misteragga
-
Items
1.738 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door misteragga
-
hijacklogje nakijken aub op virusen
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
dit is nogmaals het hijacklogje hijackthis.log -
hijacklogje nakijken aub op virusen
misteragga plaatste een topic in Archief Bestrijding malware & virussen
zit er virusen op deze pc? dit is de hijacklogje+mbam logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:33:58, on 14-1-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE C:\Program Files\bitcomet setup\BitComet\BitComet.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\TeamViewer\Version4\TeamViewer.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\bitcomet setup\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [bitComet] "C:\Program Files\bitcomet setup\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\bitcomet setup\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alle video met BitComet - res://C:\Program Files\bitcomet setup\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\bitcomet setup\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU) O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Arend\Menu Start\Programma's\UB\UB.lnk (HKCU) O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Arend\Menu Start\Programma's\UB\UB.lnk (HKCU) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9921 byte mbam logje Malwarebytes' Anti-Malware 1.41 Database versie: 3188 Windows 5.1.2600 Service Pack 3 14-1-2010 22:46:45 mbam-log-2010-01-14 (22-46-45).txt Scan type: Volledige Scan (C:\|D:\|E:\|F:\|G:\|H:\|) Objecten gescand: 165340 Verstreken tijd: 34 minute(s), 26 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) -
google,chrome, of IE 8?
misteragga reageerde op misteragga's topic in Archief Website Hulp & Scripts
kan ik Ccleaner ook laten werken bij google chrome met het wissen van de geschiedenis? -
google,chrome, of IE 8?
misteragga reageerde op misteragga's topic in Archief Website Hulp & Scripts
waar kan ik google chrome downloade? -
google,chrome, of IE 8?
misteragga reageerde op misteragga's topic in Archief Website Hulp & Scripts
kan ik ook de beide browsers gebruiken of krijg je dan conflicten? -
hallo ik heb nu IE 8 in gebruik maar ik zie vaak op website's staan dat google chrome ook een webbrowser is maar wat zijn voordelen dan wat niet in IE 8 zit en zou het verstandig zijn om ze allebij gewoon op je pc te houden en als dat niet zo is welke adviseren jullie mij dan?
-
Geestelijk gehandicapte broer met internet. hulp gevraagd
misteragga reageerde opeen topic in Archief Windows Algemeen
o ja dat was ik evetjes vergeten -
Geestelijk gehandicapte broer met internet. hulp gevraagd
misteragga reageerde opeen topic in Archief Windows Algemeen
u kunt daar voor teamviewer gebruiken op beide pc's instaleren als u er niet uit komt kunt u de vraag als nog stellen op deze forum. -
heb ik nog genoeg schijf ruimten?
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
tot hoe ver kan ik de c shijf vol gooien? -
heb ik nog genoeg schijf ruimten?
misteragga plaatste een topic in Archief Bestrijding malware & virussen
zijn mijn C en D schijf niet te vol?? als het te vol is kan ik windows herinstaleren met recovery cd's?
-
logjes na kijken aub
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
hijacklogje en nog een keertje mbam Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:00:55 PM, on 1/3/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\V0330Mon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [bearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe -- End of file - 4504 bytes mbam Malwarebytes' Anti-Malware 1.43 Database versie: 3487 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 1/3/2010 8:09:07 PM mbam-log-2010-01-03 (20-09-07).txt Scan type: Snelle Scan Objecten gescand: 100517 Verstreken tijd: 5 minute(s), 31 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) -
windows xp hijacklogje en mbam logje nakijken op virusen hijackthis logje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:20:27 PM, on 1/3/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\V0330Mon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BearShare Applications\BearShare\BearShare.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Center\LiveCam.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bearShare] "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" --lightmode O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe -- End of file - 4803 bytes mbam logje Malwarebytes' Anti-Malware 1.43 Database versie: 3487 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 1/3/2010 5:22:33 PM mbam-log-2010-01-03 (17-22-33).txt Scan type: Snelle Scan Objecten gescand: 100619 Verstreken tijd: 5 minute(s), 46 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot. Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
-
hijack logje na kijken en op virusen na kijken dit is hijacklogje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:32:32, on 2-1-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\vsnpstd3.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Thuishelp\Zesko\Thuishelp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NETGEAR\WN111v2\WN111v2.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\bitcomet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zesko_McciTrayApp] C:\Program Files\Thuishelp\Zesko\Thuishelp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\Ccleaner\CCleaner.exe" /AUTO O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe O8 - Extra context menu item: &D&ownload &met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alle video met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-be/wlscctrl2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10289 bytes
