Ga naar inhoud

Xanthi

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    15

  • Registratiedatum

  • Laatst bezocht

Xanthi's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. Xanthi
    Problem solved by Norton Removal Tool (Grrrr@!*`$#...) Hallo allemaal, Op een US forum vond ik een tip om de Norton Removal Tool te gebruiken. FF draaien en het probleem was opgelost! Ik had het niet meer aktieve Norton al "normaal" verwijderd, via configscherm, maar daardoor wordt het blijkbaar onherkende malware. Is dit nu nog ergens te reconstrueren in de afgelopen berichten? Welnu eenieder toch heel erg bedankt voor jullie pogingen mij te helpen. Groeten, Xanthi:flybye:
  2. Xanthi
    netsh winsock reset heeft helaas ook geen effect. Kan het zijn dat, de op de achtergrond geladen windowsupdates onze acties verstoren? GMER liep ook in veilige modus 3x vast tijdens Device\HarddiskVolumeShadowCopy1. Daarop heb ik alle vinkjes rechtsboven uitgezet en alleen Device geprobeerd. Dat was de oorzaak. Als ik alle vinkjes aanzette behalve de devicecheck liep de scan door. Vreemd genoeg liep de gehele check, met devices aan, daarna ook volledig. Welnu hieronder het volledige log. Ook hoop dat je er iets mee kunt. GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-05-01 21:57:25 Windows 6.0.6002 Service Pack 2 Running: tm3b2nid.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\fwecafow.sys ---- System - GMER 1.0.15 ---- INT 0x72 ? 84F34F00 INT 0x82 ? 84F34F00 INT 0x92 ? 84A17BF8 INT 0xA2 ? 84A17BF8 INT 0xB2 ? 84A17BF8 INT 0xB2 ? 84A17BF8 INT 0xB2 ? 84F34F00 INT 0xB2 ? 84A17BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spdb.sys Het systeem kan het opgegeven pad niet vinden. ! .text USBPORT.SYS!DllUnload 87FCD41B 5 Bytes JMP 84F344E0 .text afk32wma.SYS 87D9A000 22 Bytes [82, F3, E1, 81, 6C, F2, E1, ...] .text afk32wma.SYS 87D9A017 181 Bytes [00, 32, 37, 7A, 80, 3D, 35, ...] .text afk32wma.SYS 87D9A0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...] .text afk32wma.SYS 87D9A0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...] .text afk32wma.SYS 87D9A0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8069A6D2] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069A040] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8069A7FC] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8069A0BE] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069A13C] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806AA048] \SystemRoot\System32\Drivers\spdb.sys IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortNotification] CC000CC2 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortMoveMemory] 00012284 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0 IAT \SystemRoot\System32\Drivers\afk32wma.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A1C1F8 Device \FileSystem\fastfat \FatCdrom 8524E1F8 Device \Driver\volmgr \Device\VolMgrControl 84A191F8 Device \Driver\usbuhci \Device\USBPDO-0 84F8A1F8 Device \Driver\usbuhci \Device\USBPDO-1 84F8A1F8 Device \Driver\usbuhci \Device\USBPDO-2 84F8A1F8 Device \Driver\sptd \Device\3175595596 spdb.sys Device \Driver\usbuhci \Device\USBPDO-3 84F8A1F8 Device \Driver\usbehci \Device\USBPDO-4 84F8C320 Device \Driver\USBSTOR \Device\00000063 8517E1F8 Device \Driver\volmgr \Device\HarddiskVolume1 84A191F8 Device \Driver\USBSTOR \Device\00000064 8517E1F8 Device \Driver\volmgr \Device\HarddiskVolume2 84A191F8 Device \Driver\cdrom \Device\CdRom0 84F8B1F8 Device \Driver\USBSTOR \Device\00000065 8517E1F8 Device \Driver\volmgr \Device\HarddiskVolume3 84A191F8 Device \Driver\cdrom \Device\CdRom1 84F8B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84A1B1F8 Device \Driver\atapi \Device\Ide\IdePort0 84A1B1F8 Device \Driver\atapi \Device\Ide\IdePort1 84A1B1F8 Device \Driver\atapi \Device\Ide\IdePort2 84A1B1F8 Device \Driver\atapi \Device\Ide\IdePort3 84A1B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 84A1B1F8 Device \Driver\USBSTOR \Device\00000066 8517E1F8 Device \Driver\volmgr \Device\HarddiskVolume4 84A191F8 Device \Driver\USBSTOR \Device\00000067 8517E1F8 Device \Driver\volmgr \Device\HarddiskVolume5 84A191F8 Device \Driver\volmgr \Device\HarddiskVolume6 84A191F8 Device \Driver\PCI_PNP1587 \Device\0000004b spdb.sys Device \Driver\iScsiPrt \Device\RaidPort0 84FC81F8 Device \Driver\usbuhci \Device\USBFDO-0 84F8A1F8 Device \Driver\usbuhci \Device\USBFDO-1 84F8A1F8 Device \Driver\usbuhci \Device\USBFDO-2 84F8A1F8 Device \Driver\usbuhci \Device\USBFDO-3 84F8A1F8 Device \Driver\usbehci \Device\USBFDO-4 84F8C320 Device \Driver\afk32wma \Device\Scsi\afk32wma1Port5Path0Target0Lun0 84FC4418 Device \Driver\afk32wma \Device\Scsi\afk32wma1 84FC4418 Device \FileSystem\fastfat \Fat 8524E1F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs 84F4F500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x9D 0xDE 0x6F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xED 0x12 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7F 0x20 0x8A 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x67 0x9D 0xDE 0x6F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xED 0x12 0x36 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7F 0x20 0x8A 0x29 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Electronic Arts\The Godfather\xae The Game\eauninstall.exe 1 ---- EOF - GMER 1.0.15 ----
