Ga naar inhoud

windows verkenner problemen

daveEHV
 Delen

Aanbevolen berichten

daveEHV Vaste Klant

daveEHV

Geplaatst:
Geplaatst:

ik krijg regelmatig een fout melding van mijn windows verkenner en krijg het probleem niet gevonden. Ik heb laatst wel een trojan gevonden via MBAM wat ik raar vond want gebruik avast

ook geeft de avast regelmatig problemen aan ik krijg zelf zo snel niets gevonden. Misschien dat mijn hijack log iets uitwijst

mvg dave

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:30:39, on 2-4-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\dave\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: ::1 localhost

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 11117 bytes

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "IS360service - IObit"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "IS360service - IObit"

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista of windows 7 kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
daveEHV Vaste Klant

daveEHV

Geplaatst:
  • Auteur
Geplaatst:

hallo kweezie wabbit

ik had ook de avast in in safe mode gebruikt en die vond 2 wma besmettingen

hier beide logs

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 6245

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19019

2-4-2011 11:11:52

mbam-log-2011-04-02 (11-11-52).txt

Scantype: Snelle scan

Objecten gescand: 154387

Verstreken tijd: 5 minuut/minuten, 11 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:13:31, on 2-4-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\dave\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 10556 bytes

mvg dave

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Verwijder de map C:\Program Files\IObit.

Ruim het register op met CCleaner.

Download CCleaner. (Als je het nog niet hebt)

Installeer het en start CCleaner op.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, lees dan deze handleiding.

Maak nu een nieuw logje met Hijackthis.

Link naar reactie
Delen op andere sites
kweezie wabbit Grootmeester

kweezie wabbit

Geplaatst:
Geplaatst:

Dan proberen we een andere manier.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites
daveEHV Vaste Klant

daveEHV

Geplaatst:
  • Auteur
Geplaatst:

hallo kweezie

sorry voor de late reactie maar hier alsnog het combo fix log

ComboFix 11-04-07.08 - dave 08-04-2011 13:12:20.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1749 [GMT 1:00]

Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dave\AppData\Roaming\EurekaLog

c:\users\dave\AppData\Roaming\EurekaLog\EurekaLog.ini

c:\users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-08 to 2011-04-08 ))))))))))))))))))))))))))))))

.

.

2011-04-08 12:26 . 2011-04-08 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-08 12:26 . 2011-04-08 12:27 -------- d-----w- c:\users\dave\AppData\Local\temp

2011-04-08 11:50 . 2011-04-08 11:50 -------- d-----w- c:\users\dave\AppData\Local\{6A0C1C8A-37DD-43FB-9057-053FFD734D98}

2011-04-08 11:11 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB3C802-24A6-467A-8EF9-593C77DF0C55}\mpengine.dll

2011-04-07 13:01 . 2011-04-07 13:01 -------- d-----w- c:\users\dave\AppData\Local\{1FCE2FB9-1BFE-406F-86FB-D2D93C2B6CD0}

2011-04-06 19:18 . 2011-04-06 19:19 -------- d-----w- c:\users\dave\AppData\Local\{A9428B6A-8950-42F9-AE7E-5103AFA4584E}

2011-04-05 02:12 . 2011-04-05 02:12 -------- d-----w- c:\users\dave\AppData\Local\{9149657B-D12F-4809-945B-40649089F4BA}

2011-04-03 11:50 . 2011-04-08 11:05 -------- d-----w- c:\users\dave\AppData\Roaming\skypePM

2011-04-03 11:47 . 2011-04-08 12:18 -------- d-----w- c:\users\dave\AppData\Roaming\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----w- c:\program files\Common Files\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----r- c:\program files\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----w- c:\programdata\Skype

2011-04-03 10:12 . 2011-04-03 10:12 -------- d-----w- c:\users\dave\AppData\Local\{9054F92C-2B11-4808-A828-6B7B717904F7}

2011-04-02 18:12 . 2011-04-02 18:13 -------- d-----w- c:\users\dave\AppData\Local\{B6FC537D-6556-4242-BA88-B63A77989413}

2011-04-01 23:15 . 2011-04-01 23:15 -------- d-----w- c:\users\dave\AppData\Local\{88A7D8EA-FB67-4AD5-96FA-81CAB303A86F}

2011-04-01 10:02 . 2011-04-01 10:02 -------- d-----w- c:\users\dave\AppData\Local\{CD8568A4-ED05-4DC2-A3F7-529CB14FDB07}

2011-03-29 20:40 . 2011-03-29 20:41 -------- d-----w- c:\users\dave\AppData\Local\{9E584186-3DE0-437C-9CA0-7F38344E5D24}

