Ga naar inhoud

Aanbevolen berichten

  • Reacties 26
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Download Blue Screen View.

Start het programma op.

Je zal nu een overzicht krijgen van de laatste foutmeldingen en MInidumps(.dmp-bestand).

Dubbelklik op het .dmp-bestand dat overeenstemt met het tijdstip waarop je het laatste blauwe scherm kreeg.

Je zal nu een overzicht krijgen.

Geef in je volgende bericht de waarde van volgende onderdelen:

  • bug check string
  • bug check code
  • caused by driver
  • de 4 parameters

Als je meerdere .dmp bestanden hebt, geef dan bovenstaande informatie voor de laatste 5. Zet er in dit geval ook de datum en tijd van de crash bij.

Link naar reactie
Delen op andere sites

hier de laatste 5 foutmeldingen

Dump File : Mini082811-02.dmp

Crash Time : 28/08/2011 16:52:50

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x10000050

Parameter 1 : 0xc4602000

Parameter 2 : 0x00000000

Parameter 3 : 0x96a01184

Parameter 4 : 0x00000000

Caused By Driver : FldSafe.sys

Caused By Address : FldSafe.sys+17ba

File Description : Scanner Filter

Product Name : Windows ® Win 7 DDK driver

Company : Windows ® Win 7 DDK provider

File Version : 6.1.7600.16385 built by: WinDDK

Processor : 32-bit

Crash Address : FldSafe.sys+1184

Stack Address 1 : FldSafe.sys+17ba

Stack Address 2 : FldSafe.sys+1872

Stack Address 3 : FldSafe.sys+1a00

Computer Name :

Full Path : C:\Windows\Minidump\Mini082811-02.dmp

Processors Count : 4

Major Version : 15

Minor Version : 6002

Dump File Size : 144.181

==================================================

Dump File : Mini082811-01.dmp

Crash Time : 28/08/2011 13:21:01

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x10000050

Parameter 1 : 0xc114f000

Parameter 2 : 0x00000000

Parameter 3 : 0x95fdd184

Parameter 4 : 0x00000000

Caused By Driver : FldSafe.sys

Caused By Address : FldSafe.sys+17ba

File Description : Scanner Filter

Product Name : Windows ® Win 7 DDK driver

Company : Windows ® Win 7 DDK provider

File Version : 6.1.7600.16385 built by: WinDDK

Processor : 32-bit

Crash Address : FldSafe.sys+1184

Stack Address 1 : FldSafe.sys+17ba

Stack Address 2 : FldSafe.sys+1872

Stack Address 3 : FldSafe.sys+1a00

Computer Name :

Full Path : C:\Windows\Minidump\Mini082811-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 6002

Dump File Size : 144.181

==================================================

Dump File : Mini082711-02.dmp

Crash Time : 27/08/2011 20:47:22

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x10000050

Parameter 1 : 0xbfe82000

Parameter 2 : 0x00000000

Parameter 3 : 0x91325184

Parameter 4 : 0x00000000

Caused By Driver : FldSafe.sys

Caused By Address : FldSafe.sys+17ba

File Description : Scanner Filter

Product Name : Windows ® Win 7 DDK driver

Company : Windows ® Win 7 DDK provider

File Version : 6.1.7600.16385 built by: WinDDK

Processor : 32-bit

Crash Address : FldSafe.sys+1184

Stack Address 1 : FldSafe.sys+17ba

Stack Address 2 : FldSafe.sys+1872

Stack Address 3 : FldSafe.sys+1a00

Computer Name :

Full Path : C:\Windows\Minidump\Mini082711-02.dmp

Processors Count : 4

Major Version : 15

Minor Version : 6002

Dump File Size : 144.181

==================================================

==================================================

Dump File : Mini082711-01.dmp

Crash Time : 27/08/2011 16:31:52

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x10000050

Parameter 1 : 0xc56b4000

Parameter 2 : 0x00000000

Parameter 3 : 0x90d59184

Parameter 4 : 0x00000000

Caused By Driver : FldSafe.sys

Caused By Address : FldSafe.sys+17ba

File Description : Scanner Filter

Product Name : Windows ® Win 7 DDK driver

Company : Windows ® Win 7 DDK provider

File Version : 6.1.7600.16385 built by: WinDDK

Processor : 32-bit

Crash Address : FldSafe.sys+1184

Stack Address 1 : FldSafe.sys+17ba

Stack Address 2 : FldSafe.sys+1872

Stack Address 3 : FldSafe.sys+1a00

Computer Name :

