Ga naar inhoud

hannibal

Lid
  • Items

    27
  • Registratiedatum

  • Laatst bezocht

Over hannibal

  • Verjaardag 03-03-1981

hannibal's prestaties

  1. Ok, de *.tmp-mapjes zijn verwijderd. Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u Dit lukt echter niet, als ik dit ingeef herstart hij combofix en krijg ik weer de foutmeldingen (geen toelating). Is het de bedoeling dat ik dit op nieuw in veilige modus doe of kan ik combofix gewoon handmatig verwijderen? Edit: deze namiddag is mijn audio-icoontje wederom verdwenen uit mijn sys-tray. Kan dus weer geen mp3's meer afspelen. Als ik dus al met een virus zat is het blijkbaar nog niet verdwenen. Wat doe ik best? combofix nog eens laten lopen of eerst de logs nog eens posten?
  2. Dit lukt eigenaardig genoeg niet. Ik krijg een foutmelding "kan forcelibrary.dll niet vewijderen. De toegang is geweigerd. Controleer...." Ik heb dit ook al een aantal keer voorgehad dat ik een map met filmpjes niet kan verwijderen, maar in de map zelf de filmpjes individueel wel. Vooraleer dus combofix weg te doen, wacht ik nog even af tot dit opgelost is.
  3. ComboFix 09-08-10.06 - Hannibal 18/08/2009 21:51.1.4 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3582.3307 [GMT 2:00] Gestart vanuit: c:\documents and settings\Hannibal\Bureaublad\ComboFix.exe AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . - VERMINDERDE FUNCTIONALITEIT MODUS - . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))) . 2009-08-18 19:44 . 2009-08-18 19:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-18 19:37 . 2009-08-18 19:37 -------- d-----w- c:\windows\ie8updates 2009-08-18 17:44 . 2009-08-18 17:44 -------- d-----w- C:\Kopie van 32788R22FWJFW.3.tmp 2009-08-18 07:36 . 2009-08-18 17:43 -------- d-----w- C:\32788R22FWJFW.5.tmp 2009-08-18 07:35 . 2009-07-03 17:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-18 07:35 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-18 07:35 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-08-18 07:35 . 2009-07-03 17:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-08-18 07:35 . 2009-07-03 17:00 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-08-18 07:32 . 2009-08-18 07:36 -------- d-----w- C:\32788R22FWJFW.4.tmp 2009-08-18 07:30 . 2009-08-18 10:24 -------- d--h--r- c:\documents and settings\Hannibal\Onlangs geopend 2009-08-18 07:28 . 2009-08-18 07:32 -------- d-----w- C:\32788R22FWJFW.3.tmp 2009-08-18 07:27 . 2009-08-18 07:28 -------- d-----w- C:\32788R22FWJFW.2.tmp 2009-08-18 07:25 . 2009-08-18 07:27 -------- d-----w- C:\32788R22FWJFW.1.tmp 2009-08-18 07:19 . 2009-08-18 07:19 -------- d-sh--w- c:\documents and settings\Hannibal\IECompatCache 2009-08-18 07:17 . 2009-08-18 07:17 -------- d-sh--w- c:\documents and settings\Hannibal\PrivacIE 2009-08-18 07:14 . 2009-08-18 07:14 -------- d-sh--w- c:\documents and settings\Hannibal\IETldCache 2009-08-18 07:11 . 2009-08-18 07:12 -------- dc-h--w- c:\windows\ie8 2009-08-17 01:15 . 2009-08-17 01:15 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-17 01:15 . 2009-08-17 01:15 -------- d-----w- c:\program files\Reference Assemblies 2009-08-17 01:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-17 01:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-17 01:03 . 2009-08-17 01:15 -------- d-----w- C:\36b59d4ad08d75b002d04281016b38 2009-08-17 01:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-17 01:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-17 01:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-17 01:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-17 01:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 13:51 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-16 13:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-08-16 13:20 . 2009-08-16 13:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-16 13:20 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-08-16 13:20 . 2009-08-16 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-16 13:20 . 2009-08-16 13:20 -------- d-----w- c:\program files\Lavasoft 2009-08-16 12:49 . 2009-08-16 12:49 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Malwarebytes 2009-08-16 12:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-16 12:48 . 2009-08-16 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-16 12:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 12:48 . 2009-08-16 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-13 14:43 . 2009-08-13 14:43 -------- d--h--w- c:\windows\PIF 2009-08-12 18:42 . 2009-08-12 18:42 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-08-09 22:47 . 2009-08-09 22:48 -------- d-----w- c:\program files\Sinking Island 2009-08-05 14:02 . 2009-08-05 14:02 152576 ----a-w- c:\documents and settings\Hannibal\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-04 14:42 . 2009-08-04 14:42 -------- d-----w- c:\documents and settings\Hannibal\Local Settings\Application Data\COMODO 2009-07-29 22:15 . 2009-07-29 22:15 -------- d-----w- c:\program files\uTorrent 2009-07-29 22:14 . 2009-08-15 23:09 -------- d-----w- c:\documents and settings\Hannibal\Application Data\uTorrent 2009-07-28 17:11 . 