-
hijack logje plus mbam logje
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
dit is de nieuwe combofix logje ComboFix 09-12-31.02 - Deelnemer 31-12-2009 21:16:50.2.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.247.122 [GMT 1:00] Gestart vanuit: f:\programas\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Deelnemer\Bureaublad\CFScript.txt..txt AV: avast! antivirus 4.8.1368 [VPS 091231-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))) . 2009-12-31 20:03 . 2009-12-31 20:03 -------- d--h--r- c:\documents and settings\Deelnemer\Onlangs geopend 2009-12-31 17:57 . 2009-12-31 17:57 399360 ----a-w- c:\windows\system32\CF6883.exe 2009-12-31 15:06 . 2009-12-31 15:06 -------- d-----w- c:\program files\Trend Micro 2009-12-31 14:09 . 2009-12-31 14:09 -------- d-----w- c:\documents and settings\Deelnemer\Application Data\Malwarebytes 2009-12-31 14:08 . 2009-12-31 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-25 01:51 . 2009-12-25 01:51 -------- d-----w- c:\windows\Sun 2009-12-25 01:47 . 2004-08-04 00:03 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-12-25 01:47 . 2004-08-04 00:03 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2009-12-25 01:47 . 2004-08-03 23:57 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-12-25 01:47 . 2004-08-03 23:57 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-12-25 01:47 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-25 01:47 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-12-24 22:29 . 2009-12-24 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-12-24 22:22 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\Deelnemer\Tracing 2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\program files\Microsoft 2009-12-24 22:19 . 2009-12-24 22:20 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-24 22:19 . 2009-12-24 22:19 -------- d-----w- c:\program files\Windows Live 2009-12-24 22:16 . 2009-12-24 22:16 -------- d-----w- c:\program files\Common Files\Windows Live 2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\program files\MSBuild 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\program files\Reference Assemblies 2009-12-24 21:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-24 21:29 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-24 21:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-24 21:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-24 21:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-24 21:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-24 21:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-24 21:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-24 21:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-24 21:24 . 2009-12-24 21:24 -------- d-----w- c:\program files\MSXML 6.0 2009-12-24 21:22 . 2009-12-24 21:22 -------- d-sh--w- c:\documents and settings\Deelnemer\IECompatCache 2009-12-24 21:21 . 2009-12-24 21:21 -------- d-sh--w- c:\documents and settings\Deelnemer\PrivacIE 2009-12-24 21:18 . 2009-12-24 21:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-12-24 21:16 . 2009-12-24 21:16 -------- d-sh--w- c:\documents and settings\Deelnemer\IETldCache 2009-12-24 21:10 . 2009-10-29 07:44 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 21:10 . 2009-10-29 07:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 21:10 . 2009-12-24 21:10 -------- d-----w- c:\windows\ie8updates 2009-12-24 21:10 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-24 21:07 . 2009-12-24 21:07 -------- d--h--w- c:\windows\ie8 2009-12-24 21:01 . 2004-08-04 00:03 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-12-24 20:41 . 2008-06-14 18:00 272640 ------w- c:\windows\system32\dllcache\bthport.sys 2009-12-24 20:25 . 2005-07-26 04:42 60416 ------w- c:\windows\system32\dllcache\colbact.dll 2009-12-24 20:25 . 2009-03-06 14:47 285184 ------w- c:\windows\system32\dllcache\pdh.dll 2009-12-24 20:25 . 2009-02-09 10:22 473088 ------w- c:\windows\system32\dllcache\fastprox.dll 2009-12-24 20:25 . 2009-02-09 10:22 399360 ------w- c:\windows\system32\dllcache\rpcss.dll 2009-12-24 20:25 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-24 20:25 . 2009-02-09 10:22 684032 ------w- c:\windows\system32\dllcache\advapi32.dll 2009-12-24 20:25 . 2009-02-09 10:22 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-24 20:25 . 2009-02-09 10:11 111104 ------w- c:\windows\system32\dllcache\services.exe 2009-12-24 20:25 . 2009-02-09 10:22 735744 ------w- c:\windows\system32\dllcache\ntdll.dll 2009-12-24 20:17 . 2009-12-24 20:17 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-12-24 20:16 . 2009-06-21 22:07 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-12-24 20:15 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2009-12-24 20:13 . 2009-08-04 17:07 2140672 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-24 20:13 . 2009-08-04 17:07 2062080 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-24 20:13 . 2009-08-04 17:07 2184704 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-24 20:13 . 