Ga naar inhoud

rootkit verwijderen???


Aanbevolen berichten

Door dat mijn pc vaak blaast was ik gaan kijken voor rootkits. Ik heb het programma Trend Micro Rootkitbuster gebruikt, en tot mijn verbazing werden er 30 stuks gevonden.

Zoals het programma zou moeten werken zou je ze ook kunnen verwijderen en herstarten probleem opgelost. Nu liet ik het nog een keer draaien en de 30 problemen waren gewoon weer terug!?

Zou graag wat hulp willen? Alvast een log van de rootkit buster

+----------------------------------------------------

| Trend Micro RootkitBuster

| Module version: 3.60.0.1016

| Computer Name: PC_VAN_DAVE

| User Name: dave

+----------------------------------------------------

--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--

No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--

[HIDDEN_REGISTRY][Hidden Reg Value]:

KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Recording\Restricted

Root : 0

SubKey : Restricted

ValueName : ccc

Data : 48 E7 E 92 58 B3 13 E6 ...

ValueType : 3

AccessType: 0

FullLength: 0x66

DataSize : 0xc8

1 hidden registry entries found.

--== Dump Hidden Process ==--

No hidden processes found.

--== Dump Hidden Driver ==--

No hidden drivers found.

--== Service Win32 API Hook List ==--

[HOOKED_SERVICE_API]:

Service API : ZwAddBootEntry

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84302ec6

CurrentHandler : 0x91ad9202

ServiceNumber : 0x9

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateEvent

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8425fd37

CurrentHandler : 0x91adb81c

ServiceNumber : 0x3a

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateEventPair

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84308584

CurrentHandler : 0x91adb874

ServiceNumber : 0x3b

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateIoCompletion

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84219907

CurrentHandler : 0x91adb98a

ServiceNumber : 0x3d

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateMutant

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8426d7bc

CurrentHandler : 0x91adb772

ServiceNumber : 0x43

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateSection

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8427ed95

CurrentHandler : 0x91adb8c4

ServiceNumber : 0x4b

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateSemaphore

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84224cc3

CurrentHandler : 0x91adb7c6

ServiceNumber : 0x4c

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwCreateTimer

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84207a9f

CurrentHandler : 0x91adb938

ServiceNumber : 0x4f

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwDeleteBootEntry

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84302ef7

CurrentHandler : 0x91ad9226

ServiceNumber : 0x78

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwLoadDriver

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x841b8dee

CurrentHandler : 0x91ad8ff0

ServiceNumber : 0xa5

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwModifyBootEntry

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x843030c7

CurrentHandler : 0x91ad924a

ServiceNumber : 0xb2

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwNotifyChangeKey

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8420c5d9

CurrentHandler : 0x91adbd82

ServiceNumber : 0xb5

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwNotifyChangeMultipleKeys

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8420ba51

CurrentHandler : 0x91ad9cda

ServiceNumber : 0xb6

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenEvent

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84246d5f

CurrentHandler : 0x91adb84c

ServiceNumber : 0xb8

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenEventPair

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x843086b3

CurrentHandler : 0x91adb89c

ServiceNumber : 0xb9

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenIoCompletion

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x842ba6cd

CurrentHandler : 0x91adb9b4

ServiceNumber : 0xbb

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenMutant

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8425eaf1

CurrentHandler : 0x91adb79e

ServiceNumber : 0xbf

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenSection

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8425e5fd

CurrentHandler : 0x91adb904

ServiceNumber : 0xc5

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenSemaphore

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x841f2ebe

CurrentHandler : 0x91adb7f4

ServiceNumber : 0xc6

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwOpenTimer

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x8430830f

CurrentHandler : 0x91adb962

ServiceNumber : 0xcc

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwQueryObject

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84233343

CurrentHandler : 0x91ad9ba0

ServiceNumber : 0xed

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetBootEntryOrder

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x843037f8

CurrentHandler : 0x91ad926e

ServiceNumber : 0x11f

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetBootOptions

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84303cfa

CurrentHandler : 0x91ad9292

ServiceNumber : 0x120

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetSystemInformation

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84233e83

CurrentHandler : 0x91ad904a

ServiceNumber : 0x13d

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSetSystemPowerState

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x843270a1

CurrentHandler : 0x91ad9186

ServiceNumber : 0x13e

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwShutdownSystem

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x843003a1

CurrentHandler : 0x91ad9162

ServiceNumber : 0x146

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwSystemDebugControl

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x84245e51

CurrentHandler : 0x91ad91aa

ServiceNumber : 0x14c

ModuleName : aswSnx.SYS

SDTType : 0x0

[HOOKED_SERVICE_API]:

Service API : ZwVdmControl

Image Path : C:\Windows\System32\Drivers\aswSnx.SYS

OriginalHandler : 0x842f4ee3

CurrentHandler : 0x91ad92b6

ServiceNumber : 0x15d

ModuleName : aswSnx.SYS

SDTType : 0x0

--== Dump Hidden Port ==--

No hidden ports found.