Full Path : C:\Windows\Minidump\Mini082711-01.dmp

Processors Count : 4

Major Version : 15

Minor Version : 6002

Dump File Size : 144.181

==================================================

Dump File : Mini082611-02.dmp

Crash Time : 26/08/2011 21:02:39

Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA

Bug Check Code : 0x10000050

Parameter 1 : 0xe8a0b000

Parameter 2 : 0x00000000

Parameter 3 : 0x92304184

Parameter 4 : 0x00000000

Caused By Driver : FldSafe.sys

Caused By Address : FldSafe.sys+17ba

File Description : Scanner Filter

Product Name : Windows ® Win 7 DDK driver

Company : Windows ® Win 7 DDK provider

File Version : 6.1.7600.16385 built by: WinDDK

Processor : 32-bit

Crash Address : FldSafe.sys+1184

Stack Address 1 : FldSafe.sys+17ba

Stack Address 2 : FldSafe.sys+1872

Stack Address 3 : FldSafe.sys+1a00

Computer Name :

Full Path : C:\Windows\Minidump\Mini082611-02.dmp

Processors Count : 4

Major Version : 15

Minor Version : 6002

Dump File Size : 144.213

==================================================

Link naar reactie
Delen op andere sites

Fldsafe.sys wordt regelmatig genoemd i.v.m. malware infecties. Ik vraag onze experten om even na te kijken. kan je ondertussen al even het volgende doen :

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.


2. Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Bijlage 12634)

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.


3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:47:46, on 30/08/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Winstep\Nexus.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Logitech\Z Cinema\Z Cinema.exe

C:\WINDOWS\System32\rundll32.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Uniblue\PowerSuite\powersuite.exe

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart

O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Z Cinema.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--

End of file - 9194 bytes

Link naar reactie
Delen op andere sites

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Winstep Xtreme Service"

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Winstep Xtreme Service"

Druk op Enter.

Start Hijackthis op. Ben je gebruiker van Vista of windows 7, klik dan met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... Dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Databaseversie: 7609

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

30/08/2011 15:06:26

mbam-log-2011-08-30 (15-06-26).txt

Scantype: Volledige scan (C:\|D:\|L:\|)

Objecten gescand: 402619

Verstreken tijd: 1 uur/uren, 24 minuut/minuten, 26 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:16:14, on 30/08/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Winstep\Nexus.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Logitech\Z Cinema\Z Cinema.exe

C:\WINDOWS\System32\rundll32.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Uniblue\PowerSuite\powersuite.exe

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [Nexus] C:\Program Files\Winstep\Nexus.exe autostart

O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Z Cinema.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)

--

End of file - 8817 bytes

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

  • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier
    Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
    **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
  • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Link naar reactie
Delen op andere sites

ComboFix 11-08-30.01 - Walter 30/08/2011 16:34:30.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3071.1499 [GMT 2:00]

Gestart vanuit: c:\users\Walter\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

D:\resycled

L:\autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-28 to 2011-08-30 ))))))))))))))))))))))))))))))

.

.

2011-08-30 14:43 . 2011-08-30 14:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2011-08-30 14:43 . 2011-08-30 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-29 20:47 . 2011-08-29 20:47 388096 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-29 20:47 . 2011-08-29 20:47 -------- d-----w- c:\program files\Trend Micro

2011-08-28 17:03 . 2011-08-28 17:03 -------- d-----w- c:\program files\iPod

2011-08-28 17:03 . 2011-08-28 17:03 -------- d-----w- c:\program files\iTunes

2011-08-28 13:38 . 2011-08-28 13:38 -------- d-----w- c:\program files\NirSoft

2011-08-24 11:43 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\users\Walter\AppData\Roaming\Malwarebytes

2011-08-18 22:01 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 22:01 . 2011-08-18 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 22:01 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 12:02 . 2011-08-15 12:02 -------- d-----w- c:\program files\MSBuild

2011-08-15 11:59 . 2011-08-15 11:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-08-14 11:16 . 2011-08-14 11:15 8192 ----a-w- c:\windows\system32\srvany.exe

2011-08-12 22:19 . 2011-08-12 22:19 10240 ----a-w- c:\windows\system32\drivers\FldSafe.sys

2011-08-12 22:19 . 2011-08-12 22:19 -------- d-----w- c:\program files\FolderDefence

2011-08-10 13:27 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-10 13:27 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 13:27 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-10 13:27 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 13:27 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 13:27 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-15 11:54 . 2011-07-13 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-10 13:15 . 2011-07-13 19:56 952 --sha-w- c:\programdata\KGyGaAvL.sys

2011-07-30 20:32 . 2011-07-13 09:46 6656 ----a-w- c:\windows\system32\lpcio.dll

2011-07-22 16:13 . 2011-07-22 16:13 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-19 09:16 . 2011-07-19 09:16 717296 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-07-14 13:18 . 2011-07-14 13:18 345328 ----a-w- c:\windows\system32\SRSTSXT.dll