2011-03-28 19:23 . 2011-03-28 19:23 -------- d-----w- c:\windows\Hewlett-Packard

2011-03-28 10:46 . 2011-03-28 10:47 -------- d-----w- c:\users\dave\AppData\Local\{1883167D-5D9E-476B-B610-0B309FCEF703}

2011-03-27 15:06 . 2011-03-27 15:06 -------- d-----w- c:\users\dave\AppData\Local\{B57DE986-1B1F-43EF-B28E-21FDEFD43E00}

2011-03-25 15:30 . 2011-03-25 15:30 -------- d-----w- c:\users\dave\AppData\Local\{D1FB2075-1A69-434C-B486-FD31AAD602E3}

2011-03-24 07:58 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-23 20:19 . 2011-03-23 20:20 -------- d-----w- c:\users\dave\AppData\Local\{21A2E46E-0DF5-47E9-8EB0-EB2396473793}

2011-03-22 20:41 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-22 20:41 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-22 20:41 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-03-22 20:34 . 2011-03-22 20:34 -------- d-----w- c:\users\dave\AppData\Local\{075C8CE7-7C91-492C-9113-3B1F22586736}

2011-03-21 21:56 . 2011-03-21 21:56 -------- d-----w- c:\users\dave\AppData\Local\{2B5D6882-BF0A-4877-BD26-4CEE2B5737A5}

2011-03-19 03:06 . 2011-03-19 03:06 -------- d-----w- c:\users\dave\AppData\Local\{9E0CD4E2-721D-4485-8965-B279F7EEFBBB}

2011-03-18 09:38 . 2011-03-18 09:38 -------- d-----w- c:\users\dave\AppData\Local\{CB56AE56-9D9C-4EED-A613-487FFAAE475D}

2011-03-13 16:03 . 2011-03-13 16:04 -------- d-----w- c:\users\dave\AppData\Local\{9D2AB439-1CD7-4CA6-BD0B-835956FF8AA9}

2011-03-12 06:27 . 2011-03-12 06:27 -------- d-----w- c:\users\dave\AppData\Local\{3658103B-7669-4634-9180-482C08D655EB}

2011-03-11 18:26 . 2011-03-11 18:26 -------- d-----w- c:\users\dave\AppData\Local\{50B731C8-F11B-493A-A2D4-A3B59214B1CB}

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-23 15:04 . 2011-02-03 20:58 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 15:04 . 2011-02-03 20:58 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-23 14:56 . 2011-02-03 20:59 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-23 14:55 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-23 14:55 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-23 14:55 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-23 14:54 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-19 18:45 . 2011-02-19 18:45 722718 ----a-w- c:\windows\unins000.exe

2011-02-19 17:14 . 2010-09-29 14:34 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-02-19 17:14 . 2010-09-29 14:34 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-19 17:14 . 2010-09-29 14:34 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-19 17:14 . 2010-09-29 14:34 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-19 17:14 . 2010-09-29 14:34 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-02-02 20:40 . 2010-10-05 20:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 17:11 . 2010-10-04 23:52 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-09 11:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-09 11:29 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-09 11:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-09 11:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-09 11:29 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:08 . 2011-02-09 11:29 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:07 . 2011-02-09 11:29 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-09 11:29 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-09 11:29 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-09 11:29 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-09 11:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-09 11:29 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-09 11:29 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-09 11:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-09 11:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-09 11:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-09 11:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-09 11:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-09 11:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-09 11:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-09 11:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-09 11:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-09 11:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-09 11:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-09 11:29 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 17:11 . 2011-01-08 17:08 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-08 17037704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F1C2.tmp [x]

R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-08 c:\windows\Tasks\HPCeeScheduleFordave.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102399&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

AddRemove-CCleaner - f:\program files\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-08 13:27

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F1C2.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

Voltooingstijd: 2011-04-08 13:42:56

ComboFix-quarantined-files.txt 2011-04-08 12:42

.