--== Dump Kernel Code Patching ==--

[KERNEL_CODE][PATCHED]:

Service API : ZwCreateProcessEx

Address : 842DEDAE

CurrentCode : E953EBC50D

ExpectedCode : 6A0C681858

ServiceNumber : 0x49

SDTType : 0x0

1 Kernel code patching found.

--== Dump Hidden Services ==--

No hidden services found.

Link naar reactie
Delen op andere sites

Kape of kweezie wabbit zal je bericht 1 bekijken.

In tussentijd kan je een hijackthis logje posten.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Link naar reactie
Delen op andere sites

hallo hierbij het hijack log

mvg dave

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 0:16:45, on 24-5-2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--

End of file - 9250 bytes

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

hallo kape

hier het combofix log:

ComboFix 11-05-23.02 - dave 24-05-2011 12:26:20.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1836 [GMT 2:00]

Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 ))))))))))))))))))))))))))))))

.

.

2011-05-24 10:51 . 2011-05-24 10:52 -------- d-----w- c:\users\dave\AppData\Local\temp

2011-05-24 10:51 . 2011-05-24 10:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-05-24 10:51 . 2011-05-24 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-24 10:15 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F18F99-7197-49A9-B9F0-4DE3E7AD82FA}\mpengine.dll

2011-05-24 00:12 . 2011-05-24 00:12 -------- d-----w- c:\programdata\Grisoft

2011-05-23 23:54 . 2011-05-23 23:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-05-23 23:35 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-05-23 23:35 . 2011-05-23 23:36 -------- d-----w- c:\program files\SpywareBlaster

2011-05-23 22:44 . 2011-05-24 00:31 -------- d-----w- c:\program files\ewido anti-malware

2011-05-23 22:40 . 2011-05-23 22:41 -------- d-----w- c:\users\dave\AppData\Roaming\GetRightToGo

2011-05-23 22:15 . 2011-05-23 22:15 388096 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-23 22:15 . 2011-05-23 22:15 -------- d-----w- c:\program files\Trend Micro

2011-05-23 14:33 . 2011-05-23 14:33 -------- d-----w- c:\users\dave\AppData\Local\{96250F1B-6D72-4390-BB95-D53A551FF31D}

2011-05-22 22:11 . 2011-04-20 23:35 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll

2011-05-22 22:11 . 2011-04-20 23:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll

2011-05-22 22:11 . 2011-04-20 23:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll

2011-05-22 22:11 . 2011-04-20 23:35 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2011-05-22 22:11 . 2011-04-20 23:35 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll

2011-05-22 19:35 . 2011-05-22 19:35 -------- d-----w- c:\users\dave\AppData\Local\{D03F8755-F6E9-4613-8096-C81158EA3DC5}

2011-05-20 13:46 . 2011-05-20 13:46 -------- d-----w- c:\users\dave\AppData\Local\{0EDE1847-7C28-4418-A4CA-38153067286C}

2011-05-19 16:58 . 2011-05-19 16:59 -------- d-----w- c:\users\dave\AppData\Local\{C2C8AB6C-1929-4FA4-8DA6-4DA4AAB2B27E}

2011-05-18 21:13 . 2011-05-18 21:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-18 21:06 . 2011-05-18 21:06 -------- d-----w- c:\users\dave\AppData\Local\{F58AE18C-FDAF-4123-B18E-D0539DA6328F}

2011-05-16 20:52 . 2011-05-16 20:53 -------- d-----w- c:\users\dave\AppData\Local\{E34F4F97-CCA9-467E-94F3-04780C75E77E}

2011-05-14 15:38 . 2011-05-14 15:38 -------- d-----w- c:\users\dave\AppData\Local\{26D10809-00FC-478A-B643-2E0C68323EDA}