2011-07-14 13:18 . 2011-07-14 13:18 1829992 ----a-w- c:\windows\system32\RtkPgExt.dll

2011-07-14 13:18 . 2011-07-14 13:18 140528 ----a-w- c:\windows\system32\SRSWOW.dll

2011-07-14 13:18 . 2011-07-14 13:18 367208 ----a-w- c:\windows\system32\RtkApoApi.dll

2011-07-14 13:18 . 2011-07-12 00:03 141928 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE

2011-07-14 13:18 . 2011-07-12 00:02 64616 ----a-w- c:\windows\system32\RtkCoInst.dll

2011-07-14 13:18 . 2011-07-14 13:18 76488 ----a-w- c:\windows\system32\RTEEL32A.dll

2011-07-14 13:18 . 2011-07-14 13:18 62664 ----a-w- c:\windows\system32\RTEEG32A.dll

2011-07-14 13:18 . 2011-07-14 13:18 357576 ----a-w- c:\windows\system32\RTEEP32A.dll

2011-07-14 13:18 . 2011-07-14 13:18 3154920 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2011-07-14 13:18 . 2011-07-14 13:18 293584 ----a-w- c:\windows\system32\RP3DHT32.dll

2011-07-14 13:18 . 2011-07-14 13:18 293584 ----a-w- c:\windows\system32\RP3DAA32.dll

2011-07-14 13:18 . 2011-07-14 13:18 168648 ----a-w- c:\windows\system32\RTEED32A.dll

2011-07-14 13:18 . 2011-07-14 13:18 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl

2011-07-14 13:18 . 2011-07-12 00:02 3604584 ----a-w- c:\windows\system32\RtkAPO.dll

2011-07-14 13:18 . 2011-07-14 13:18 96160 ----a-w- c:\windows\system32\AERTARen.dll

2011-07-14 13:18 . 2011-07-14 13:18 299424 ----a-w- c:\windows\system32\FMAPO.dll

2011-07-14 13:18 . 2011-07-14 13:18 175200 ----a-w- c:\windows\system32\AERTACap.dll

2011-07-14 13:13 . 2011-07-14 13:13 1426304 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys

2011-07-14 13:13 . 2011-07-14 13:13 140800 ----a-w- c:\windows\system32\hcw85enc.ax

2011-07-14 13:13 . 2011-07-14 13:13 115712 ----a-w- c:\windows\system32\hcw85prop.ax

2011-07-14 12:58 . 2011-07-14 12:58 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll

2011-07-14 12:58 . 2011-07-14 12:58 313960 ----a-w- c:\windows\system32\RtsUStor.dll

2011-07-14 12:58 . 2011-07-14 12:58 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys

2011-07-12 19:35 . 2011-07-12 19:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-12 12:40 . 2011-07-12 12:40 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-07-12 12:40 . 2011-07-12 12:40 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-07-12 12:40 . 2011-07-12 12:40 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-07-12 12:40 . 2011-07-12 12:40 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-07-12 12:40 . 2011-07-12 12:40 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-07-12 12:40 . 2011-07-12 12:40 367104 ----a-w- c:\windows\system32\html.iec

2011-07-12 12:40 . 2011-07-12 12:40 161792 ----a-w- c:\windows\system32\msls31.dll

2011-07-12 12:40 . 2011-07-12 12:40 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-07-12 12:40 . 2011-07-12 12:40 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-07-12 12:40 . 2011-07-12 12:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-07-12 12:40 . 2011-07-12 12:40 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-07-12 12:40 . 2011-07-12 12:40 152064 ----a-w- c:\windows\system32\wextract.exe

2011-07-12 12:40 . 2011-07-12 12:40 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-07-12 12:40 . 2011-07-12 12:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-07-12 12:40 . 2011-07-12 12:40 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-07-12 12:40 . 2011-07-12 12:40 11776 ----a-w- c:\windows\system32\mshta.exe

2011-07-12 12:40 . 2011-07-12 12:40 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-07-12 12:40 . 2011-07-12 12:40 101888 ----a-w- c:\windows\system32\admparse.dll

2011-07-12 12:39 . 2011-07-12 12:39 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-07-12 12:39 . 2011-07-12 12:39 98816 ----a-w- c:\windows\system32\mfps.dll

2011-07-12 12:39 . 2011-07-12 12:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-07-12 12:39 . 2011-07-12 12:39 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-07-12 12:39 . 2011-07-12 12:39 2873344 ----a-w- c:\windows\system32\mf.dll

2011-07-12 12:39 . 2011-07-12 12:39 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-07-12 12:39 . 2011-07-12 12:39 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-07-12 12:39 . 2011-07-12 12:39 586240 ----a-w- c:\windows\system32\stobject.dll