  3. Xanthi
    De user is admin. Ook geprobeerd, maar ook crash. Hij leek de laatste keer vast te lopen bij "device shadowcopy1"
  4. Xanthi
    De scan begint wel, maar na ca. 30 swc. krijg ik een blue screen en herstart de PC Ik de verschillende schakelopties van gmer uitgeschakeld, maar het helpt niet Na 5 keer crash heb ik het opgegeven. Ik heb al de meeste opstartprogs en services uitgeschakeld. ipconfig /flushdns had ik al eens vermoedt en eerder geprobeerd. Helaas geen effect. Het vreemde is dat hij wel verbindingen kan maken met update services van applicaties als MS, Apple of Daemon en daar updates van download. Kan het iets te maken hebben met foute DNS vertalingen?
  5. Xanthi
    Helaas alle drie de browsers starten wel op, maar gaven aan dat ze geen verbinding kunnen maken. Na de laatste 2 scan acties doet Firefox helemaal niets meer. Via de achterdeur is bijv. MS IE gisteren wel geupdated, want hij stelt vragen over de voorkeur browser. Zoals eerder gemeld, pingen naar bijv. google.com werkt wel. In het netwerkicoontje rechtsonder zegt hij dat hij netwerk èn internet verbinding heeft. Ik heb ook eens een nieuwe user (admininstrator) aangemaakt. Maar ook daar dezelfde browser problemen. Ik weet het niet meer. Wat maak jij op uit de logs?
  6. Xanthi
    ComboFix 10-04-26.05 - Alexander 28-04-2010 22:46:33.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1120 [GMT 2:00] Gestart vanuit: c:\users\Alexander\Desktop\scan.exe gebruikte Opdracht switches :: c:\users\Alexander\Desktop\CFScript.txt FILE :: "c:\temp\autorun.bin" "c:\windows\system32\swctl.dll" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\temp\autorun.bin c:\windows\system32\swctl.dll . (((((((((((((((((((( Bestanden Gemaakt van 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))) . 2010-04-28 21:09 . 2010-04-28 21:09 -------- d-----w- c:\users\Alexander\AppData\Local\temp 2010-04-28 21:09 . 2010-04-28 21:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-28 21:09 . 2010-04-28 21:09 -------- d-----w- c:\users\niki\AppData\Local\temp 2010-04-28 21:09 . 2010-04-28 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\programdata\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-23 12:43 . 2010-04-23 12:43 -------- d-----w- c:\windows\CheckSur 2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- C:\inetpub 2010-04-19 19:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-19 19:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-19 19:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-19 19:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-19 19:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-19 19:18 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-19 19:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-19 19:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-19 18:27 . 2010-04-19 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-19 18:27 . 2010-04-19 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-19 17:34 . 2010-04-19 17:39 -------- d-----w- c:\programdata\NOS 2010-04-19 17:17 . 2010-04-28 21:09 -------- d-----w- C:\Temp 2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\users\Alexander\AppData\Roaming\WinBatch 2010-04-19 17:17 . 2008-07-07 10:39 789504 ----a-w- c:\temp\SFDNWIN.exe 2010-04-19 17:17 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-19 17:17 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-19 17:17 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-04 19:48 . 2010-04-04 19:48 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-04 19:42 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-04-04 19:42 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-04-04 19:42 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-04-04 19:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2010-04-04 19:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2010-04-04 19:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2010-04-04 19:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2010-04-04 19:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2010-04-04 19:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2010-04-04 19:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2010-04-04 19:40 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2010-04-04 19:40 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2010-04-04 19:40 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2010-04-04 19:40 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll 2010-04-04 19:39 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-04-04 19:39 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-04-04 19:39 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-04-04 19:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-04-04 19:38 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-04-04 19:38 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\ca-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\eu-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\vi-VN 2010-04-04 18:27 . 2010-04-04 18:27 -------- d-----w- c:\windows\system32\EventProviders . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 20:19 . 2007-10-31 00:09 746314 ----a-w- c:\windows\system32\perfh013.dat 2010-04-28 20:19 . 2007-10-31 00:09 157504 ----a-w- c:\windows\system32\perfc013.dat 2010-04-27 20:51 . 2009-02-04 20:38 -------- d-----w- c:\programdata\Google Updater 2010-04-27 18:56 . 2008-07-25 19:26 -------- d-----w- c:\users\Alexander\AppData\Roaming\DNA 2010-04-27 18:45 . 2009-12-25 18:30 -------- d-----w- c:\program files\DNA 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\programdata\Symantec 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-26 18:29 . 2007-10-30 16:30 -------- d-----w- c:\program files\Norton Internet Security 2010-04-22 19:29 . 2008-05-02 20:01 -------- d-----w- c:\users\Alexander\AppData\Roaming\Apple Computer 2010-04-22 10:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-22 10:46 . 2010-01-27 16:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\BitTorrent 2010-04-04 19:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-04 19:48 . 2010-04-04 19:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-04-04 19:47 . 2010-04-04 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-03-31 14:48 . 2008-03-05 17:39 -------- d-----w- c:\program files\Call of Duty 2010-03-31 14:24 . 2008-07-09 13:59 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-31 14:24 . 2008-07-09 13:59 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-19 13:46 . 2010-01-13 20:33 69 ----a-w- c:\users\Alexander\jagex_runescape_preferences2.dat 2010-03-19 13:45 . 2009-02-20 21:06 41 ----a-w- c:\users\Alexander\jagex_runescape_preferences.dat 2010-03-14 20:18 . 2008-01-29 20:56 1812 ----a-w- c:\users\Alexander\AppData\Roaming\wklnhst.dat 2010-03-12 06:24 . 2010-03-12 06:23 -------- d-----w- c:\program files\iTunes 2010-03-12 06:23 . 2010-03-12 06:23 -------- d-----w- c:\program files\iPod 2010-03-12 06:23 . 2008-05-02 19:57 -------- d-----w- c:\program files\Common Files\Apple 2010-03-12 06:20 . 2010-03-12 06:20 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-12 06:19 . 2010-03-12 06:19 -------- d-----w- c:\program files\Safari 2010-03-12 06:18 . 2010-03-12 06:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 682280 ----a-w- c:\windows\system32\pbsvc.exe 2010-03-01 17:55 . 2008-07-09 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-01 17:24 . 2010-03-01 17:24 -------- d-----w- c:\program files\Activision 2010-02-25 16:48 . 2008-01-29 20:10 115120 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-02 20:31 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 12:38 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 12:38 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 12:38 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-05-03 10:17 . 2008-02-23 18:14 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-03 10:17 . 2008-02-23 18:14 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-03 10:17 . 2008-02-23 18:14 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-03 10:17 . 2008-02-23 18:14 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-03 10:17 . 2008-02-23 18:14 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-01-29 21:41 . 2008-01-29 21:41 22 --sha-w- c:\windows\SMINST\HPCD.sys 2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2008-02-20 3963384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:8e,66,d9,13,28,d4,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-18 717296] R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844] R4 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-01-21 851972] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 261680] S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2008-01-29 952808] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - COMHOST *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 20:43] 2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{58774050-DB70-4723-B221-61377EA9B879}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\26bi2vws.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2046702&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Shareware.Pro-NE Customized Web Search FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYNL&fl=0&ptb=E25KRkRDPP6lUp6SKU_37w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3}\components\FFExternalAlert.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-28 23:09 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e9,a7,4c,df,3a,ab,2c,a7,21,38,1c,ae,d4,25,53,33,f0,ec,c6,e3,ed,27,a5, 3d,f0,16,88,70,6c,0f,dc,c8,9e,80,63,dc,aa,93,d6,ad,43,b4,d1,14,37,43,5c,bd,\ "??"=hex:4a,18,9c,7a,0e,7c,a1,12,8f,5d,11,c7,a2,cd,08,55 [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:1c,96,98,21,1c,16,f2,79,37,88,05,4b,0d,6a,9f,1e,f2,e7,ba,9a,68, 89,10,83,00,1b,ac,bb,c8,e6,a3,31,39,a9,f6,74,3c,f4,5a,ad,b9,e1,93,8d,fb,07,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . Voltooingstijd: 2010-04-28 23:12:59 ComboFix-quarantined-files.txt 2010-04-28 21:12 ComboFix2.txt 2010-04-28 18:20 ComboFix3.txt 2010-04-27 21:10 Pre-Run: 125.265.018.880 bytes beschikbaar Post-Run: 125.229.678.592 bytes beschikbaar - - End Of File - - 26AE07E680F49CCCF3284EFE7775A001
  7. Xanthi