2011-05-13 17:27 . 2011-05-13 17:27 -------- d-----w- c:\users\dave\AppData\Local\{7A5DBCAB-0759-4341-9F9C-5008022FEF4D}

2011-05-13 05:27 . 2011-05-13 05:27 -------- d-----w- c:\users\dave\AppData\Local\DDMSettings

2011-05-13 05:19 . 2011-05-13 05:19 -------- d-----w- c:\users\dave\AppData\Local\{E018D9BC-F432-406F-B71C-6C8439449435}

2011-05-11 21:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-05-11 19:20 . 2011-05-11 19:20 -------- d-----w- c:\users\dave\AppData\Local\{9A117127-41E8-4B6F-9499-71DF81BA2354}

2011-05-10 20:16 . 2011-05-10 20:16 -------- d-----w- c:\users\dave\AppData\Local\{89AE59F0-5CEF-4A16-8D96-B28505CC977D}

2011-05-09 11:25 . 2011-05-09 11:25 -------- d-----w- c:\users\dave\AppData\Local\{69C0B85B-1242-413D-932E-3AA4704B79A9}

2011-05-08 14:07 . 2011-05-08 14:07 -------- d-----w- c:\users\dave\AppData\Local\{80E24024-833E-4F33-8095-C23A945C78B3}

2011-05-05 19:06 . 2011-05-05 19:07 -------- d-----w- c:\users\dave\AppData\Local\{82246EAC-7ACC-45F4-A9A1-7D7A795B92FC}

2011-05-04 13:40 . 2011-05-04 13:40 -------- d-----w- c:\users\dave\AppData\Local\{0F6AD030-40D6-4883-A172-6F39BE8378C6}

2011-05-03 17:12 . 2011-05-03 17:13 -------- d-----w- c:\users\dave\AppData\Local\{67FDE300-9291-4825-8A1A-B869DB511D5B}

2011-05-02 10:34 . 2011-05-02 10:34 -------- d-----w- c:\users\dave\AppData\Local\{7EEE13A3-9750-4C0B-95B2-2D560771E494}

2011-05-01 09:40 . 2011-05-01 09:40 -------- d-----w- c:\users\dave\AppData\Local\{E56DFD2B-2577-4902-AE5D-0DA61D5571DB}

2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\users\dave\AppData\Roaming\QFX Software

2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\programdata\QFX Software

2011-04-30 02:08 . 2011-04-30 02:09 -------- d-----w- c:\users\dave\AppData\Local\{C97A0840-4012-4D40-B3BA-66F185F7F3C2}

2011-04-29 14:08 . 2011-04-29 14:08 -------- d-----w- c:\users\dave\AppData\Local\{517980E0-321D-4D1C-ACDE-22BB9E2E1E76}

2011-04-28 18:53 . 2011-04-28 18:54 -------- d-----w- c:\users\dave\AppData\Local\{5DA76F98-08E0-4A1D-B372-BDD2D70CE9E1}

2011-04-26 21:40 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-04-26 21:40 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-26 21:39 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-26 21:20 . 2011-04-26 21:20 -------- d-----w- c:\users\dave\AppData\Local\Stardock

2011-04-26 19:09 . 2011-04-26 19:10 -------- d-----w- c:\users\dave\AppData\Local\{0417705E-9CF4-4B83-8802-06C58EE32E4F}

2011-04-25 19:21 . 2011-04-25 19:22 -------- d-----w- c:\users\dave\AppData\Local\{2A572BF1-506B-47B0-9890-7295C3275C63}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-10 12:10 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-02-03 20:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-24 22:14 . 2010-10-09 17:48 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-04-17 17:31 . 2011-04-17 17:31 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-17 17:31 . 2011-04-17 17:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-17 17:31 . 2011-04-17 17:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-17 17:31 . 2011-04-17 17:31 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-17 17:31 . 2011-04-17 17:31 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-17 17:31 . 2011-04-17 17:31 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-17 17:31 . 2011-04-17 17:31 367104 ----a-w- c:\windows\system32\html.iec

2011-04-17 17:31 . 2011-04-17 17:31 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-17 17:31 . 2011-04-17 17:31 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-17 17:31 . 2011-04-17 17:31 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-17 17:31 . 2011-04-17 17:31 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-17 17:31 . 2011-04-17 17:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-17 17:31 . 2011-04-17 17:31 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-17 17:31 . 2011-04-17 17:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-17 17:31 . 2011-04-17 17:31 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-17 17:31 . 2011-04-17 17:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-17 17:31 . 2011-04-17 17:31 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-17 17:31 . 2011-04-17 17:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-17 17:31 . 2011-04-17 17:31 101888 ----a-w- c:\windows\system32\admparse.dll