2009-08-04 17:07 2020352 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-24 20:13 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-12-24 20:12 . 2008-04-21 21:28 218624 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-12-24 20:10 . 2009-12-24 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-24 20:08 . 2009-12-24 20:08 -------- d--h--w- c:\windows\$hf_mig$ 2009-12-24 20:08 . 2009-12-24 20:08 -------- d-----w- c:\program files\Java 2009-12-24 20:07 . 2009-12-24 20:07 152576 ----a-w- c:\documents and settings\Deelnemer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-24 20:06 . 2009-12-24 20:06 79488 ----a-w- c:\documents and settings\Deelnemer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-24 19:34 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-12-24 19:34 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-12-24 19:34 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-12-24 19:34 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-12-24 19:34 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-12-24 19:34 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-12-24 19:34 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-12-24 19:34 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-12-24 19:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-12-24 19:33 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-12-24 19:33 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-12-24 19:33 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-12-24 19:33 . 2009-12-24 19:33 -------- d-----w- c:\program files\Alwil Software 2009-12-16 00:11 . 2009-12-16 00:11 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros 2009-12-16 00:09 . 2007-12-14 03:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\program files\NETGEAR 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\windows\Downloaded Installations 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\bcm42rly.sys 2009-12-15 23:57 . 2003-10-13 14:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2009-12-15 23:57 . 2005-11-03 16:41 32768 ----a-w- c:\windows\system32\GTGina.dll 2009-12-15 23:57 . 2003-09-25 21:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-24 22:22 . 2005-07-19 14:01 20912 ----a-w- c:\documents and settings\Deelnemer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-24 21:41 . 2001-09-07 11:00 91018 ----a-w- c:\windows\system32\perfc013.dat 2009-12-24 21:41 . 2001-09-07 11:00 509462 ----a-w- c:\windows\system32\perfh013.dat 2009-10-29 07:44 . 2001-09-07 11:00 916480 ------w- c:\windows\system32\wininet.dll 2009-10-13 10:53 . 2001-09-07 11:00 267264 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54 . 2001-09-07 11:00 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54 . 2001-09-07 11:00 112640 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="d:\ccleaner\CCleaner.exe" [2009-12-21 1803064] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-7-28 626688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Adobe Reader Snelle start.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24-12-2009 20:34 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-12-2009 20:34 20560] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 12:10 17149] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 16:45 57440] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [30-9-2008 3:24 453120] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 11:54 360547] S3 USRLN;U.S. Robotics 22Mbps Wireless Lan Adapter;c:\windows\system32\drivers\USRWLAN.SYS [28-7-2005 12:10 155392] . Inhoud van de 'Gedeelde Taken' map 2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{0BA9E3D8-AF1F-4FE1-BFF5-79F00AAEB0B9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyServer = inet:8080 uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-31 21:21 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\windows\system32\cscui.dll - - - - - - - > 'explorer.exe'(3024) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-12-31 21:23:23 ComboFix-quarantined-files.txt 2009-12-31 20:23 ComboFix2.txt 2009-12-31 18:07 Pre-Run: 9.719.595.008 bytes beschikbaar Post-Run: 9.686.941.696 bytes beschikbaar - - End Of File - - 804970CEC149E5C67B1586CCBB629BA3 -
hijack logje plus mbam logje
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
combofix logje ook evetjes na kijken aub alvast voor je hulp kape ComboFix 09-12-31.01 - Deelnemer 31-12-2009 19:00:37.1.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.247.93 [GMT 1:00] Gestart vanuit: f:\programas\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 091231-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))) . 2009-12-31 17:57 . 2009-12-31 17:57 399360 ----a-w- c:\windows\system32\CF6883.exe 2009-12-31 17:54 . 2009-12-31 17:54 -------- d--h--r- c:\documents and settings\Deelnemer\Onlangs geopend 2009-12-31 15:06 . 2009-12-31 15:06 -------- d-----w- c:\program files\Trend Micro 2009-12-31 14:09 . 2009-12-31 14:09 -------- d-----w- c:\documents and settings\Deelnemer\Application Data\Malwarebytes 2009-12-31 14:08 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-31 14:08 . 2009-12-31 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-31 14:08 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-25 01:51 . 2009-12-25 01:51 -------- d-----w- c:\windows\Sun 2009-12-25 01:47 . 2004-08-04 00:03 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-12-25 01:47 . 2004-08-04 00:03 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2009-12-25 01:47 . 