2009-07-28 17:11 -------- d-----w- c:\program files\TVAnts 2009-07-22 21:41 . 2009-07-22 21:41 -------- d-----w- c:\program files\DirectVobSub 2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys 2009-07-21 08:25 . 2009-07-21 08:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-20 23:24 . 2009-07-21 08:37 -------- d-----w- c:\documents and settings\Hannibal\Local Settings\Application Data\Google 2009-07-20 23:23 . 2009-07-20 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-20 23:23 . 2009-07-20 23:24 -------- d-----w- c:\program files\Google . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-18 19:42 . 2009-06-08 20:48 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-08-18 07:31 . 2009-06-22 11:09 -------- d-----w- c:\program files\CCleaner 2009-08-17 01:19 . 2008-04-15 12:00 86226 ----a-w- c:\windows\system32\perfc013.dat 2009-08-17 01:19 . 2008-04-15 12:00 499242 ----a-w- c:\windows\system32\perfh013.dat 2009-08-17 01:15 . 2009-07-14 14:26 -------- d-----w- c:\program files\MSBuild 2009-08-14 01:02 . 2009-07-14 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-12 22:05 . 2009-06-16 13:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-12 18:42 . 2009-06-09 05:51 -------- d-----w- c:\program files\Windows Live 2009-08-05 14:03 . 2009-06-09 18:56 -------- d-----w- c:\program files\Java 2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-25 03:23 . 2009-06-09 18:56 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-22 21:38 . 2009-06-08 21:07 -------- d-----w- c:\program files\Gabest 2009-07-19 16:39 . 2009-07-19 16:38 -------- d-----w- c:\program files\SopCast 2009-07-18 11:24 . 2009-06-09 18:52 -------- d-----w- c:\program files\Foxit Reader 2009-07-17 19:04 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 14:34 . 2009-06-08 17:47 68456 ----a-w- c:\documents and settings\Hannibal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-14 14:26 . 2009-07-14 14:26 -------- d-----w- c:\program files\Microsoft Works 2009-07-14 14:03 . 2009-07-14 14:03 -------- d-----w- c:\program files\DAMN NFO Viewer 2009-07-13 21:43 . 2008-04-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 17:21 . 2009-07-10 17:21 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-07-10 17:21 . 2009-07-10 17:21 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-07-05 12:35 . 2009-07-05 12:35 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Media Player Classic 2009-07-03 17:00 . 2008-04-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2009-06-23 11:53 . 2009-06-23 11:45 -------- d-----w- c:\documents and settings\Hannibal\Application Data\BonkEnc 2009-06-23 11:44 . 2009-06-23 11:44 160622 ----a-w- c:\windows\Free Audio Converter CS Uninstaller.exe 2009-06-23 11:44 . 2009-06-23 11:44 -------- d-----w- c:\program files\Free Audio Converter CS 2009-06-23 11:31 . 2009-06-23 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Movavi Video Converter 6 2009-06-23 11:27 . 2009-06-23 11:27 -------- d-----w- c:\program files\Movavi Video Converter 6 2009-06-23 11:11 . 2009-06-23 11:11 -------- d-----w- c:\program files\YouTube Downloader 2009-06-20 13:28 . 2009-06-20 13:28 -------- d-----w- c:\program files\MSXML 4.0 2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\program files\DIFX 2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Samsung 2009-06-20 10:38 . 2009-06-09 19:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\program files\MarkAny 2009-06-20 10:37 . 2009-06-20 10:37 -------- d-----w- c:\program files\Samsung 2009-06-20 10:35 . 2009-06-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-16 14:40 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2008-04-15 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2008-04-15 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:47 . 2009-06-09 19:01 15600 ----a-w- c:\windows\gdrv.sys 2009-06-10 07:22 . 2009-06-08 17:38 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2008-04-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 18:56 . 2009-06-09 18:56 152576 ----a-w- c:\documents and settings\Hannibal\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-09 18:00 . 2009-06-08 17:41 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-08 20:57 . 2009-06-08 20:07 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-06-08 20:07 . 2009-06-08 20:07 82080 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-06-08 20:07 . 2009-06-08 20:07 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-06-08 20:07 . 2009-06-08 20:07 168208 ----a-w- c:\windows\system32\guard32.dll 2009-06-08 19:05 . 2009-06-08 19:05 0 ----a-w- c:\windows\nsreg.dat 2009-06-08 17:39 . 2009-06-08 17:39 21748 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-03 19:11 . 