2011-03-10 17:03 . 2011-04-14 17:32 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 17:03 . 2011-04-14 17:32 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-03 15:42 . 2011-04-14 17:32 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 15:40 . 2011-04-26 21:40 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-26 21:40 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-26 21:40 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-26 21:40 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-03-03 13:25 . 2011-04-14 17:32 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 15:44 . 2011-04-14 17:32 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\F1C2.tmp [x]

R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - FSUSBEXDISK

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-08 c:\windows\Tasks\HPCeeScheduleFordave.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-24 12:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\F1C2.tmp"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5600)

c:\windows\System32\SyncCenter.dll

.

Voltooingstijd: 2011-05-24 13:02:22

ComboFix-quarantined-files.txt 2011-05-24 11:02

ComboFix2.txt 2011-04-08 14:49

.

Pre-Run: 213.130.444.800 bytes beschikbaar

Post-Run: 212.363.653.120 bytes beschikbaar

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - FBE5F16E55A9A3713CE9642E0A1CE774

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\F1C2.tmp

Folder::

c:\users\dave\AppData\Local\{96250F1B-6D72-4390-BB95-D53A551FF31D}

c:\users\dave\AppData\Local\{D03F8755-F6E9-4613-8096-C81158EA3DC5}

c:\users\dave\AppData\Local\{0EDE1847-7C28-4418-A4CA-38153067286C}

c:\users\dave\AppData\Local\{C2C8AB6C-1929-4FA4-8DA6-4DA4AAB2B27E}

c:\users\dave\AppData\Local\{F58AE18C-FDAF-4123-B18E-D0539DA6328F}

c:\users\dave\AppData\Local\{E34F4F97-CCA9-467E-94F3-04780C75E77E}

c:\users\dave\AppData\Local\{26D10809-00FC-478A-B643-2E0C68323EDA}

c:\users\dave\AppData\Local\{7A5DBCAB-0759-4341-9F9C-5008022FEF4D}

c:\users\dave\AppData\Local\{E018D9BC-F432-406F-B71C-6C8439449435}

c:\users\dave\AppData\Local\{9A117127-41E8-4B6F-9499-71DF81BA2354}

c:\users\dave\AppData\Local\{89AE59F0-5CEF-4A16-8D96-B28505CC977D}

c:\users\dave\AppData\Local\{69C0B85B-1242-413D-932E-3AA4704B79A9}

c:\users\dave\AppData\Local\{80E24024-833E-4F33-8095-C23A945C78B3}

c:\users\dave\AppData\Local\{82246EAC-7ACC-45F4-A9A1-7D7A795B92FC}

c:\users\dave\AppData\Local\{0F6AD030-40D6-4883-A172-6F39BE8378C6}

c:\users\dave\AppData\Local\{67FDE300-9291-4825-8A1A-B869DB511D5B}

c:\users\dave\AppData\Local\{7EEE13A3-9750-4C0B-95B2-2D560771E494}

c:\users\dave\AppData\Local\{E56DFD2B-2577-4902-AE5D-0DA61D5571DB}

c:\users\dave\AppData\Local\{C97A0840-4012-4D40-B3BA-66F185F7F3C2}

c:\users\dave\AppData\Local\{517980E0-321D-4D1C-ACDE-22BB9E2E1E76}

c:\users\dave\AppData\Local\{5DA76F98-08E0-4A1D-B372-BDD2D70CE9E1}

c:\users\dave\AppData\Local\{0417705E-9CF4-4B83-8802-06C58EE32E4F}

c:\users\dave\AppData\Local\{2A572BF1-506B-47B0-9890-7295C3275C63}

Driver::

MEMSWEEP2

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

hallo kape

hier het logje

ComboFix 11-05-23.02 - dave 24-05-2011 21:34:05.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3038.1869 [GMT 2:00]