2004-08-03 23:57 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-12-25 01:47 . 2004-08-03 23:57 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-12-25 01:47 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-25 01:47 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-12-24 22:29 . 2009-12-24 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-12-24 22:22 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\Deelnemer\Tracing 2009-12-24 22:20 . 2009-12-24 22:20 -------- d-----w- c:\program files\Microsoft 2009-12-24 22:19 . 2009-12-24 22:20 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-24 22:19 . 2009-12-24 22:19 -------- d-----w- c:\program files\Windows Live 2009-12-24 22:16 . 2009-12-24 22:16 -------- d-----w- c:\program files\Common Files\Windows Live 2009-12-24 22:14 . 2009-12-24 22:14 -------- d-----w- c:\program files\Microsoft Silverlight 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\program files\MSBuild 2009-12-24 21:30 . 2009-12-24 21:30 -------- d-----w- c:\program files\Reference Assemblies 2009-12-24 21:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-24 21:29 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-24 21:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-24 21:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-24 21:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-24 21:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-24 21:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-24 21:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-24 21:29 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-24 21:24 . 2009-12-24 21:24 -------- d-----w- c:\program files\MSXML 6.0 2009-12-24 21:22 . 2009-12-24 21:22 -------- d-sh--w- c:\documents and settings\Deelnemer\IECompatCache 2009-12-24 21:21 . 2009-12-24 21:21 -------- d-sh--w- c:\documents and settings\Deelnemer\PrivacIE 2009-12-24 21:18 . 2009-12-24 21:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-12-24 21:16 . 2009-12-24 21:16 -------- d-sh--w- c:\documents and settings\Deelnemer\IETldCache 2009-12-24 21:10 . 2009-10-29 07:44 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-24 21:10 . 2009-10-29 07:44 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-24 21:10 . 2009-12-24 21:10 -------- d-----w- c:\windows\ie8updates 2009-12-24 21:10 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-24 21:07 . 2009-12-24 21:07 -------- d--h--w- c:\windows\ie8 2009-12-24 21:01 . 2004-08-04 00:03 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-12-24 20:41 . 2008-06-14 18:00 272640 ------w- c:\windows\system32\dllcache\bthport.sys 2009-12-24 20:25 . 2005-07-26 04:42 60416 ------w- c:\windows\system32\dllcache\colbact.dll 2009-12-24 20:25 . 2009-03-06 14:47 285184 ------w- c:\windows\system32\dllcache\pdh.dll 2009-12-24 20:25 . 2009-02-09 10:22 473088 ------w- c:\windows\system32\dllcache\fastprox.dll 2009-12-24 20:25 . 2009-02-09 10:22 399360 ------w- c:\windows\system32\dllcache\rpcss.dll 2009-12-24 20:25 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-24 20:25 . 2009-02-09 10:22 684032 ------w- c:\windows\system32\dllcache\advapi32.dll 2009-12-24 20:25 . 2009-02-09 10:22 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-24 20:25 . 2009-02-09 10:11 111104 ------w- c:\windows\system32\dllcache\services.exe 2009-12-24 20:25 . 2009-02-09 10:22 735744 ------w- c:\windows\system32\dllcache\ntdll.dll 2009-12-24 20:17 . 2009-12-24 20:17 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-12-24 20:16 . 2009-06-21 22:07 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-12-24 20:15 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2009-12-24 20:13 . 2009-08-04 17:07 2140672 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-24 20:13 . 2009-08-04 17:07 2062080 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-24 20:13 . 2009-08-04 17:07 2184704 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-24 20:13 . 2009-08-04 17:07 2020352 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-24 20:13 . 2009-06-05 07:55 655872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-12-24 20:12 . 2008-04-21 21:28 218624 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-12-24 20:10 . 2009-12-24 20:09 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-24 20:08 . 2009-12-24 20:08 -------- d--h--w- c:\windows\$hf_mig$ 2009-12-24 20:08 . 2009-12-24 20:08 -------- d-----w- c:\program files\Java 2009-12-24 20:07 . 2009-12-24 20:07 152576 ----a-w- c:\documents and settings\Deelnemer\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-24 20:06 . 2009-12-24 20:06 79488 ----a-w- c:\documents and settings\Deelnemer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-24 19:34 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-12-24 19:34 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-12-24 19:34 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-12-24 19:34 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-12-24 19:34 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-12-24 19:34 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-12-24 19:34 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-12-24 19:34 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-12-24 19:33 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-12-24 19:33 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-12-24 19:33 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-12-24 19:33 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-12-24 19:33 . 