    Het blijft vreemd. MS UPdates worden gedownload. iTunes detecteert updates... Maar IE, Firefox en Safari blijven dood. Hier het laatste log: ComboFix 10-04-26.05 - Alexander 28-04-2010 19:36:20.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1382 [GMT 2:00] Gestart vanuit: c:\users\Alexander\Desktop\scan.exe gebruikte Opdracht switches :: c:\users\Alexander\Desktop\CFScript.txt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\swctl.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_swipcciimjxtbr -------\Service_szlragreckpkqe (((((((((((((((((((( Bestanden Gemaakt van 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))) . 2010-04-28 18:12 . 2010-04-28 18:12 86 ----a-w- c:\windows\system32\swctl.dll 2010-04-28 18:00 . 2010-04-28 18:13 -------- d-----w- c:\users\Alexander\AppData\Local\temp 2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\niki\AppData\Local\temp 2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\programdata\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-23 12:43 . 2010-04-23 12:43 -------- d-----w- c:\windows\CheckSur 2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- C:\inetpub 2010-04-19 19:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-19 19:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-19 19:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-19 19:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-19 19:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-19 19:18 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-19 19:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-19 19:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-19 18:27 . 2010-04-19 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-19 18:27 . 2010-04-19 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-19 17:34 . 2010-04-19 17:39 -------- d-----w- c:\programdata\NOS 2010-04-19 17:17 . 2008-07-07 15:22 2097152 ----a-w- c:\temp\autorun.bin 2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- C:\Temp 2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\users\Alexander\AppData\Roaming\WinBatch 2010-04-19 17:17 . 2008-07-07 10:39 789504 ----a-w- c:\temp\SFDNWIN.exe 2010-04-19 17:17 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-19 17:17 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-19 17:17 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-04 19:48 . 2010-04-04 19:48 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-04 19:42 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-04-04 19:42 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-04-04 19:42 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-04-04 19:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2010-04-04 19:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2010-04-04 19:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2010-04-04 19:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2010-04-04 19:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2010-04-04 19:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2010-04-04 19:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2010-04-04 19:40 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2010-04-04 19:40 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2010-04-04 19:40 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2010-04-04 19:40 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll 2010-04-04 19:39 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-04-04 19:39 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-04-04 19:39 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-04-04 19:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-04-04 19:38 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-04-04 19:38 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\ca-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\eu-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\vi-VN 2010-04-04 18:27 . 2010-04-04 18:27 -------- d-----w- c:\windows\system32\EventProviders . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 17:31 . 2007-10-31 00:09 746314 ----a-w- c:\windows\system32\perfh013.dat 2010-04-28 17:31 . 2007-10-31 00:09 157504 ----a-w- c:\windows\system32\perfc013.dat 2010-04-27 20:51 . 2009-02-04 20:38 -------- d-----w- c:\programdata\Google Updater 2010-04-27 18:56 . 2008-07-25 19:26 -------- d-----w- c:\users\Alexander\AppData\Roaming\DNA 2010-04-27 18:45 . 2009-12-25 18:30 -------- d-----w- c:\program files\DNA 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\programdata\Symantec 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-26 18:29 . 2007-10-30 16:30 -------- d-----w- c:\program files\Norton Internet Security 2010-04-22 19:29 . 2008-05-02 20:01 -------- d-----w- c:\users\Alexander\AppData\Roaming\Apple Computer 2010-04-22 10:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-22 10:46 . 2010-01-27 16:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\BitTorrent 2010-04-04 19:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-04 19:48 . 2010-04-04 19:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-04-04 19:47 . 2010-04-04 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-03-31 14:48 . 2008-03-05 17:39 -------- d-----w- c:\program files\Call of Duty 2010-03-31 14:24 . 