Gestart vanuit: c:\users\dave\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\dave\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\F1C2.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dave\AppData\Local\{0417705E-9CF4-4B83-8802-06C58EE32E4F}

c:\users\dave\AppData\Local\{0EDE1847-7C28-4418-A4CA-38153067286C}

c:\users\dave\AppData\Local\{0F6AD030-40D6-4883-A172-6F39BE8378C6}

c:\users\dave\AppData\Local\{26D10809-00FC-478A-B643-2E0C68323EDA}

c:\users\dave\AppData\Local\{2A572BF1-506B-47B0-9890-7295C3275C63}

c:\users\dave\AppData\Local\{517980E0-321D-4D1C-ACDE-22BB9E2E1E76}

c:\users\dave\AppData\Local\{5DA76F98-08E0-4A1D-B372-BDD2D70CE9E1}

c:\users\dave\AppData\Local\{67FDE300-9291-4825-8A1A-B869DB511D5B}

c:\users\dave\AppData\Local\{69C0B85B-1242-413D-932E-3AA4704B79A9}

c:\users\dave\AppData\Local\{7A5DBCAB-0759-4341-9F9C-5008022FEF4D}

c:\users\dave\AppData\Local\{7EEE13A3-9750-4C0B-95B2-2D560771E494}

c:\users\dave\AppData\Local\{80E24024-833E-4F33-8095-C23A945C78B3}

c:\users\dave\AppData\Local\{82246EAC-7ACC-45F4-A9A1-7D7A795B92FC}

c:\users\dave\AppData\Local\{89AE59F0-5CEF-4A16-8D96-B28505CC977D}

c:\users\dave\AppData\Local\{96250F1B-6D72-4390-BB95-D53A551FF31D}

c:\users\dave\AppData\Local\{9A117127-41E8-4B6F-9499-71DF81BA2354}

c:\users\dave\AppData\Local\{C2C8AB6C-1929-4FA4-8DA6-4DA4AAB2B27E}

c:\users\dave\AppData\Local\{C97A0840-4012-4D40-B3BA-66F185F7F3C2}

c:\users\dave\AppData\Local\{D03F8755-F6E9-4613-8096-C81158EA3DC5}

c:\users\dave\AppData\Local\{E018D9BC-F432-406F-B71C-6C8439449435}

c:\users\dave\AppData\Local\{E34F4F97-CCA9-467E-94F3-04780C75E77E}

c:\users\dave\AppData\Local\{E56DFD2B-2577-4902-AE5D-0DA61D5571DB}

c:\users\dave\AppData\Local\{F58AE18C-FDAF-4123-B18E-D0539DA6328F}

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MEMSWEEP2

-------\Service_MEMSWEEP2

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-24 to 2011-05-24 ))))))))))))))))))))))))))))))

.

.

2011-05-24 19:42 . 2011-05-24 19:44 -------- d-----w- c:\users\dave\AppData\Local\temp

2011-05-24 19:42 . 2011-05-24 19:42 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-05-24 19:42 . 2011-05-24 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-24 11:16 . 2011-05-24 11:16 -------- d-----w- c:\users\dave\AppData\Local\{DB6994CF-3B25-4A41-8B46-361739CFB166}

2011-05-24 10:15 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00F18F99-7197-49A9-B9F0-4DE3E7AD82FA}\mpengine.dll

2011-05-24 00:12 . 2011-05-24 00:12 -------- d-----w- c:\programdata\Grisoft

2011-05-23 23:54 . 2011-05-23 23:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-05-23 23:35 . 2010-01-10 17:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-05-23 23:35 . 2011-05-23 23:36 -------- d-----w- c:\program files\SpywareBlaster

2011-05-23 22:44 . 2011-05-24 00:31 -------- d-----w- c:\program files\ewido anti-malware

2011-05-23 22:40 . 2011-05-23 22:41 -------- d-----w- c:\users\dave\AppData\Roaming\GetRightToGo

2011-05-23 22:15 . 2011-05-23 22:15 388096 ----a-r- c:\users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-23 22:15 . 2011-05-23 22:15 -------- d-----w- c:\program files\Trend Micro

2011-05-22 22:11 . 2011-04-20 23:35 66520 ----a-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll

2011-05-22 22:11 . 2011-04-20 23:35 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll

2011-05-22 22:11 . 2011-04-20 23:35 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll

2011-05-22 22:11 . 2011-04-20 23:35 505816 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll

2011-05-22 22:11 . 2011-04-20 23:35 1014232 ----a-w- c:\program files\Mozilla Firefox\js3250.dll

