Ga naar inhoud

sp2 en andere problemen


daveEHV

Aanbevolen berichten

hier het nieuwe log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:22:22, on 28-6-2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\home\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-21-3031723917-1600518869-3245930991-1000\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll

O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll

O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB7BBF4-5484-4488-9278-0AEBB2BEBADE}: NameServer = 208.67.222.222,208.67.220.220

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 7432 bytes

Link naar reactie
Delen op andere sites

  • Reacties 35
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

nou eigenlijk liep alles prima op emsisoft na die hij er wel eens afgooit maar dat komt waarschijnlijk omdat er 2 sleutels in mijn prog zit

maar had verder nog gmer rootkit opgestart en toen laten draaien, ik heb een ntfs systeem dus had alleen files aangevinkt en de drive en showall laten draaien en voetbal gaan kijken, kom ik terug complete system crash gehad niet terug te vinden in mijn logboeken alleen een enkele fout melding dat mijn languagepack niet werkte en die ttsfmon dat die ook niet werkte verder loopt ie prima zover als ik nu kan zien en zoals ik hem nu gebruik ben nu een volledige scan aan het draaien en daarna toch even die gmer.exe laten draaien

als je wat tips hebt heel graag

mvg dave

oh ja en nee ben geen brasser met mijn laptop heb hem ''nieuw'' gekocht bij mediamarkt maar ik was niet de eerste klant vind er zelfs oude gedeeltes uit 2004 en documenten en scan logs uit 2006 en 2008 dus lijkt wel of ik hp zijn zooi aan het opruimen ben lmao

Link naar reactie
Delen op andere sites

ok heb het proje mber.exe gebruikt daar kwam niets uit en de gmer die heeft niet volledig gewerkt want die geeft me systemcrashes en een blauw scherm dus hebt het maar gelaten voor wat het is ohh had ook de catchme.exe gebruikt en daar kwam ook niets uit dus denk dat ik zover niets meer kan doen

vriendelijk bedankt voor je hulp

mvg dave

Link naar reactie
Delen op andere sites

We hebben nog wel pijlen op onze anti malware boog.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

de combofix ging goed maar op het einde kreeg ik 3* een foutmelding

alle drie waren ze van de registry editor die hield op met werken en moest rebooten

na de reboot, starten mozilla firefox niet meer op en mijn internet explororer gelukkig wel anders kon ik mijn log niet meer plaatsen maar hier is ie;

ComboFix 10-06-28.01 - home 29-06-2010 16:20:16.5.2 - x86

Gestart vanuit: c:\users\home\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\kWab.dll

c:\windows\system32\vbzlib1.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-28 to 2010-06-29 ))))))))))))))))))))))))))))))

.

2010-06-29 14:27 . 2010-06-29 14:28 -------- d-----w- c:\users\home\AppData\Local\temp

2010-06-29 14:27 . 2010-06-29 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-29 13:36 . 2010-06-29 13:36 -------- d-----w- c:\users\home\AppData\Roaming\HPAppData

2010-06-29 13:18 . 2010-06-29 13:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-06-29 12:16 . 2010-06-29 12:16 -------- d-----w- c:\program files\CCleaner

2010-06-28 08:11 . 2010-06-28 08:11 -------- d-----w- c:\program files\Unlocker

2010-06-28 07:12 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll

2010-06-28 07:12 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\Vb5db.dll

2010-06-28 06:24 . 2010-06-28 06:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-25 16:49 . 2010-06-25 16:49 -------- d-----w- c:\users\home\AppData\Local\Apps

2010-06-25 11:13 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2010-06-25 11:13 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2010-06-24 21:27 . 2010-06-24 21:27 -------- d-----w- c:\users\home\AppData\Roaming\FixIt

2010-06-24 20:10 . 2010-06-24 20:10 -------- d-----w- c:\users\home\AppData\Local\Adobe

2010-06-24 13:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-24 13:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 21:33 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-22 21:33 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-22 21:33 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-22 21:33 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-22 21:33 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-22 21:03 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 21:03 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-22 11:54 . 2010-06-22 11:54 -------- d-----w- c:\users\home\AppData\Roaming\PC Suite

2010-06-21 03:07 . 2010-06-21 03:10 -------- d-----w- c:\program files\TweakNow RegCleaner

2010-06-21 03:07 . 2010-06-21 03:07 -------- d-----w- c:\users\home\AppData\Roaming\TweakNow RegCleaner