2008-04-15 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-08 1794320] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-25 8527872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-25 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-15 172032] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-25 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16/08/2009 15:21 64160] R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\windows\system32\drivers\pe3ajbeb.sys [22/08/2007 18:31 64632] R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\windows\system32\drivers\ps7ajbeb.sys [22/08/2007 18:30 68736] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/07/2009 16:49 1029456] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8/06/2009 22:07 132640] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8/06/2009 22:07 24096] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [20/06/2009 12:38 233472] S2 gupdate1ca09913ab90a96;Google Updateservice (gupdate1ca09913ab90a96);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 1:24 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/06/2009 20:21 1684736] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [20/06/2009 12:38 36608] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21:13 28592] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-08-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 23:23] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 23:24] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 23:24] 2009-08-17 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-08-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-NPSStartup - (no file) . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = local uInternet Settings,ProxyServer = 127.0.0.1:9666 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Hannibal\Application Data\Mozilla\Firefox\Profiles\n1er2irn.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl) FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-08-18 21:53 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-08-18 21:55 ComboFix-quarantined-files.txt 2009-08-18 19:55 Pre-Run: 132.654.477.312 bytes beschikbaar Post-Run: 132.671.954.944 bytes beschikbaar 263 --- E O F --- 2009-08-18 19:37
  4. Hoe voer je dat uit als "administrator"? Onder uitvoeren als... staat standaard mijn naam ingesteld. Edit: Ik heb combofix uitgevoerd in veilige modus. Blijkbaar heeft het effect gesorteerd. IE werkt terug, windows live mail ook en mijn geluid is ook terug.
  5. Malwarebytes' Anti-Malware 1.40 Database versie: 2551 Windows 5.1.2600 Service Pack 3 18/08/2009 20:23:31 mbam-log-2009-08-18 (20-23-31).txt Scan type: Snelle Scan Objecten gescand: 86930 Verstreken tijd: 4 minute(s), 29 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) ---------- Post toegevoegd om 18:27 ---------- Vorige post was om 18:25 ---------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:26:45, on 18/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1ca09913ab90a96) (gupdate1ca09913ab90a96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5455 bytes
  6. Ik krijg combofix niet opgestart. Ik krijg telkens en reeks foutmeldingen "kan geen toegang tot het apparaat krijgen. Mogelijk heeft u geen toegangsmachtigingen voor het item" De rest straks eens proberen.
  7. Ik kan ondertussen ook al geen mp3's meer afspelen, mijn audio-icoontje is verdwenen in de tray.
  8. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:53:40, on 16/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1ca09913ab90a96) (gupdate1ca09913ab90a96) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: L Ile Noyee Drivers Auto Removal (pr2ajbeb) (pr2ajbeb) - Micro Application - C:\WINDOWS\system32\pr2ajbeb.exe -- End of file - 5331 bytes
  9. Sinds een week ongeveer kunnen een aantal van mijn applicaties geen verbinding meer maken met het internet. -Internet explorer werkt niet meer. -Windows live mail kan geen mails meer dl'en en verzenden. -WMP kan geen mediagegevens meer downloaden -mijn mozilla(mijn standaardbrowser) werkt wel nog en ik kan wel online gaan, maar ik kan geen addons installeren en niet updaten. Ik kan dus wel nog normaal op internet en ook dl'en via torrents bv. Ik gebruik windows xp SP3 Ik gebruik een comodo firewall, maar ook als ik die uit zet verandert dat niks. Windows firewall staat standaard uit. Iemand enig idee wat hier aan de hand is? De enige veranderingen die ik gedaan heb, is "groovemonitor.exe" (MsOffice-toep.) niet meer laten opstarten en hotspot geinstalleerd, maar die is inmiddels verwijderd.
  10. Is gebeurd, maar zoals gezegd, geen effect.
  11. Ik heb de WMP-instellingen volledig gezet zoals aangegeven op de site. Zonder succes helaas.
  12. Bij AlwaysShowExt staat er bij value data een "1" in het veld. Ik heb dat eens verwijderd, geen effect. Ik heb er eens een "0" gezet, en ook dat had geen effect. Dus voorlopig nog geen oplossing.
  13. Als ik van deze site: Uitzendinggemist.nl iets wil streamen heb ik geen geluid. Wel van bv. youtube of andere streams maar hier dus niet. Aangezien ik op die site zelf geen antwoorden vind... Beeld is perfect overigens. En in filmpjes die ik afspeel van mijn PC is het geluid ook perfect. Het zijn blijkbaar enkel de Nederlanders die mij geen geluid geven.
  14. Mozilla of IE maakt hier geen verschil hoor. Het gaat om wat op mijn desktop verschijnt. Nu krijg ik bv. "gmail.url", waar "normaal" gewoon "gmail"zou moeten staan. Hoe krijg ik dus die .url weg?
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.