2008-07-09 13:59 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-31 14:24 . 2008-07-09 13:59 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-19 13:46 . 2010-01-13 20:33 69 ----a-w- c:\users\Alexander\jagex_runescape_preferences2.dat 2010-03-19 13:45 . 2009-02-20 21:06 41 ----a-w- c:\users\Alexander\jagex_runescape_preferences.dat 2010-03-14 20:18 . 2008-01-29 20:56 1812 ----a-w- c:\users\Alexander\AppData\Roaming\wklnhst.dat 2010-03-12 06:24 . 2010-03-12 06:23 -------- d-----w- c:\program files\iTunes 2010-03-12 06:23 . 2010-03-12 06:23 -------- d-----w- c:\program files\iPod 2010-03-12 06:23 . 2008-05-02 19:57 -------- d-----w- c:\program files\Common Files\Apple 2010-03-12 06:20 . 2010-03-12 06:20 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-12 06:19 . 2010-03-12 06:19 -------- d-----w- c:\program files\Safari 2010-03-12 06:18 . 2010-03-12 06:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 682280 ----a-w- c:\windows\system32\pbsvc.exe 2010-03-01 17:55 . 2008-07-09 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-01 17:24 . 2010-03-01 17:24 -------- d-----w- c:\program files\Activision 2010-02-25 16:48 . 2008-01-29 20:10 115120 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-02 20:31 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 12:38 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 12:38 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 12:38 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-05-03 10:17 . 2008-02-23 18:14 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-03 10:17 . 2008-02-23 18:14 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-03 10:17 . 2008-02-23 18:14 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-03 10:17 . 2008-02-23 18:14 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-03 10:17 . 2008-02-23 18:14 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-01-29 21:41 . 2008-01-29 21:41 22 --sha-w- c:\windows\SMINST\HPCD.sys 2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2008-02-20 3963384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:8e,66,d9,13,28,d4,ca,01 R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844] R4 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-01-21 851972] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-18 717296] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 261680] S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2008-01-29 952808] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - COMHOST *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 20:43] 2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{58774050-DB70-4723-B221-61377EA9B879}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\26bi2vws.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2046702&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Shareware.Pro-NE Customized Web Search FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYNL&fl=0&ptb=E25KRkRDPP6lUp6SKU_37w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3}\components\FFExternalAlert.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-28 20:12 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1D1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x881abd24 \Driver\ACPI -> acpi.sys @ 0x805bbd68 \Driver\atapi -> 0x84a1d1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e9,a7,4c,df,3a,ab,2c,a7,21,38,1c,ae,d4,25,53,33,f0,ec,c6,e3,ed,27,a5, 3d,f0,16,88,70,6c,0f,dc,c8,9e,80,63,dc,aa,93,d6,ad,43,b4,d1,14,37,43,5c,bd,\ "??"=hex:4a,18,9c,7a,0e,7c,a1,12,8f,5d,11,c7,a2,cd,08,55 [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:1c,96,98,21,1c,16,f2,79,37,88,05,4b,0d,6a,9f,1e,f2,e7,ba,9a,68, 89,10,83,00,1b,ac,bb,c8,e6,a3,31,39,a9,f6,74,3c,f4,5a,ad,b9,e1,93,8d,fb,07,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\schtasks.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\jusched.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-04-28 20:20:40 - machine werd herstart ComboFix-quarantined-files.txt 2010-04-28 18:20 ComboFix2.txt 2010-04-27 21:10 Pre-Run: 127.130.480.640 bytes beschikbaar Post-Run: 126.863.331.328 bytes beschikbaar - - End Of File - - 4A564F59BD0D051B0DE1CC0C66FB5295
  8. Xanthi
    Hier de combi log. Ik hoop dat je er iets uit kunt halen. ComboFix 10-04-26.05 - Alexander 27-04-2010 22:16:18.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1391 [GMT 2:00] Gestart vanuit: c:\users\Alexander\Desktop\scan.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\eSellerateEngine.dll c:\windows\system32\bin c:\windows\system32\SWCTL.DLL . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Boonty Games (((((((((((((((((((( Bestanden Gemaakt van 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))) . 2010-04-27 20:40 . 2010-04-27 21:03 -------- d-----w- c:\users\Alexander\AppData\Local\temp 2010-04-27 20:40 . 2010-04-27 20:40 -------- d-----w- c:\users\niki\AppData\Local\temp 2010-04-27 20:40 . 2010-04-27 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\programdata\Malwarebytes 2010-04-26 17:38 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-23 12:43 . 