Pre-Run: 214.616.113.152 bytes beschikbaar

Post-Run: 214.548.578.304 bytes beschikbaar

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - CF9C5D0D7027AEB750DBFA81AA5F721F

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\unins000.exe

Folder::

c:\users\dave\AppData\Local\{6A0C1C8A-37DD-43FB-9057-053FFD734D98}

c:\users\dave\AppData\Local\{1FCE2FB9-1BFE-406F-86FB-D2D93C2B6CD0}

c:\users\dave\AppData\Local\{A9428B6A-8950-42F9-AE7E-5103AFA4584E}

c:\users\dave\AppData\Local\{9149657B-D12F-4809-945B-40649089F4BA}

c:\users\dave\AppData\Local\{9054F92C-2B11-4808-A828-6B7B717904F7}

c:\users\dave\AppData\Local\{B6FC537D-6556-4242-BA88-B63A77989413}

c:\users\dave\AppData\Local\{88A7D8EA-FB67-4AD5-96FA-81CAB303A86F}

c:\users\dave\AppData\Local\{CD8568A4-ED05-4DC2-A3F7-529CB14FDB07}

c:\users\dave\AppData\Local\{9E584186-3DE0-437C-9CA0-7F38344E5D24}

c:\users\dave\AppData\Local\{1883167D-5D9E-476B-B610-0B309FCEF703}

c:\users\dave\AppData\Local\{B57DE986-1B1F-43EF-B28E-21FDEFD43E00}

c:\users\dave\AppData\Local\{D1FB2075-1A69-434C-B486-FD31AAD602E3}

c:\users\dave\AppData\Local\{21A2E46E-0DF5-47E9-8EB0-EB2396473793}

c:\users\dave\AppData\Local\{075C8CE7-7C91-492C-9113-3B1F22586736}

c:\users\dave\AppData\Local\{2B5D6882-BF0A-4877-BD26-4CEE2B5737A5}

c:\users\dave\AppData\Local\{9E0CD4E2-721D-4485-8965-B279F7EEFBBB}

c:\users\dave\AppData\Local\{CB56AE56-9D9C-4EED-A613-487FFAAE475D}

c:\users\dave\AppData\Local\{9D2AB439-1CD7-4CA6-BD0B-835956FF8AA9}

c:\users\dave\AppData\Local\{3658103B-7669-4634-9180-482C08D655EB}

c:\users\dave\AppData\Local\{50B731C8-F11B-493A-A2D4-A3B59214B1CB}

Driver::

aswSnx

aswSP

aswFsBlk

Firefox::

FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\

FF - prefs.js: browser.search.defaulturl -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
daveEHV Vaste Klant

daveEHV

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

hierbij het nieuwe log

ComboFix 11-04-07.08 - dave 08-04-2011 15:18:11.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1679 [GMT 1:00]

Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\dave\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\unins000.exe"

alleen kan ik nu niet meer scrollen met mijn touchpad heb ook al opnieuw opgestart ???

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dave\AppData\Local\{075C8CE7-7C91-492C-9113-3B1F22586736}

c:\users\dave\AppData\Local\{1883167D-5D9E-476B-B610-0B309FCEF703}

c:\users\dave\AppData\Local\{1FCE2FB9-1BFE-406F-86FB-D2D93C2B6CD0}

c:\users\dave\AppData\Local\{21A2E46E-0DF5-47E9-8EB0-EB2396473793}

c:\users\dave\AppData\Local\{2B5D6882-BF0A-4877-BD26-4CEE2B5737A5}

c:\users\dave\AppData\Local\{3658103B-7669-4634-9180-482C08D655EB}

c:\users\dave\AppData\Local\{50B731C8-F11B-493A-A2D4-A3B59214B1CB}

c:\users\dave\AppData\Local\{6A0C1C8A-37DD-43FB-9057-053FFD734D98}

c:\users\dave\AppData\Local\{88A7D8EA-FB67-4AD5-96FA-81CAB303A86F}

c:\users\dave\AppData\Local\{9054F92C-2B11-4808-A828-6B7B717904F7}

c:\users\dave\AppData\Local\{9149657B-D12F-4809-945B-40649089F4BA}

c:\users\dave\AppData\Local\{9D2AB439-1CD7-4CA6-BD0B-835956FF8AA9}

c:\users\dave\AppData\Local\{9E0CD4E2-721D-4485-8965-B279F7EEFBBB}

c:\users\dave\AppData\Local\{9E584186-3DE0-437C-9CA0-7F38344E5D24}

c:\users\dave\AppData\Local\{A9428B6A-8950-42F9-AE7E-5103AFA4584E}

c:\users\dave\AppData\Local\{B57DE986-1B1F-43EF-B28E-21FDEFD43E00}

c:\users\dave\AppData\Local\{B6FC537D-6556-4242-BA88-B63A77989413}

c:\users\dave\AppData\Local\{CB56AE56-9D9C-4EED-A613-487FFAAE475D}

c:\users\dave\AppData\Local\{CD8568A4-ED05-4DC2-A3F7-529CB14FDB07}

c:\users\dave\AppData\Local\{D1FB2075-1A69-434C-B486-FD31AAD602E3}

c:\windows\unins000.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ASWFSBLK

-------\Legacy_ASWSNX

-------\Legacy_ASWSP

-------\Service_aswFsBlk

-------\Service_aswSnx

-------\Service_aswSP

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-08 to 2011-04-08 ))))))))))))))))))))))))))))))

.