2011-07-12 12:39 . 2011-07-12 12:39 478720 ----a-w- c:\windows\system32\dxgi.dll

2011-07-12 12:39 . 2011-07-12 12:39 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-07-12 12:39 . 2011-07-12 12:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-07-12 12:39 . 2011-07-12 12:39 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-07-12 12:39 . 2011-07-12 12:39 37376 ----a-w- c:\windows\system32\cdd.dll

2011-07-12 12:39 . 2011-07-12 12:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-07-12 12:39 . 2011-07-12 12:39 258048 ----a-w- c:\windows\system32\winspool.drv

2011-07-12 12:38 . 2011-07-12 12:38 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui

2011-07-12 12:38 . 2011-07-12 12:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-07-12 12:38 . 2011-07-12 12:38 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-07-12 12:38 . 2011-07-12 12:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-07-12 12:38 . 2011-07-12 12:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-07-12 12:38 . 2011-07-12 12:38 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-07-12 12:38 . 2011-07-12 12:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-07-12 12:38 . 2011-07-12 12:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 00:02 . 2007-09-12 19:22 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-07-11 23:14 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-07-11 23:14 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2011-07-11 22:02 . 2011-07-11 22:02 81920 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut2_6DD9963C271A4A1482B04DC148C52E58_2.exe

2011-07-11 22:02 . 2011-07-11 22:02 81920 ----a-r- c:\users\Walter\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut1_6DD9963C271A4A1482B04DC148C52E58_2.exe

2011-07-11 22:02 . 2011-07-11 22:02 377344 ----a-w- c:\windows\system32\winhttp.dll

2011-07-11 21:59 . 2011-07-11 21:59 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll

2011-07-11 21:59 . 2011-07-11 21:59 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll

2011-07-11 21:59 . 2011-07-11 21:59 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll

2011-07-11 21:59 . 2011-07-11 21:59 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll

2011-07-11 21:59 . 2011-07-11 21:59 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll

2011-07-11 21:59 . 2011-07-11 21:59 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll

2011-07-11 21:59 . 2011-07-11 21:59 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll

2011-07-11 21:59 . 2011-07-11 21:59 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll

2011-07-11 21:59 . 2011-07-11 21:59 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll

2011-07-11 21:59 . 2011-07-11 21:59 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll

2011-07-11 21:59 . 2011-07-11 21:59 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll

2011-07-11 21:59 . 2011-07-11 21:59 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll

2011-07-11 21:59 . 2011-07-11 21:59 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll

2011-07-11 21:59 . 2011-07-11 21:59 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll

2011-07-11 21:59 . 2011-07-11 21:59 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll

2011-07-11 21:59 . 2011-07-11 21:59 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll

2011-07-11 21:59 . 2011-07-11 21:59 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll

2011-07-11 21:59 . 2011-07-11 21:59 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll

2011-07-11 21:59 . 2011-07-11 21:59 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll

2011-06-16 04:50 . 2011-07-11 21:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"Nexus"="c:\program files\Winstep\Nexus.exe" [2011-07-05 13283456]

"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2011-01-27 67448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CCUTRAYICON"="FactoryMode" [X]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

.

c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Z Cinema.lnk - c:\users\Walter\AppData\Roaming\Microsoft\Installer\{3D1A8E16-10A6-43E0-90BE-0A0474A637A7}\NewShortcut1_3D1A8E1610A643E090BE0A0474A637A7.exe [2011-7-11 172032]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"PromptOnSecureDesktop"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]

path=c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk

backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Walter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk]

path=c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]

2008-08-08 15:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]

2009-06-22 23:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-24 06:33 240112 ----a-w- c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-08-14 8192]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-01 21488]

S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-01 15856]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-19 717296]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-22 233024]

S1 FldSafe;FldSafe;c:\windows\system32\DRIVERS\FldSafe.sys [2011-08-12 10240]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110828.030\IDSvix86.sys [2011-08-22 368248]

S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-01 25584]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]

S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2011-07-14 1426304]

S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-14 197224]

S3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2007-08-22 18448]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Walter\AppData\Roaming\Mozilla\Firefox\Profiles\w1mii9uh.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.bnpparibasfortis.be/private/Start.asp

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe

MSConfigStartUp-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-08-30 16:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]

"ImagePath"="c:\program files\Winstep\WsxService"

.

Voltooingstijd: 2011-08-30 16:46:35

ComboFix-quarantined-files.txt 2011-08-30 14:46

.

Pre-Run: 308.488.114.176 bytes beschikbaar

Post-Run: 308.499.308.544 bytes beschikbaar

.

- - End Of File - - 6D9193FE7DC3C38698F2B6A935B5C83D

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.