2010-04-23 12:43 -------- d-----w- c:\windows\CheckSur 2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- C:\inetpub 2010-04-19 19:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-19 19:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-19 19:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-19 19:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-19 19:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-19 19:18 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-19 19:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-19 19:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-19 18:27 . 2010-04-19 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-19 18:27 . 2010-04-19 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-04-19 17:34 . 2010-04-19 17:39 -------- d-----w- c:\programdata\NOS 2010-04-19 17:17 . 2008-07-07 15:22 2097152 ----a-w- c:\temp\autorun.bin 2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- C:\Temp 2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\users\Alexander\AppData\Roaming\WinBatch 2010-04-19 17:17 . 2008-07-07 10:39 789504 ----a-w- c:\temp\SFDNWIN.exe 2010-04-19 17:17 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-19 17:17 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-19 17:17 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-04 19:48 . 2010-04-04 19:48 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-04 19:42 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-04-04 19:42 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-04-04 19:42 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-04-04 19:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2010-04-04 19:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2010-04-04 19:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2010-04-04 19:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2010-04-04 19:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2010-04-04 19:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2010-04-04 19:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2010-04-04 19:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2010-04-04 19:40 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2010-04-04 19:40 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2010-04-04 19:40 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2010-04-04 19:40 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll 2010-04-04 19:39 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-04-04 19:39 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-04-04 19:39 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-04-04 19:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-04-04 19:38 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-04-04 19:38 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\ca-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\eu-ES 2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\vi-VN 2010-04-04 18:27 . 2010-04-04 18:27 -------- d-----w- c:\windows\system32\EventProviders . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-27 20:56 . 2007-10-31 00:09 746314 ----a-w- c:\windows\system32\perfh013.dat 2010-04-27 20:56 . 2007-10-31 00:09 157504 ----a-w- c:\windows\system32\perfc013.dat 2010-04-27 20:51 . 2009-02-04 20:38 -------- d-----w- c:\programdata\Google Updater 2010-04-27 18:56 . 2008-07-25 19:26 -------- d-----w- c:\users\Alexander\AppData\Roaming\DNA 2010-04-27 18:45 . 2009-12-25 18:30 -------- d-----w- c:\program files\DNA 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\programdata\Symantec 2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-26 18:29 . 2007-10-30 16:30 -------- d-----w- c:\program files\Norton Internet Security 2010-04-22 19:29 . 2008-05-02 20:01 -------- d-----w- c:\users\Alexander\AppData\Roaming\Apple Computer 2010-04-22 10:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-22 10:46 . 2010-01-27 16:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\BitTorrent 2010-04-04 19:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-04 19:48 . 2010-04-04 19:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-04-04 19:47 . 2010-04-04 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-03-31 14:48 . 2008-03-05 17:39 -------- d-----w- c:\program files\Call of Duty 2010-03-31 14:24 . 2008-07-09 13:59 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-31 14:24 . 2008-07-09 13:59 202448 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-19 13:46 . 2010-01-13 20:33 69 ----a-w- c:\users\Alexander\jagex_runescape_preferences2.dat 2010-03-19 13:45 . 2009-02-20 21:06 41 ----a-w- c:\users\Alexander\jagex_runescape_preferences.dat 2010-03-14 20:18 . 2008-01-29 20:56 1812 ----a-w- c:\users\Alexander\AppData\Roaming\wklnhst.dat 2010-03-12 06:24 . 2010-03-12 06:23 -------- d-----w- c:\program files\iTunes 2010-03-12 06:23 . 2010-03-12 06:23 -------- d-----w- c:\program files\iPod 2010-03-12 06:23 . 2008-05-02 19:57 -------- d-----w- c:\program files\Common Files\Apple 2010-03-12 06:20 . 2010-03-12 06:20 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-12 06:19 . 2010-03-12 06:19 -------- d-----w- c:\program files\Safari 2010-03-12 06:18 . 2010-03-12 06:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys 2010-03-01 17:55 . 