2010-06-21 02:52 . 2010-06-21 02:52 -------- d-----w- c:\program files\ToniArts

2010-06-21 01:44 . 2010-06-21 01:44 -------- d-----w- c:\users\home\AppData\Roaming\Auslogics

2010-06-21 01:43 . 2010-06-21 01:43 -------- d-----w- c:\program files\Auslogics

2010-06-20 22:14 . 2010-06-20 22:14 -------- d-----w- c:\programdata\PC Suite

2010-06-20 21:58 . 2010-06-20 21:58 -------- d-----w- c:\users\home\{50a2dd4a-1e00-4bdd-b72a-daf48ba322fc}

2010-06-20 21:50 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-06-20 21:50 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-06-20 21:50 . 2010-06-20 21:50 -------- dc----w- c:\windows\system32\DRVSTORE

2010-06-20 21:48 . 2010-06-24 19:37 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers

2010-06-20 21:47 . 2009-04-07 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2010-06-20 21:47 . 2009-04-07 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe

2010-06-20 21:47 . 2009-04-07 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2010-06-20 21:46 . 2010-06-24 17:56 -------- d-----w- c:\users\home\AppData\Roaming\Samsung

2010-06-20 21:45 . 2010-06-20 21:45 -------- d-----w- c:\program files\MarkAny

2010-06-20 21:45 . 2010-06-20 21:50 -------- d-----w- c:\program files\PC Connectivity Solution

2010-06-20 21:42 . 2010-06-24 18:30 -------- d-----w- c:\program files\Samsung

2010-06-20 21:39 . 2010-06-20 21:39 -------- d-----w- c:\users\home\AppData\Local\Downloaded Installations

2010-06-15 16:42 . 2010-06-15 16:42 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-15 16:42 . 2010-06-15 16:42 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-13 17:37 . 2010-06-13 17:37 -------- d-----w- c:\program files\Microsoft.NET

2010-06-13 17:32 . 2010-06-13 17:32 -------- d-----r- C:\MSOCache

2010-06-10 23:13 . 2010-06-10 23:13 -------- d-----w- c:\program files\WinPcap

2010-06-10 23:07 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-06-09 16:57 . 2010-06-09 17:01 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-31 22:34 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-05-31 22:33 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2010-05-31 22:33 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2010-05-31 22:33 . 2010-05-27 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-31 22:33 . 2010-05-31 22:34 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-05-31 22:11 . 2010-05-31 22:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-05-31 22:11 . 2010-06-29 12:38 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-05-31 19:32 . 2010-06-28 10:33 -------- d-----w- C:\OidView

2010-05-31 19:32 . 1998-09-01 06:44 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll

2010-05-31 17:18 . 2010-05-31 17:18 -------- d-----w- c:\users\home\AppData\Local\SolarWinds

2010-05-31 17:17 . 2010-05-31 17:17 -------- d-----w- c:\programdata\SolarWinds

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-29 13:35 . 2009-02-28 14:33 666044 ----a-w- c:\windows\system32\perfh013.dat

2010-06-29 13:35 . 2009-02-28 14:33 126022 ----a-w- c:\windows\system32\perfc013.dat

2010-06-29 13:30 . 2009-12-20 12:15 -------- d-----w- c:\programdata\Kaspersky Lab

2010-06-29 12:38 . 2010-02-14 08:20 -------- d-----w- c:\users\home\AppData\Roaming\vlc

2010-06-29 12:38 . 2009-12-20 16:44 -------- d-----w- c:\users\home\AppData\Roaming\uTorrent

2010-06-29 12:38 . 2010-04-21 19:22 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-29 11:48 . 2010-03-27 17:30 -------- d-----w- c:\program files\Nero

2010-06-28 19:11 . 2009-11-02 14:50 -------- d-----w- c:\users\home\AppData\Roaming\Media Player Classic

2010-06-28 19:08 . 2010-05-17 19:54 -------- d-----w- c:\program files\DsNET Corp

2010-06-28 11:03 . 2009-02-28 08:01 -------- d-----w- c:\program files\Java

2010-06-26 13:12 . 2010-04-21 19:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-06-26 11:39 . 2009-10-27 17:24 76216 ----a-w- c:\users\home\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-26 11:38 . 2009-10-27 17:15 -------- d-----w- c:\programdata\Microsoft Help

2010-06-25 11:15 . 2010-06-25 11:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-06-25 11:15 . 2010-06-25 11:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-06-24 19:45 . 2009-11-13 17:42 7512 ----a-w- c:\users\home\AppData\Local\d3d9caps.dat