2009-12-24 19:33 -------- d-----w- c:\program files\Alwil Software 2009-12-16 00:11 . 2009-12-16 00:11 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros 2009-12-16 00:09 . 2007-12-14 03:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\program files\NETGEAR 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR 2009-12-16 00:09 . 2009-12-16 00:09 -------- d-----w- c:\windows\Downloaded Installations 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2009-12-15 23:57 . 2005-02-01 17:18 17992 ----a-w- c:\windows\bcm42rly.sys 2009-12-15 23:57 . 2003-10-13 14:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2009-12-15 23:57 . 2005-11-03 16:41 32768 ----a-w- c:\windows\system32\GTGina.dll 2009-12-15 23:57 . 2003-09-25 21:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-24 22:22 . 2005-07-19 14:01 20912 ----a-w- c:\documents and settings\Deelnemer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-24 21:41 . 2001-09-07 11:00 91018 ----a-w- c:\windows\system32\perfc013.dat 2009-12-24 21:41 . 2001-09-07 11:00 509462 ----a-w- c:\windows\system32\perfh013.dat 2009-10-29 07:44 . 2001-09-07 11:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-13 10:53 . 2001-09-07 11:00 267264 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54 . 2001-09-07 11:00 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54 . 2001-09-07 11:00 112640 ----a-w- c:\windows\system32\rastls.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="d:\ccleaner\CCleaner.exe" [2009-12-21 1803064] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-7-28 626688] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Adobe Reader Snelle start.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24-12-2009 20:34 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-12-2009 20:34 20560] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 12:10 17149] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 16:45 57440] R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [30-9-2008 3:24 453120] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 11:54 360547] S3 USRLN;U.S. Robotics 22Mbps Wireless Lan Adapter;c:\windows\system32\drivers\USRWLAN.SYS [28-7-2005 12:10 155392] . Inhoud van de 'Gedeelde Taken' map 2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{0BA9E3D8-AF1F-4FE1-BFF5-79F00AAEB0B9}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyServer = inet:8080 uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-31 19:05 Windows 5.1.2600 Service Pack 2 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(776) c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-12-31 19:07:31 ComboFix-quarantined-files.txt 2009-12-31 18:07 Pre-Run: 9.773.465.600 bytes beschikbaar Post-Run: 9.739.829.248 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - D8D6207523F6AF8B4D558EC3F95DB35F -
hijack logje plus mbam logje
misteragga plaatste een topic in Archief Bestrijding malware & virussen
hijack logje en mbam na kijken aub. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:24, on 31-12-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\NETGEAR\WN111v2\WN111V2.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = inet:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "D:\cCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261685102296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- End of file - 5895 bytes mbam logje Malwarebytes' Anti-Malware 1.43 Database versie: 3462 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 31-12-2009 15:42:59 mbam-log-2009-12-31 (15-42-59).txt Scan type: Volledige Scan (C:\|D:\|) Objecten gescand: 146263 Verstreken tijd: 27 minute(s), 29 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 1 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) -
ik kan geen netwerkverbinding maken met windows xp ik heb combofix gedraait wat zou ik nog meer kunnen na kijken??
-
na kijken a.u.b
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
nee niet echt -
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:35:07, on 18-12-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\vsnpstd3.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Thuishelp\Zesko\Thuishelp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NETGEAR\WN111v2\WN111v2.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\bitcomet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zesko_McciTrayApp] C:\Program Files\Thuishelp\Zesko\Thuishelp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe O8 - Extra context menu item: &D&ownload &met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alle video met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-be/wlscctrl2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10204 bytes
-
nou als ik me pc op slaap stand zet dan komt die er moeilijk of helemaal niet meer uit okal klik ik op de muis of druk ik op de toetsenbord
-
ik weet niet of ik hier zou moeten zijn kape heeft me door gestuurd met het volgende bericht Neen, malware is nu wel uitgesloten als oorzaak van dat "slaapstand"-probleem. Mag ik je de suggestie doen om met dit probleem te verhuizen naar de "software"-sectie van dit forum. Daar zitten de échte specialisten op dit vlak, die je misschien op het goede spoor kunnen zetten. Vermeld er in je nieuwe bericht wel bij dat alle mogelijke oorzaken door malware al onderzocht zijn. Succes ermee
-
logje, na kijken, a.u.b,