2011-05-18 21:13 . 2011-05-18 21:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-13 05:27 . 2011-05-13 05:27 -------- d-----w- c:\users\dave\AppData\Local\DDMSettings

2011-05-11 21:12 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\users\dave\AppData\Roaming\QFX Software

2011-04-30 03:38 . 2011-04-30 03:38 -------- d-----w- c:\programdata\QFX Software

2011-04-26 21:40 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-04-26 21:40 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-26 21:39 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-26 21:20 . 2011-04-26 21:20 -------- d-----w- c:\users\dave\AppData\Local\Stardock

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-10 12:10 . 2011-02-03 20:58 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 12:10 . 2011-02-03 20:58 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-05-10 12:03 . 2011-03-24 07:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-05-10 12:03 . 2011-02-03 20:59 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-05-10 12:02 . 2011-02-03 20:59 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-05-10 11:59 . 2011-02-03 20:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-05-10 11:59 . 2011-02-03 20:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-05-10 11:59 . 2011-02-03 20:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-24 22:14 . 2010-10-09 17:48 225856 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-04-17 17:31 . 2011-04-17 17:31 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-17 17:31 . 2011-04-17 17:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-17 17:31 . 2011-04-17 17:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-17 17:31 . 2011-04-17 17:31 161792 ----a-w- c:\windows\system32\msls31.dll

2011-04-17 17:31 . 2011-04-17 17:31 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-04-17 17:31 . 2011-04-17 17:31 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-04-17 17:31 . 2011-04-17 17:31 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-04-17 17:31 . 2011-04-17 17:31 367104 ----a-w- c:\windows\system32\html.iec

2011-04-17 17:31 . 2011-04-17 17:31 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-04-17 17:31 . 2011-04-17 17:31 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-17 17:31 . 2011-04-17 17:31 152064 ----a-w- c:\windows\system32\wextract.exe

2011-04-17 17:31 . 2011-04-17 17:31 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-04-17 17:31 . 2011-04-17 17:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-17 17:31 . 2011-04-17 17:31 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-04-17 17:31 . 2011-04-17 17:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-17 17:31 . 2011-04-17 17:31 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-17 17:31 . 2011-04-17 17:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-17 17:31 . 2011-04-17 17:31 11776 ----a-w- c:\windows\system32\mshta.exe

2011-04-17 17:31 . 2011-04-17 17:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-17 17:31 . 2011-04-17 17:31 101888 ----a-w- c:\windows\system32\admparse.dll

2011-03-10 17:03 . 2011-04-14 17:32 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 17:03 . 2011-04-14 17:32 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-09 03:05 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-03 15:42 . 2011-04-14 17:32 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 15:40 . 2011-04-26 21:40 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-26 21:40 542720 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-26 21:40 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-26 21:40 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-03-03 13:25 . 2011-04-14 17:32 2041856 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 15:44 . 2011-04-14 17:32 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]

"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-04 18:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

2008-11-28 16:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-10-10 11:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

2009-05-08 15:32 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 MOUSECONTROLLER;WDF Driver;c:\windows\system32\Drivers\W_MouseCombo.sys [2010-09-06 23680]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/09/29 16:41];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-04-24 225856]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-08 c:\windows\Tasks\HPCeeScheduleFordave.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 10:34]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\1tbnqdss.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-24 21:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\windows\system32\conime.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2011-05-24 21:49:55 - machine werd herstart

ComboFix-quarantined-files.txt 2011-05-24 19:49

ComboFix2.txt 2011-05-24 11:02

ComboFix3.txt 2011-04-08 14:49

.

Pre-Run: 212.385.484.800 bytes beschikbaar

Post-Run: 212.190.584.832 bytes beschikbaar

.

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 3BDFCA35E3480C15C4E43C796DE34D62

Link naar reactie
Delen op andere sites

Uit veiligheidsoverwegingen zou ik de folder manueel ledigen. Alle mappen die gelijkenis vertonen met de eerder verwijderde mappen (de cijfer- en lettercombinaties, dus) mogen weg uit die local-map.

Voor anti-spyware-programma hangt het een beetje af van welk antivirusprogramma te gebruikt. Indien er reeds een antispyware in dit antivirusprogramma aanwezig is, moet je niet noodzakelijk een apart programma downloaden. Om globaal je bescherming te verbeteren kan je best Malwarebytes installeren.

Verder mag je nu de gebruikte tools verwijderen en een cleaning uitvoeren :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.