2010-06-24 17:02 . 2010-05-23 01:12 -------- d-----w- c:\program files\WhatsRunning

2010-06-24 13:46 . 2010-05-23 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-21 14:49 . 2010-01-27 19:28 -------- d-----w- c:\program files\MRU-Blaster

2010-06-21 02:52 . 2009-02-28 06:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-13 17:39 . 2009-10-27 17:16 -------- d-----w- c:\program files\Microsoft Works

2010-06-12 12:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-05 17:27 . 2009-10-27 22:02 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-01 00:12 . 2009-11-03 20:06 -------- d-----w- c:\users\home\AppData\Roaming\HpUpdate

2010-05-30 12:50 . 2010-05-23 00:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-30 12:50 . 2010-04-14 22:41 -------- d-----w- c:\programdata\DivX

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\DivX

2010-05-30 12:47 . 2010-05-23 00:14 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-29 16:55 . 2009-10-27 20:32 -------- d-----w- c:\program files\Google

2010-05-27 20:32 . 2010-05-27 20:32 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-05-27 20:31 . 2008-07-24 16:46 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-05-27 20:31 . 2008-07-24 16:26 165160 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-05-27 20:31 . 2010-05-27 20:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll

2010-05-27 20:31 . 2008-07-24 16:11 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-05-26 17:36 . 2009-10-27 22:02 -------- d-----w- c:\program files\Microsoft

2010-05-26 17:06 . 2010-06-10 23:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-10 23:08 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-23 18:59 . 2010-05-23 18:59 -------- d-----w- c:\programdata\Malwarebytes

2010-05-23 00:18 . 2010-05-23 00:18 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-05-23 00:13 . 2010-05-23 00:18 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-05-18 07:57 . 2009-12-26 13:48 -------- d-----w- c:\program files\uTorrent

2010-05-16 19:21 . 2010-05-16 19:21 -------- d-----w- c:\program files\VS Revo Group

2010-05-16 19:02 . 2009-11-23 00:28 -------- d-----w- c:\program files\Common Files\Real

2010-05-14 11:20 . 2009-12-20 21:31 -------- d-----w- c:\users\home\AppData\Roaming\SBMAV Disk Cleaner

2010-05-05 16:39 . 2009-12-20 13:01 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-05-05 16:39 . 2009-12-20 13:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-05-04 05:59 . 2010-06-10 23:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-10 23:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 05:55 . 2010-06-10 23:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 04:31 . 2010-06-10 23:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-03 17:52 . 2010-05-03 17:52 388096 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-01 16:56 . 2010-05-01 16:56 247296 ----a-w- c:\windows\system32\wbem\WMIPRVSE.EXE

2010-04-23 14:13 . 2010-05-26 16:43 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-22 00:44 . 2010-04-22 00:42 23209 ----a-w- c:\windows\hpqins15.dat

2010-04-20 23:02 . 2010-04-20 23:02 20 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\as\pas4\ForDiff\base.keb.bat

2010-04-16 16:43 . 2010-06-22 21:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-04-16 16:43 . 2010-06-22 21:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-04-16 16:43 . 2010-06-22 21:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-04-16 16:43 . 2010-06-22 21:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-04-05 17:01 . 2010-06-10 23:08 67072 ----a-w- c:\windows\system32\asycfilt.dll

2009-02-28 14:50 . 2009-02-28 14:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-06-29 3627912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]

2008-12-25 12:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

2008-11-28 17:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 09:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2008-11-18 18:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-11-23 00:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]

2008-12-25 12:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

2009-05-08 16:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-14 21:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"VistaSp2"=hex(B):50,9d,48,44,6b,59,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3031723917-1600518869-3245930991-1000]

"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-06-29 1935120]

R2 BSSNMPTRAP;ByteSphere Trap Manager;c:\oidview\trap_manager.exe [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 136176]

R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-29 71008]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]

R3 TfNetMon;TfNetMon; [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-05 691696]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-05-15 39576]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/10/27 16:12];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - A2UTIL

*NewlyCreated* - FSUSBEXDISK

*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 16:52]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 16:52]

2010-06-28 c:\windows\Tasks\HPCeeScheduleForhome.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll

TCP: {5BB7BBF4-5484-4488-9278-0AEBB2BEBADE} = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2e1wqqg9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=21a3ZOhAu0ecYJ6YRpP6cQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77cea0e3&searchfor=

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

.