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
dit is het combofix logje ComboFix 09-12-11.05 - brian 12-12-2009 22:00:01.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1790.1024 [GMT 1:00] Gestart vanuit: c:\users\brian\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\brian\AppData\Roaming\.# . (((((((((((((((((((( Bestanden Gemaakt van 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))) . 2009-12-12 21:05 . 2009-12-12 21:05 -------- d-----w- c:\users\brian\AppData\Local\temp 2009-12-12 20:58 . 2009-12-12 20:59 -------- d-----w- C:\32788R22FWJFW 2009-12-11 08:43 . 2009-12-11 08:43 -------- d-----w- c:\users\brian\AppData\Roaming\Hardcore 2009-12-09 17:37 . 2009-12-09 17:37 -------- d-----w- c:\windows\system32\config\systemprofile\.gem 2009-12-09 12:52 . 2009-12-09 12:52 -------- d-----w- c:\users\brian\AppData\Local\DiskAnalyzer 2009-12-09 12:46 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-09 12:46 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 12:46 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 12:38 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-12-09 12:32 . 2009-12-09 12:32 -------- d-----w- c:\program files\NETGEAR 2009-12-09 12:31 . 2009-12-09 12:31 -------- d-----w- c:\programdata\NETGEAR 2009-12-07 23:10 . 2009-12-07 23:10 -------- d-----w- c:\users\brian\AppData\Local\CyberLink 2009-12-07 23:10 . 2009-12-07 23:10 -------- d-----w- c:\users\brian\AppData\Local\SoftDMA 2009-12-07 23:10 . 2009-12-07 23:10 -------- d-----w- c:\users\brian\AppData\Local\Acer Arcade Deluxe 2009-12-06 12:08 . 2009-12-06 12:08 -------- d-----w- c:\program files\Common Files\Motive 2009-12-06 12:03 . 2009-12-06 12:03 -------- d-----w- c:\programdata\Motive 2009-11-27 20:09 . 2009-11-27 20:09 -------- d-----w- c:\program files\Synaptics 2009-11-25 12:21 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 12:07 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 12:07 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll 2009-11-23 17:34 . 2009-11-23 17:34 -------- d-----w- c:\programdata\DiskAnalyzer 2009-11-23 17:30 . 2009-11-23 17:36 -------- d-----w- c:\users\brian\AppData\Local\Extensions 2009-11-23 17:30 . 2008-10-21 15:58 6569984 ----a-w- c:\windows\system32\toolkitpro1202vc80.dll 2009-11-23 17:30 . 2001-07-31 01:40 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-11-23 17:28 . 2009-11-23 17:36 -------- d-----w- c:\programdata\Extensions 2009-11-23 12:33 . 2009-11-23 12:33 -------- d-----w- c:\users\brian\AppData\Roaming\eSobi 2009-11-22 20:29 . 2007-12-16 15:57 75776 ----a-w- c:\windows\system32\drivers\WSVD.sys 2009-11-19 13:36 . 2009-12-07 23:10 -------- d-----w- c:\users\brian\AppData\Roaming\CyberLink 2009-11-19 01:13 . 2009-11-19 01:14 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-14 01:24 . 2009-11-14 01:24 114048 ----a-w- c:\windows\system32\drivers\snapman.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-12 20:44 . 2009-10-08 17:37 -------- d-----w- c:\users\brian\AppData\Roaming\Vso 2009-12-12 20:28 . 2008-01-21 06:47 652386 ----a-w- c:\windows\system32\perfh013.dat 2009-12-12 20:28 . 2008-01-21 06:47 121922 ----a-w- c:\windows\system32\perfc013.dat 2009-12-12 20:24 . 2009-11-11 21:48 271356 ----a-w- c:\programdata\nvModes.dat 2009-12-11 17:24 . 2009-10-01 22:23 -------- d-----w- c:\users\brian\AppData\Roaming\vlc 2009-12-10 16:07 . 2009-10-02 21:17 -------- d-----w- c:\users\brian\AppData\Roaming\dvdcss 2009-12-09 13:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-09 12:46 . 2008-04-07 12:49 -------- d-----w- c:\programdata\Microsoft Help 2009-12-09 12:32 . 2008-04-07 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-07 23:17 . 2009-10-01 16:32 680 ----a-w- c:\users\brian\AppData\Local\d3d9caps.dat 2009-12-06 12:08 . 2009-10-13 18:06 -------- d-----w- c:\program files\Thuishelp 2009-11-27 20:09 . 2009-11-27 20:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2009-11-24 23:54 . 2009-10-19 14:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:50 . 2009-10-19 14:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2009-10-19 14:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2009-10-19 14:23 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-11-24 23:49 . 2009-10-19 14:24 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2009-10-19 14:24 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2009-10-19 14:24 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-21 06:40 . 2009-12-09 12:39 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-09 12:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34 . 2009-12-09 12:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59 . 2009-12-09 12:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 13:35 . 2009-10-18 15:18 -------- d-----w- c:\programdata\NOS 2009-11-11 21:53 . 2009-10-01 19:09 -------- d-----w- c:\programdata\NVIDIA 2009-11-09 15:38 . 2009-10-01 20:41 -------- d-----w- c:\program files\Java 2009-11-08 19:36 . 2009-11-08 19:28 -------- d-----w- c:\users\brian\AppData\Roaming\TeamViewer 2009-11-08 19:28 . 2009-11-08 19:28 -------- d-----w- c:\program files\QS 2009-11-08 19:09 . 2009-11-08 19:09 -------- d-----w- c:\program files\TeamViewer 2009-11-08 18:53 . 2009-11-08 18:53 -------- d--h--w- c:\programdata\CanonBJ 2009-11-06 21:07 . 2009-10-01 22:30 -------- d-----w- c:\program files\Windows Live Safety Center 2009-11-06 20:22 . 2009-10-01 20:44 -------- d-----w- c:\program files\Windows Live 2009-11-06 20:21 . 