2008-12-24 20:23 682280 ----a-w- c:\windows\system32\pbsvc.exe 2010-03-01 17:55 . 2008-07-09 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-01 17:24 . 2010-03-01 17:24 -------- d-----w- c:\program files\Activision 2010-02-25 16:48 . 2008-01-29 20:10 115120 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-02 20:31 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-03-31 07:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-03-31 07:37 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-03-31 07:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-03-31 07:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 12:38 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 12:38 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 12:38 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-05-03 10:17 . 2008-02-23 18:14 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-03 10:17 . 2008-02-23 18:14 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-03 10:17 . 2008-02-23 18:14 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-03 10:17 . 2008-02-23 18:14 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-03 10:17 . 2008-02-23 18:14 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-01-29 21:41 . 2008-01-29 21:41 22 --sha-w- c:\windows\SMINST\HPCD.sys 2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608] "ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2008-02-20 3963384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:8e,66,d9,13,28,d4,ca,01 R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844] R4 swipcciimjxtbr;swipcciimjxtbr; [x] R4 szlragreckpkqe;szlragreckpkqe; [x] R4 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-01-21 851972] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-18 717296] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 261680] S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2008-01-29 952808] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - COMHOST *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-04-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 20:43] 2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{58774050-DB70-4723-B221-61377EA9B879}.job - c:\windows\system32\msfeedssync.exe [2010-03-31 04:54] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\26bi2vws.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2046702&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Shareware.Pro-NE Customized Web Search FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYNL&fl=0&ptb=E25KRkRDPP6lUp6SKU_37w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\program files\Mozilla Firefox\extensions\{11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3}\components\FFExternalAlert.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file) WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file) AddRemove-HyperCam - c:\program files\HyperCam\Uninstall.exe AddRemove-Peer2Peer-NE Toolbar - c:\progra~1\PEER2P~1\UNWISE.EXE AddRemove-Soldier of Fortune II - Double Helix MP TEST - c:\progra~1\SOLDIE~1\Uninstall\Unwise.exe AddRemove-Swords and Sandals 1 - c:\program files\Fizzy\Swords and Sandals 1\uninst.exe AddRemove-TorrentMan Toolbar - c:\progra~1\TORREN~1\UNWISE.EXE AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE AddRemove-Jane's Hotel - Family Hero Deluxe - c:\users\Alexander\AppData\Local\Zylom Games\Jane's Hotel - Family Hero Deluxe\GameInstlr.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-27 23:04 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1D1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x881a5d24 \Driver\ACPI -> acpi.sys @ 0x805c1d68 \Driver\atapi -> 0x84a1d1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swipcciimjxtbr] "ImagePath"=" " [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\szlragreckpkqe] "ImagePath"=" " . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e9,a7,4c,df,3a,ab,2c,a7,21,38,1c,ae,d4,25,53,33,f0,ec,c6,e3,ed,27,a5, 3d,f0,16,88,70,6c,0f,dc,c8,9e,80,63,dc,aa,93,d6,ad,43,b4,d1,14,37,43,5c,bd,\ "??"=hex:4a,18,9c,7a,0e,7c,a1,12,8f,5d,11,c7,a2,cd,08,55 [HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:1c,96,98,21,1c,16,f2,79,37,88,05,4b,0d,6a,9f,1e,f2,e7,ba,9a,68, 89,10,83,00,1b,ac,bb,c8,e6,a3,31,39,a9,f6,74,3c,f4,5a,ad,b9,e1,93,8d,fb,07,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\windows\system32\schtasks.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\jusched.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2010-04-27 23:10:29 - machine werd herstart ComboFix-quarantined-files.txt 2010-04-27 21:10 Pre-Run: 123.336.527.872 bytes beschikbaar Post-Run: 125.304.545.280 bytes beschikbaar - - End Of File - - D873A538E5F12456A9A139CBF7304141
  9. Xanthi
    Ik kan op de probleemmachine inderdaad nog geen internetverbinding krijgen. Op de goed werkende machine kan ik MBAM wel updaten naar 4043 Echter als ik de hele MBAM map via een stick kopieer naar de probleemPC start hij daar 3937 op. Blijkbaar bewaart hij de update ergens anders? Wat kan ik nu nog doen, behalve MBAM, want die vindt niets meer?
  10. Xanthi
    inderdaad (en volgens mij staat er nog meer troep op, die niet nodig is) Zit de update dan in de exe en niet in een aparte database?