------- Bestandsassociaties -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-29 16:28

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

Voltooingstijd: 2010-06-29 16:31:49

ComboFix-quarantined-files.txt 2010-06-29 14:31

Pre-Run: 207.741.247.488 bytes beschikbaar

Post-Run: 207.712.415.744 bytes beschikbaar

- - End Of File - - A96DAB971D1539CA1E2DE8B20545DA1E

Link naar reactie
Delen op andere sites

De foutmelding omtrent ttsfmon wordt veroorzaakt door problemen met ThreatFire van PC Tools. Indien je dat nog gebruikt zal je dat opnieuw moeten installeren. Doe dat wel eerst vóór je aan het onderstaande begint.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

FireFox::

FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2e1wqqg9.default\

FF - prefs.js: keyword.URL –

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ik gebruik pctools allang niet meer dat is toch (spyware doctor)??

in mijn run mru zaten de restjes van pctools en threatfire heb ze leegemaakt nu is de vraag of ik de cfs script kan maken ??

aangepast door daveEHV
Link naar reactie
Delen op andere sites

heb het cfscript.exe gedaan en een nieuwe combo

foutmeldingen; regisytry editor 2* gesloten en mozilla firefox werkt nog steeds niet

ComboFix 10-06-29.03 - home 30-06-2010 13:15:28.6.2 - x86

Gestart vanuit: c:\users\home\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\home\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-28 to 2010-06-30 ))))))))))))))))))))))))))))))

.

2010-06-30 11:22 . 2010-06-30 11:30 -------- d-----w- c:\users\home\AppData\Local\temp

2010-06-30 11:22 . 2010-06-30 11:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-06-30 11:22 . 2010-06-30 11:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-30 10:28 . 2010-06-30 10:28 -------- d-----w- c:\program files\ok-s.com

2010-06-29 13:18 . 2010-06-30 10:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-06-29 12:16 . 2010-06-29 12:16 -------- d-----w- c:\program files\CCleaner

2010-06-28 08:11 . 2010-06-28 08:11 -------- d-----w- c:\program files\Unlocker

2010-06-28 07:12 . 1998-12-02 08:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll

2010-06-28 07:12 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\Vb5db.dll

2010-06-28 06:24 . 2010-06-28 06:23 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-25 16:49 . 2010-06-25 16:49 -------- d-----w- c:\users\home\AppData\Local\Apps

2010-06-25 11:13 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2010-06-25 11:13 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2010-06-24 21:27 . 2010-06-24 21:27 -------- d-----w- c:\users\home\AppData\Roaming\FixIt

2010-06-24 20:10 . 2010-06-24 20:10 -------- d-----w- c:\users\home\AppData\Local\Adobe

2010-06-24 13:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-24 13:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-22 21:33 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-06-22 21:33 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-06-22 21:33 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-06-22 21:33 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-06-22 21:33 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-06-22 21:03 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-06-22 21:03 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-06-22 11:54 . 2010-06-22 11:54 -------- d-----w- c:\users\home\AppData\Roaming\PC Suite

2010-06-21 03:07 . 2010-06-21 03:10 -------- d-----w- c:\program files\TweakNow RegCleaner

2010-06-21 03:07 . 2010-06-21 03:07 -------- d-----w- c:\users\home\AppData\Roaming\TweakNow RegCleaner

2010-06-21 02:52 . 2010-06-21 02:52 -------- d-----w- c:\program files\ToniArts

2010-06-21 01:44 . 2010-06-21 01:44 -------- d-----w- c:\users\home\AppData\Roaming\Auslogics

2010-06-21 01:43 . 2010-06-21 01:43 -------- d-----w- c:\program files\Auslogics

2010-06-20 22:14 . 2010-06-20 22:14 -------- d-----w- c:\programdata\PC Suite

2010-06-20 21:58 . 2010-06-20 21:58 -------- d-----w- c:\users\home\{50a2dd4a-1e00-4bdd-b72a-daf48ba322fc}

2010-06-20 21:50 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2010-06-20 21:50 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-06-20 21:50 . 2010-06-20 21:50 -------- dc----w- c:\windows\system32\DRVSTORE

2010-06-20 21:48 . 2010-06-24 19:37 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers

2010-06-20 21:47 . 2009-04-07 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2010-06-20 21:47 . 2009-04-07 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe

2010-06-20 21:47 . 2009-04-07 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2010-06-20 21:46 . 2010-06-24 17:56 -------- d-----w- c:\users\home\AppData\Roaming\Samsung

2010-06-20 21:45 . 2010-06-20 21:45 -------- d-----w- c:\program files\MarkAny

2010-06-20 21:45 . 2010-06-20 21:50 -------- d-----w- c:\program files\PC Connectivity Solution

2010-06-20 21:42 . 2010-06-24 18:30 -------- d-----w- c:\program files\Samsung

2010-06-20 21:39 . 2010-06-20 21:39 -------- d-----w- c:\users\home\AppData\Local\Downloaded Installations

2010-06-15 16:42 . 2010-06-15 16:42 133648 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-15 16:42 . 2010-06-15 16:42 133720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll

2010-06-13 17:37 . 2010-06-13 17:37 -------- d-----w- c:\program files\Microsoft.NET

2010-06-13 17:32 . 2010-06-13 17:32 -------- d-----r- C:\MSOCache

2010-06-10 23:13 . 2010-06-10 23:13 -------- d-----w- c:\program files\WinPcap

2010-06-10 23:07 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-06-09 16:57 . 2010-06-09 17:01 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-31 22:34 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-05-31 22:33 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

2010-05-31 22:33 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2010-05-31 22:33 . 2010-05-27 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-31 22:33 . 2010-05-31 22:34 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-05-31 22:11 . 2010-05-31 22:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar

2010-05-31 22:11 . 2010-06-29 12:38 -------- d-----w- c:\program files\DAEMON Tools Lite

2010-05-31 19:32 . 2010-06-28 10:33 -------- d-----w- C:\OidView

2010-05-31 19:32 . 1998-09-01 06:44 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll

2010-05-31 17:18 . 2010-05-31 17:18 -------- d-----w- c:\users\home\AppData\Local\SolarWinds

2010-05-31 17:17 . 2010-05-31 17:17 -------- d-----w- c:\programdata\SolarWinds

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-30 10:58 . 2009-02-28 14:33 666044 ----a-w- c:\windows\system32\perfh013.dat

2010-06-30 10:58 . 2009-02-28 14:33 126022 ----a-w- c:\windows\system32\perfc013.dat

2010-06-30 10:53 . 2009-12-20 12:15 -------- d-----w- c:\programdata\Kaspersky Lab

2010-06-29 12:38 . 2010-02-14 08:20 -------- d-----w- c:\users\home\AppData\Roaming\vlc

2010-06-29 12:38 . 2009-12-20 16:44 -------- d-----w- c:\users\home\AppData\Roaming\uTorrent

2010-06-29 12:38 . 2010-04-21 19:22 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-06-29 11:48 . 2010-03-27 17:30 -------- d-----w- c:\program files\Nero

2010-06-28 19:11 . 2009-11-02 14:50 -------- d-----w- c:\users\home\AppData\Roaming\Media Player Classic

2010-06-28 19:08 . 2010-05-17 19:54 -------- d-----w- c:\program files\DsNET Corp

2010-06-28 11:03 . 2009-02-28 08:01 -------- d-----w- c:\program files\Java

2010-06-26 13:12 . 2010-04-21 19:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-06-26 11:39 . 2009-10-27 17:24 76216 ----a-w- c:\users\home\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-26 11:38 . 2009-10-27 17:15 -------- d-----w- c:\programdata\Microsoft Help

2010-06-25 11:15 . 2010-06-25 11:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-06-25 11:15 . 2010-06-25 11:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-06-24 19:45 . 2009-11-13 17:42 7512 ----a-w- c:\users\home\AppData\Local\d3d9caps.dat

2010-06-24 17:02 . 2010-05-23 01:12 -------- d-----w- c:\program files\WhatsRunning

2010-06-24 13:46 . 2010-05-23 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-21 14:49 . 2010-01-27 19:28 -------- d-----w- c:\program files\MRU-Blaster

2010-06-21 02:52 . 2009-02-28 06:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-13 17:39 . 2009-10-27 17:16 -------- d-----w- c:\program files\Microsoft Works

2010-06-12 12:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-06-05 17:27 . 2009-10-27 22:02 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-01 00:12 . 2009-11-03 20:06 -------- d-----w- c:\users\home\AppData\Roaming\HpUpdate

2010-05-30 12:50 . 2010-05-23 00:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-30 12:50 . 2010-04-14 22:41 -------- d-----w- c:\programdata\DivX