.

2011-04-08 14:32 . 2011-04-08 14:41 -------- d-----w- c:\users\dave\AppData\Local\temp

2011-04-08 11:11 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB3C802-24A6-467A-8EF9-593C77DF0C55}\mpengine.dll

2011-04-03 11:50 . 2011-04-08 11:05 -------- d-----w- c:\users\dave\AppData\Roaming\skypePM

2011-04-03 11:47 . 2011-04-08 12:18 -------- d-----w- c:\users\dave\AppData\Roaming\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----w- c:\program files\Common Files\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----r- c:\program files\Skype

2011-04-03 11:46 . 2011-04-03 11:46 -------- d-----w- c:\programdata\Skype

2011-03-28 19:23 . 2011-03-28 19:23 -------- d-----w- c:\windows\Hewlett-Packard

2011-03-24 07:58 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-22 20:41 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll

2011-03-22 20:41 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll

2011-03-22 20:41 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-23 15:04 . 2011-02-03 20:58 40648 ----a-w- c:\windows\avastSS.scr

2011-02-23 15:04 . 2011-02-03 20:58 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-02-23 14:56 . 2011-02-03 20:59 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-02-23 14:55 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-02-23 14:55 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-02-23 14:55 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-23 14:54 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-02-19 17:14 . 2010-09-29 14:34 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2011-02-19 17:14 . 2010-09-29 14:34 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-19 17:14 . 2010-09-29 14:34 2709056 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-19 17:14 . 2010-09-29 14:34 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-19 17:14 . 2010-09-29 14:34 3555328 ----a-w- c:\windows\system32\bcmihvui.dll

2011-02-02 20:40 . 2010-10-05 20:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 17:11 . 2010-10-04 23:52 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-20 16:37 . 2011-02-09 11:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-20 16:08 . 2011-02-09 11:29 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-01-20 16:08 . 2011-02-09 11:29 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-20 16:08 . 2011-02-09 11:29 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-20 16:08 . 2011-02-09 11:29 1029120 ----a-w- c:\windows\system32\d3d10.dll

2011-01-20 16:08 . 2011-02-09 11:29 189952 ----a-w- c:\windows\system32\d3d10core.dll

2011-01-20 16:07 . 2011-02-09 11:29 37376 ----a-w- c:\windows\system32\cdd.dll

2011-01-20 16:07 . 2011-02-09 11:29 258048 ----a-w- c:\windows\system32\winspool.drv

2011-01-20 16:07 . 2011-02-09 11:29 586240 ----a-w- c:\windows\system32\stobject.dll

2011-01-20 16:06 . 2011-02-09 11:29 2873344 ----a-w- c:\windows\system32\mf.dll

2011-01-20 16:06 . 2011-02-09 11:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-01-20 16:04 . 2011-02-09 11:29 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-01-20 16:04 . 2011-02-09 11:29 98816 ----a-w- c:\windows\system32\mfps.dll

2011-01-20 14:28 . 2011-02-09 11:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2011-01-20 14:27 . 2011-02-09 11:29 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-20 14:26 . 2011-02-09 11:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-01-20 14:25 . 2011-02-09 11:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2011-01-20 14:24 . 2011-02-09 11:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-20 14:15 . 2011-02-09 11:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-01-20 14:14 . 2011-02-09 11:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-01-20 14:14 . 2011-02-09 11:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-01-20 14:14 . 2011-02-09 11:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-01-20 14:12 . 2011-02-09 11:29 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-20 14:11 . 2011-02-09 11:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2011-01-20 13:47 . 2011-02-09 11:29 683008 ----a-w- c:\windows\system32\d2d1.dll

2011-01-08 17:11 . 2011-01-08 17:08 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-08 17037704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-05-08 206120]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F1C2.tmp [x]

R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-08 c:\windows\Tasks\HPCeeScheduleFordave.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

.

- - - - ORPHANS VERWIJDERD - - - -

.

AddRemove-Bannco DriverInstaller for X86_is1 - c:\windows\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-08 15:41

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F1C2.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2011-04-08 15:49:45 - machine werd herstart

ComboFix-quarantined-files.txt 2011-04-08 14:49

ComboFix2.txt 2011-04-08 12:43

.

Pre-Run: 214.598.119.424 bytes beschikbaar

Post-Run: 214.143.660.032 bytes beschikbaar

.

- - End Of File - - B5DEC8FAC0E3C5ECBE3FFDC71B1EEFF2

aangepast door daveEHV
Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.