2009-11-06 20:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-11-06 20:20 . 2009-10-01 23:11 -------- d-----w- c:\program files\Microsoft 2009-11-06 20:20 . 2009-11-06 20:20 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-06 20:16 . 2009-11-06 20:16 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-05 18:25 . 2009-11-05 17:14 -------- d-----w- c:\users\brian\AppData\Roaming\FrostWire 2009-11-05 17:27 . 2009-11-05 17:27 0 ----a-w- c:\users\brian\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe 2009-11-02 11:11 . 2009-11-02 11:11 -------- d-----w- c:\programdata\Soulseek 2009-10-28 23:55 . 2009-10-28 23:55 -------- d-----w- c:\program files\Windows Portable Devices 2009-10-28 23:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-28 23:55 . 2009-10-28 23:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-10-23 19:14 . 2009-10-23 19:14 -------- d-----w- c:\programdata\Messenger Plus! 2009-10-23 16:42 . 2009-10-18 23:49 -------- d-----w- c:\users\brian\AppData\Roaming\LimeWire 2009-10-19 14:23 . 2009-10-19 14:23 -------- d-----w- c:\program files\Alwil Software 2009-10-14 16:05 . 2008-04-07 12:51 -------- d-----w- c:\program files\Microsoft Works 2009-10-11 03:17 . 2009-10-01 20:41 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08 . 2009-10-28 23:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-10-28 23:47 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-10-28 23:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-08 17:37 . 2009-10-08 17:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-10-08 17:37 . 2009-10-08 17:37 47360 ----a-w- c:\users\brian\AppData\Roaming\pcouffin.sys 2009-10-08 17:37 . 2009-10-08 17:37 47360 ----a-w- c:\users\brian\AppData\Roaming\pcouffin.sys 2009-10-01 23:08 . 2009-10-01 16:32 71280 ----a-w- c:\users\brian\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-01 01:02 . 2009-10-28 23:48 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-10-28 23:48 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-10-28 23:48 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-10-28 23:48 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-10-28 23:48 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-10-28 23:48 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-10-28 23:48 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-10-28 23:48 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-10-28 23:48 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-10-28 23:48 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-10-28 23:48 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-10-28 23:48 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-27 22:12 . 2009-09-27 22:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-09-27 22:12 . 2009-09-27 22:12 490088 ----a-w- c:\windows\system32\nvudisp.exe 2009-09-27 22:12 . 2009-09-27 22:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll 2009-09-27 22:12 . 2009-09-27 22:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll 2009-09-27 22:12 . 2009-09-27 22:12 1997416 ----a-w- c:\windows\system32\nvcuda.dll 2009-09-27 22:12 . 2009-09-27 22:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-09-27 22:12 . 2009-09-27 22:12 170600 ----a-w- c:\windows\system32\nvcod167.dll 2009-09-27 22:12 . 2009-09-27 22:12 170600 ----a-w- c:\windows\system32\nvcod.dll 2009-09-27 22:12 . 2009-09-27 22:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll 2009-09-27 22:12 . 2009-03-27 22:03 7614056 ----a-w- c:\windows\system32\nvd3dum.dll 2009-09-27 22:12 . 2009-03-27 22:03 1074280 ----a-w- c:\windows\system32\nvapi.dll 2009-09-27 22:12 . 2008-04-07 11:56 490088 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-09-27 16:47 . 2009-09-27 16:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe 2009-09-27 16:47 . 2009-09-27 16:47 92776 ----a-w- c:\windows\system32\nvmctray.dll 2009-09-27 16:47 . 2009-09-27 16:47 805480 ----a-w- c:\windows\system32\nvsvc.dll 2009-09-27 16:47 . 2009-09-27 16:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll 2009-09-27 16:47 . 2009-09-27 16:47 3553896 ----a-w- c:\windows\system32\nvgames.dll 2009-09-27 16:47 . 2009-09-27 16:47 3172968 ----a-w- c:\windows\system32\nvwss.dll 2009-09-27 16:47 . 2009-09-27 16:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe 2009-09-27 16:47 . 2009-09-27 16:47 195176 ----a-w- c:\windows\system32\nvmccss.dll 2009-09-27 16:47 . 2009-09-27 16:47 150120 ----a-w- c:\windows\system32\nvshext.dll 2009-09-27 16:47 . 2009-09-27 16:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll 2009-09-27 16:47 . 2009-09-27 16:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll 2009-09-27 16:46 . 2009-09-27 16:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll 2009-09-27 16:46 . 2009-09-27 16:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll 2009-09-25 02:10 . 2009-10-28 23:48 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-10-28 23:48 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-10-28 23:48 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-10-28 23:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-10-28 23:48 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-10-28 23:48 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-10-28 23:48 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-10-28 23:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-10-28 23:48 195584 ----a-w- c:\windows\system32\dxdiagn.