Winterkoning
Lid-
Items
24 -
Registratiedatum
-
Laatst bezocht
Winterkoning's prestaties
-
Intel RST-service wordt niet uitgevoerd
Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen
Ik heb die intel sata driver geinstalleerd. Hij was weliswaar ouder dan de driver die ik had maar het probleem is opgelost. Bedankt! -
Intel RST-service wordt niet uitgevoerd
Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen
Gedaan. Geen fouten gevonden. Nog andere opties? Bijvoorbeeld driver vervangen? -
Intel RST-service wordt niet uitgevoerd
Winterkoning reageerde op Winterkoning's topic in Archief Windows Algemeen
Dit topic had ik idd al gelezen en uitgevoerd. Dus die Service staat nu op "uitgeschakeld" maar net zoals die andere persoon beschrijft staat er nog wel steeds dezelfde foutmelding in het systeemvak. Maar bij mij blijft de melding ook na een paar keer opnieuw opstarten. -
Dag, Ondanks dat ik al op een aantal fora (ook op dit forum) dit probleem heb gelezen, heb ik het niet opgelost gekregen. In mijn systeembalk zit sinds een tijdje een blauw kringetje om het symbool van de harde schijf. Als ik mijn muis er bij houdt geeft het: Intel RST-service wordt niet uitgevoerd. Ik heb geen flauw idee wat er aan de hand is maar heb het idee dat het energie trekt van mijn Laptop en wellicht doet iets het niet meer. Ik begreep dat het te maken heeft met de RAID opslag technologie bedoeld voor meerdere schijven? Volgens mij heb ik slechts 1 harde schijf in mijn laptop ACER Aspire V3-571G en zou ik deze technologie helemaal niet nodig hebben(?) Kan iemand mij uitleggen wat deze RST service zou moeten doen? en wat ik het beste kan doen? groeten Matthijs
-
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Ok dat heb ik gedaan. Nu is het wel gelukt. Ik was de spatie de vorige keer vergeten. Dan denk ik dat we dit onderwerp kunnen aflsuiten. Ik ben tevreden. Bedankt voor de hulp! -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
misschien een gekke vraag hoor, maar hoe doe ik "start" en dan "uitvoeren". Ik heb alleen een search programms veld nadat ik op de start knop heb geklikt. Bedoel je hiermee dat ik naar Dos moet? Als ik in Dos het commando Combofix/uninstall geef snapt ie het niet. En Combofix/U doet ie ook niet. Ik heb ook niet de indruk dat Combofix is geinstalleerd omdat het programma niet kan vinden als ik bij programmas kijk of uninstall via control panel wil doen . Ik heb alleen een combofix.exe op het bureaublad. Die heb ik handmatig verwijderd. (eehh eigenlijk heb ik hem weer opgestart om te kijken of ik dan ergens een menu kon vinden om hem te uninstallen. En toen heb ik de Combofix vlak voordat ie begon te scannen weggeklikt door op kruis rechtsboven te klikken). Ik wacht je instructie weer af. -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Ja nu speelt de mediaspeler ineens mijn cd niet meer. Dat is sinds jouw aanwijzingen. Als ik er een cd in doe dan opent de laptop direct de mediaplayer maar hij herkent de nummers niet. Bij het eerste nummer komt een roodkruis te staan en daarna stopt het, hij speelt helemaal niets. Mp3's speelt ie wel gewoon. Ook met bijv. VLC player herkent hij mijn cd niet. En google chrome heeft nog steeds deze: Babylon Search startpagina ingesteld. Die ga ik nu weer in mijn eigen voorkeurssite veranderen. Het log toont een schone laptop begrijp ik? Begrijp jij iets van die Babylon startpagina? Kan het zijn dat er een instelling van de mediaplayer is veranderd waardoor hij originele muziekcds niet meer herkent? -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Hier het resultaat na het vernieuwde script: ComboFix 11-11-06.01 - Matthijs 06-11-2011 14:59:54.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1124 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 14:08 . 2011-11-06 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 13:53 . 2011-11-06 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.startup.homepage - google.nl . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 15:10:29 ComboFix-quarantined-files.txt 2011-11-06 14:10 ComboFix2.txt 2011-11-06 10:45 ComboFix3.txt 2011-11-06 09:04 . Pre-Run: 21.430.968.320 bytes free Post-Run: 21.381.148.672 bytes free . - - End Of File - - CBBCDBCA65BC4BBF4058D32572721310 -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Hier het nieuwe log: ComboFix 11-11-06.01 - Matthijs 06-11-2011 11:34:38.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1208 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Babylon c:\users\Matthijs\AppData\Local\Babylon c:\users\Matthijs\AppData\Local\Babylon\Setup\bab033.tbinst.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\Babylon.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.dll c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.exe c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\common.js c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\eula.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.css c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.js c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page9.html c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\title2.png c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup.exe c:\users\Matthijs\AppData\Local\Babylon\Setup\SetupStrings.dat c:\users\Matthijs\AppData\Local\Babylon\Setup\sqlite3.dll c:\users\Matthijs\AppData\Roaming\Babylon c:\users\Matthijs\AppData\Roaming\Babylon\log_file.txt . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 10:42 . 2011-11-06 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 09:15 . 2011-11-06 09:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - google.nl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 11:45:03 ComboFix-quarantined-files.txt 2011-11-06 10:45 ComboFix2.txt 2011-11-06 09:04 . Pre-Run: 21.348.065.280 bytes free Post-Run: 21.296.971.776 bytes free . - - End Of File - - E622F8ECC3529BBFDCB5A2DD271645D3 -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Bye the way ik kwam er gisteren ook achter dat bijvoorbeeld mijn google chrome browser die ik bijna nooit gebruik ineens de Babylon zoekmachine als homepage had. Dit terwijl ik dacht Babylon compleet verwijderd te hebben. Het resultaat van Combofix: ComboFix 11-11-06.01 - Matthijs 06-11-2011 9:45.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1062 [GMT 1:00] Running from: c:\users\Matthijs\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Setup.exe c:\program files\WindowsInstaller-KB893803-v2-x86.exe c:\users\Matthijs\AppData\Roaming\Desktopicon . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 08:55 . 2011-11-06 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-06 06:54 . 2011-11-06 06:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll 2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro 2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Local\Babylon 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Roaming\Babylon 2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\programdata\Babylon 2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll 2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi 2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether] 2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series] 2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408] R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472] S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job - c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58 FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - google.nl FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-11-06 10:04:10 ComboFix-quarantined-files.txt 2011-11-06 09:04 . Pre-Run: 21.863.632.896 bytes free Post-Run: 21.531.537.408 bytes free . - - End Of File - - 208ED635794EEEF514D687CE61FE29DD Hoe ziet het er uit? Weet jij wat voor functie de files hadden die dit programma nu gedelete heeft? -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Neem mij niet kwalijk. Ik had niet gelezen dat er ook weer een hijacklog bij moest. Bij deze: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:51:13, on 5-11-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\Matthijs\Downloads\CoreTemp32\Core Temp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Public\Documents\KillSkypeHome.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: KillSkypeHome.lnk = Public\Documents\KillSkypeHome.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7037 bytes Ik ben benieuwd! -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Uitgevoerd. Maar zoals eerder beschreven geeft MalwareAntiMalware geen problemen aan. zie ook log: Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 8090 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5-11-2011 17:14:39 mbam-log-2011-11-05 (17-14-39).txt Scantype: Snelle scan Objecten gescand: 161037 Verstreken tijd: 6 minuut/minuten, 29 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Betekent dat dat mijn laptop brandschoon is? Zie de hijacklog er goed uit? -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Dank je voor je snelle reacties! -
Hijack this log nakijken
Winterkoning reageerde op Winterkoning's topic in Archief Bestrijding malware & virussen
Hier is mijn scan resultaat wil iemand dit bedoordelen? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:21:53, on 5-11-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Users\Matthijs\Downloads\CoreTemp32\Core Temp.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\Public\Documents\KillSkypeHome.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Matthijs\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: KillSkypeHome.lnk = Public\Documents\KillSkypeHome.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7386 bytes -
Hallo, Onlangs heb ik Babylon search op mijn laptop gekregen zonder dat ik het wilde. Op zich heb ik het redelijk makkelijk kunnen verwijderen, maar ik vind het wel een beetje onheilspellend dat er blijkbaar zomaar bestanden op mijn laptop zijn gezet en ook dat de homepage werd veranderd. Ookal vindt Malware/AntiMalware niets meer (met snelle scan althans). En geven Avira Antivir en SuperAntispyware geen problemen meer, zou het mij niet verbazen als je lang dezelfde antivirus/malware software gebruikt dat het minder veilig wordt omdat hackers/criminelen daar misschien omheengaan of iets dergelijks. Zou iemand (een expert) eens willen kijken hoe het er voor staat met mijn laptop en eventuele door criminelen geinstalleerde software die mijn gegevens (wachtwoorden etc) oppikt. Ik heb begrepen dat dit met een hijack log kan? Zo ja dan wacht ik instructies af. groet, Rutger
OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!