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-05-30 12:50 . 2009-11-10 01:54 -------- d-----w- c:\program files\DivX

2010-05-30 12:47 . 2010-05-23 00:14 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-29 16:55 . 2009-10-27 20:32 -------- d-----w- c:\program files\Google

2010-05-27 20:32 . 2010-05-27 20:32 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-05-27 20:31 . 2008-07-24 16:46 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-05-27 20:31 . 2008-07-24 16:26 165160 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-05-27 20:31 . 2010-05-27 20:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll

2010-05-27 20:31 . 2008-07-24 16:11 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-05-26 17:36 . 2009-10-27 22:02 -------- d-----w- c:\program files\Microsoft

2010-05-26 17:06 . 2010-06-10 23:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-10 23:08 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-23 18:59 . 2010-05-23 18:59 -------- d-----w- c:\programdata\Malwarebytes

2010-05-23 00:18 . 2010-05-23 00:18 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe

2010-05-23 00:13 . 2010-05-23 00:18 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe

2010-05-18 07:57 . 2009-12-26 13:48 -------- d-----w- c:\program files\uTorrent

2010-05-16 19:21 . 2010-05-16 19:21 -------- d-----w- c:\program files\VS Revo Group

2010-05-16 19:02 . 2009-11-23 00:28 -------- d-----w- c:\program files\Common Files\Real

2010-05-14 11:20 . 2009-12-20 21:31 -------- d-----w- c:\users\home\AppData\Roaming\SBMAV Disk Cleaner

2010-05-05 16:39 . 2009-12-20 13:01 113933 ----a-w- c:\windows\system32\drivers\klin.dat

2010-05-05 16:39 . 2009-12-20 13:01 97549 ----a-w- c:\windows\system32\drivers\klick.dat

2010-05-04 05:59 . 2010-06-10 23:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55 . 2010-06-10 23:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 05:55 . 2010-06-10 23:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 04:31 . 2010-06-10 23:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-05-03 17:52 . 2010-05-03 17:52 388096 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-01 16:56 . 2010-05-01 16:56 247296 ----a-w- c:\windows\system32\wbem\WMIPRVSE.EXE

2010-04-23 14:13 . 2010-05-26 16:43 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-22 00:44 . 2010-04-22 00:42 23209 ----a-w- c:\windows\hpqins15.dat

2010-04-20 23:02 . 2010-04-20 23:02 20 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\as\pas4\ForDiff\base.keb.bat

2010-04-16 16:43 . 2010-06-22 21:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-04-16 16:43 . 2010-06-22 21:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2010-04-16 16:43 . 2010-06-22 21:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-04-16 16:43 . 2010-06-22 21:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll

2010-04-05 17:01 . 2010-06-10 23:08 67072 ----a-w- c:\windows\system32\asycfilt.dll

2009-02-28 14:50 . 2009-02-28 14:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2010-06-29 3627912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]

2008-12-25 12:41 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

2008-11-28 17:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 09:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2008-11-18 18:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-11-23 00:28 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]

2008-12-25 12:41 1316136 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

2009-05-08 16:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-14 21:02 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2008-10-30 10:51 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-13 17:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-11-26 10:34 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"VistaSp2"=hex(B):50,9d,48,44,6b,59,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3031723917-1600518869-3245930991-1000]

"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-06-29 1935120]

R2 BSSNMPTRAP;ByteSphere Trap Manager;c:\oidview\trap_manager.exe [x]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 136176]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-29 71008]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]

R3 TfNetMon;TfNetMon; [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-05 691696]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-05-15 39576]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-03-22 20560]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/10/27 16:12];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - PROCEXP141

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 16:52]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 16:52]

2010-06-28 c:\windows\Tasks\HPCeeScheduleForhome.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll

TCP: {5BB7BBF4-5484-4488-9278-0AEBB2BEBADE} = 208.67.222.222,208.67.220.220

FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\2e1wqqg9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=21a3ZOhAu0ecYJ6YRpP6cQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77cea0e3&searchfor=

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-30 13:30

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\users\home\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

Voltooingstijd: 2010-06-30 13:33:41

ComboFix-quarantined-files.txt 2010-06-30 11:33

ComboFix2.txt 2010-06-29 14:31

Pre-Run: 203.886.411.776 bytes beschikbaar

Post-Run: 203.860.889.600 bytes beschikbaar

- - End Of File - - 6FD8C79A4E45855E53F88A85C2978CBF

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.