948.usagesFlag", 2); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ConduitSearchList", "NCH EN Customized Web Search"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"bc8deaed062e4cc4dccf96895089c9b43\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/BE", "\"0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"1337033611\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A=="); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg=="); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA=="); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw=="); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"0e0a4327275cd1:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948", "\"f1c77625c0e9bd1c80a2fd6901845fa9\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"129fa700b3aa321c321221f7315057ec1\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"17023b82b2b0275c0c496c13adb33d6b\""); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Hannes\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ty7cbw5x.default\\conduitCommon\\modules\\3.8.1.0"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList", "CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.globalUserId", "efa21bfe-bf2d-41e0-ad87-521ba484f376"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 15 2012 01:00:22 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 15 2012 01:00:30 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.locale", "en"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 15 2012 01:00:21 GMT+0200 (Romance (zomertijd))"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.showTrayIcon", false); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.notifications.userId", "cf0309ab-6ceb-4ab1-8ad2-24d385008fa3"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("browser.search.selectedEngine", "NCH EN Customized Web Search"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf([...] [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...] [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); [ty7cbw5x.default\prefs.js] - Regel verwijderd : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}"); -\\ Google Chrome v [C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2801948 [C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Verwijderd [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2801948 ************************* AdwCleaner[R0].txt - [23402 octets] - [25/11/2014 21:36:44] AdwCleaner[s0].txt - [24997 octets] - [25/11/2014 21:46:37] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [25058 octets] ########## - - - Updated - - - Hoe dient dit geïnterpreteerd te worden? -
Virus win32:Rootkit-gen
Hans_832 reageerde op Hans_832's topic in Archief Bestrijding malware & virussen
Beste Moet ik hiervoor Avast uitschakelen of niet? -
Beste, Vorige week kreeg ik bij het opstarten van mijn computer op het bureaublad, ongeveer, volgend tekstje te lezen: VAIO Content Folder Watcher/VCFw.exe werkt niet en er wordt naar een oplossing van het probleem gezocht. Via het internet zocht ik wat informatie op en kwam, als computerleek, tot de conclusie dat dit een bestand was van Sony en er niets diende te gebeuren. Sindsdien loopt mijn computer, voornamelijk het laden van internetpagina's heel wat trager. Ik heb mijn computer met Avast ook verschillende keren gescand. Vandaag merkte ik, in het scandagboek, bij de scan van 18-11-2014 het volgende op: het virus "win32:Rootkit-gen" is gevonden in de map: SVC:VCFW>C:\Program Files\Common File\Sony SHared\VAIO Content Folder Watcher\VCFw.exe Bij de scans van 19, 20, 21 en 25 november detecteert Avast geen virussen of andere zaken. Wanneer ik dan naar de Program Files VAIO Content Folder Watcher ga, vind ik het bestand win32:Rootkit-gen niet terug om het manueel te verwijderen. Wat moet ik nu doen? groetjes
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!