  11. Xanthi
    Hallo Kape, Wat voor service is die szlragreckpkqe eigenlijk? Als ik erop Google kom ik alleen bij deze thread... MBAM kan ik op die machine niet updaten, want daar heeft hij geen verbinding. Ik heb wel de scan al gestart. Deze is net klaar, met 239 infecties Zal ik hem nog updaten? Waar staat de databaseupdate? Dan kopieer ik hem wel. ---------- Post toegevoegd om 19:59 ---------- Vorige post was om 19:51 ---------- MBAM logfile: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversie: 3930 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 26-4-2010 19:49:01 mbam-log-2010-04-26 (19-49-01).txt Scantype: Snelle scan Objecten gescand: 116075 Verstreken tijd: 6 minuut/minuten, 55 seconde(n) Geheugenprocessen geïnfecteerd: 2 Geheugenmodulen geïnfecteerd: 3 Registersleutels geïnfecteerd: 114 Registerwaarden geïnfecteerd: 4 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 23 Bestanden geïnfecteerd: 93 Geheugenprocessen geïnfecteerd: C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\ProgramData\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MS AntiSpyware 2009 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\sai2963.tmp (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\yyy18355.exe (Trojan.Renos) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\yyy18371.exe (Trojan.Renos) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\sai37E4.tmp (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\sai480F.tmp (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\saiA4EE.tmp (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\saiEAE3.tmp (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpe.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpg.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\ProgramData\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20081211180217798.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A0D0A (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A1766 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A1A24.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A1BE9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A1D9E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\001A1F04.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MS AntiSpyware 2009\MS AntiSpyware 2009.lnk (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Alexander\AppData\Local\Temp\~tmpf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. ================================================================ Hier de logfile van HiJack na MBAM: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:53:12, on 26-4-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\cchservice.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Windows\System32\cc32\webtmr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\RtHDVCpl.exe C:\Windows\vsnpstd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\tray\wintmr.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\schtasks.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\jusched.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Alexander\Desktop\HiJackThis.exe C:\Program Files\iPod\bin\iPodService.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | Compaq R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CCWinTray] C:\Windows\Tray\wintmr.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: szlragreckpkqe - Helper - c:\windows\system32\hphjoegs.exe O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\Windows\system32\cchservice.exe -- End of file - 9708 bytes
  12. Xanthi
    OK, ik heb geduld...
  13. Xanthi
    Hallo Stegi, Was het weekend niet bereikbaar. Ziehier het log van een doorsnee puberPC. Wat hoort er niet in thuis? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:17:02, on 25-4-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\cchservice.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Windows\System32\cc32\webtmr.exe C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\RtHDVCpl.exe C:\Windows\vsnpstd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\tray\wintmr.exe C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\schtasks.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\jusched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\iPod\bin\iPodService.exe K:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hyves.nl: always in touch with your friends R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | Compaq R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | Compaq R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Hyves R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (file missing) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Peer2Peer-NE Toolbar - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - C:\Program Files\Peer2Peer-NE\tbPeer.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (file missing) O3 - Toolbar: Peer2Peer-NE Toolbar - {c0d70ed8-d984-40c3-9666-8939ce76ea13} - C:\Program Files\Peer2Peer-NE\tbPeer.dll (file missing) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ChicoSys] C:\Windows\system32\cc32\webtmr.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [CCWinTray] C:\Windows\Tray\wintmr.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; HYVES)" -"Hunter - Shoot 'Em Up Games at Miniclip.com - Play Free Online Games" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Registration Assassin's Creed.LNK = C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe O4 - Global Startup: Start 3DxWare.lnk = C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm924YYNL O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/CursorManiaInitialSetup1.0.1.1.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://solvagroep.webex.com/client/T26L/webex/ieatgpc1.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: szlragreckpkqe - Helper - c:\windows\system32\hphjoegs.exe O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\Windows\system32\cchservice.exe -- End of file - 12706 bytes
  14. Xanthi
    Ja, al geprobeerd. (sorry, vergeten te vermelden)
  15. Xanthi
    Hallo, Ik zie dat hier serieus gewerkt wordt en problemen opgelost worden. Welnu, één van onze PC's (op een router, alles bedraad) had ineens geen internet meer via MS IE8. Firefox deed het wel nog. Andere PC's op zelfde router zijn overigens OK. Na de laatste MS autoupdate deed Firefox en Safari het ook niet meer! Ook na verwijderen van de update, geen verbinding meer. Pingen naar sites werkt. Zelfs de MS autoupdates komen binnen! Waarom willen de browsers niet meer. Ik weet niet meer waar ik zoeken moet...
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.