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-11-23 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000] "Skytel"="Skytel.exe" [2007-11-20 1826816] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-16 821768] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-13 1033512] "Zesko_McciTrayApp"="c:\program files\Thuishelp\Zesko\Thuishelp.exe" [2008-04-14 1455104] c:\users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592] NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111v2.exe [2008-12-2 1728512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:af,32,50,cd,d5,42,ca,01 R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [19-10-2009 15:24 114768] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [1-10-2008 16:44 20384] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [1-10-2009 17:55 61424] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [19-10-2009 15:24 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [19-10-2009 15:23 53328] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3-3-2008 12:11 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [1-10-2009 17:57 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [7-4-2008 13:11 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-4-2008 20:36 45056] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [1-10-2009 17:57 122368] R2 TeamViewer4;TeamViewer 4;d:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7-10-2009 13:50 185640] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23-7-2008 7:24 44064] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25-1-2008 10:12 25088] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-4-2008 20:36 131072] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7-4-2008 22:21 210432] S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16-11-2006 14:36 21504] S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16-11-2006 14:36 20480] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-1-2008 3:23 21504] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29-2-2008 2:07 942080] S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [2-11-2009 11:52 256000] S3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-3-2007 6:51 43008] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30-9-2008 3:20 449536] S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [22-11-2009 21:29 75776] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ IE: &D&ownload &met BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload alle video met BitComet - d:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &D&ownload alles met BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: ziggo.nl\thuishelp . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-12-12 22:05 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(2976) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btmmhook.dll c:\windows\System32\SysHook.dll . Voltooingstijd: 2009-12-12 22:07:55 ComboFix-quarantined-files.txt 2009-12-12 21:07 ComboFix2.txt 2009-10-12 19:45 Pre-Run: 127.225.405.440 bytes beschikbaar Post-Run: 127.205.076.992 bytes beschikbaar - - End Of File - - A41F3063F2041FBA2B8AB5BB49C70048 -
logje, na kijken, a.u.b,
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
ik krijg hem moeilijk of helemaal niet meer uit slaaptstand waar kan het aan liggen? dit is alvast het nieuwe hijacklogje Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:16, on 12-12-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\vsnpstd3.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Thuishelp\Zesko\Thuishelp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NETGEAR\WN111v2\WN111v2.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IELowutil.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\bitcomet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zesko_McciTrayApp] C:\Program Files\Thuishelp\Zesko\Thuishelp.exe O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe O8 - Extra context menu item: &D&ownload &met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alle video met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-be/wlscctrl2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10419 bytes -
hijack logje op virusen controleren a.u.b Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:19:11, on 11-12-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\vsnpstd3.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Thuishelp\Zesko\Thuishelp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\NETGEAR\WN111v2\WN111v2.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe D:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\bitcomet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Zesko_McciTrayApp] C:\Program Files\Thuishelp\Zesko\Thuishelp.exe O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111v2.exe O8 - Extra context menu item: &D&ownload &met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alle video met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://D:\Program Files\bitcomet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-be/wlscctrl2.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10480 bytes
-
logje hjt bekijken
misteragga reageerde op bettina's topic in Archief Bestrijding malware & virussen
niet helemaal er af halen maar tijdelijk uitschakelen hier ziet u hoe het moet Hoe kan ik AVG antivirus tijde... - Virussen en Spyware - Vragen & Antwoorden - DNS zowerkthet.be - Een antwoord op al je vragen over internet
