Ga naar inhoud

probleem met AGSearcHooh class invoegtoepassingen


Aanbevolen berichten

ComboFix 12-01-05.01 - HP_Eigenaar 07/01/2012 12:08:37.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.446.161 [GMT 1:00]

Gestart vanuit: c:\documents and settings\HP_Eigenaar\Bureaublad\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84371514-FFA4-00EB-0D24-347CA8A3377C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))

.

.

2012-01-06 23:19 . 2012-01-07 10:57 -------- d--h--r- c:\documents and settings\HP_Eigenaar\Onlangs geopend

2012-01-04 23:04 . 2012-01-04 23:04 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-03 22:07 . 2012-01-03 22:07 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Malwarebytes

2012-01-03 22:06 . 2012-01-03 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-27 22:53 . 2012-01-04 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-30 21:44 . 2009-05-15 08:46 32608 ----a-w- c:\windows\king-uninstall.exe

2011-12-02 11:56 . 2011-12-02 11:54 1870 ----a-w- C:\FixitRegBackup.reg

2011-11-28 18:01 . 2011-11-23 16:06 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-11-23 16:06 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:53 . 2011-11-23 16:06 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-11-23 16:06 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-11-23 16:06 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-11-23 16:06 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-11-23 16:06 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2011-11-23 16:06 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2011-11-23 16:06 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2011-11-23 16:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-11-23 14:40 . 2004-08-04 04:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-14 08:42 . 2011-05-14 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 04:54 . 2010-04-29 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2011-05-02 08:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:13 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-02 21:46 . 2011-11-02 21:46 388096 ----a-r- c:\documents and settings\HP_Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-01 16:07 . 2004-08-04 04:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2004-08-04 11:00 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:50 . 2004-08-04 04:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-18 11:13 . 2004-08-04 04:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-04 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2007-06-09 16:03 . 2007-06-09 16:03 774144 ----a-w- c:\program files\RngInterstitial.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-05_14.00.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-07 09:44 . 2012-01-07 09:44 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-12 161336]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\documents and settings\marylou\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-30 27136]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-30 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Raptr\\raptr.exe"=

"c:\\Program Files\\Raptr\\raptr_im.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/11/2011 17:06 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/11/2011 17:06 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/11/2011 17:06 20568]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21/10/2010 13:44 189064]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [10/10/2011 10:08 1318536]

S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [30/05/2006 6:18 468768]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 09:19]

.

2012-01-06 c:\windows\Tasks\User_Feed_Synchronization-{1A2B542F-36FB-4BEC-9D01-3C679AD3C858}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/embed/hpsu/survey

TCP: DhcpNameServer = 195.130.130.132 195.130.131.132

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-07 12:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(580)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1088)

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-01-07 12:21:12

ComboFix-quarantined-files.txt 2012-01-07 11:21

ComboFix2.txt 2012-01-05 14:04

.

Pre-Run: 220.247.261.184 bytes beschikbaar

Post-Run: 220.235.534.336 bytes beschikbaar

.

- - End Of File - - 38F38C6FAEBCD4D2661C84FBDC8116BD

---------- Post toegevoegd om 12:27 ---------- Vorige post was om 12:24 ----------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:26:34, on 7/01/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Fighters\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fighters\sfagent.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP Software Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe

O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mary1950.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mary1950.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 7125 bytes

---------- Post toegevoegd om 12:32 ---------- Vorige post was om 12:27 ----------

ook zie ik staan Lavasoft AD-Aware heb ik vroeger ook gehad ik zie nu pas

Link naar reactie
Delen op andere sites

  • Reacties 101
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "Application Updater" en druk op Enter.

Tik in: sc delete "Application Updater" en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Maak dan een nieuw logje met hijackthis.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:07:10, on 7/01/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Fighters\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Fighters\sfagent.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP Software Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe

O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mary1950.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mary1950.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 7185 bytes

Link naar reactie
Delen op andere sites

Open een nieuw kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Application Updater\ApplicationUpdater.exe

c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys

Folder::

c:\program files\Lavasoft\

Driver::

Lavasoft Kernexplorer

Sla dit bestand op je bureaublad op als CFScript

Sleep CFScript.txt op het icoon van ComboFix.exe en laat het dan los

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

ComboFix 12-01-05.01 - HP_Eigenaar 08/01/2012 12:59:02.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.446.182 [GMT 1:00]

Gestart vanuit: c:\documents and settings\HP_Eigenaar\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\HP_Eigenaar\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {84371514-FFA4-00EB-0D24-347CA8A3377C}

FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

FILE ::

"c:\program files\Application Updater\ApplicationUpdater.exe"

"c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_LAVASOFT_KERNEXPLORER

-------\Service_Lavasoft Kernexplorer

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-08 to 2012-01-08 ))))))))))))))))))))))))))))))

.

.

2012-01-07 15:56 . 2012-01-08 11:50 -------- d--h--r- c:\documents and settings\HP_Eigenaar\Onlangs geopend

2012-01-04 23:04 . 2012-01-04 23:04 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-03 22:07 . 2012-01-03 22:07 -------- d-----w- c:\documents and settings\HP_Eigenaar\Application Data\Malwarebytes

2012-01-03 22:06 . 2012-01-03 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-27 22:53 . 2012-01-04 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-30 21:44 . 2009-05-15 08:46 32608 ----a-w- c:\windows\king-uninstall.exe

2011-12-02 11:56 . 2011-12-02 11:54 1870 ----a-w- C:\FixitRegBackup.reg

2011-11-28 18:01 . 2011-11-23 16:06 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-11-23 16:06 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:53 . 2011-11-23 16:06 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-11-23 16:06 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-11-23 16:06 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-11-23 16:06 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-11-23 16:06 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2011-11-23 16:06 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2011-11-23 16:06 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2011-11-23 16:06 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-11-23 14:40 . 2004-08-04 04:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-14 08:42 . 2011-05-14 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 04:54 . 2010-04-29 17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2011-05-02 08:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:13 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2004-08-04 04:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-02 21:46 . 2011-11-02 21:46 388096 ----a-r- c:\documents and settings\HP_Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-01 16:07 . 2004-08-04 04:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:32 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2004-08-04 11:00 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-26 10:50 . 2004-08-04 04:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-18 11:13 . 2004-08-04 04:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2004-08-04 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll

2007-06-09 16:03 . 2007-06-09 16:03 774144 ----a-w- c:\program files\RngInterstitial.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-05_14.00.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-08 12:11 . 2012-01-08 12:11 16384 c:\windows\Temp\Perflib_Perfdata_148.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-12 161336]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\documents and settings\marylou\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-30 27136]

.

c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-30 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Raptr\\raptr.exe"=

"c:\\Program Files\\Raptr\\raptr_im.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/11/2011 17:06 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/11/2011 17:06 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/11/2011 17:06 20568]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21/10/2010 13:44 189064]

R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [10/10/2011 10:08 1318536]

S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [30/05/2006 6:18 468768]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 09:19]

.

2012-01-07 c:\windows\Tasks\User_Feed_Synchronization-{1A2B542F-36FB-4BEC-9D01-3C679AD3C858}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_BE&c=63&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/embed/hpsu/survey

TCP: DhcpNameServer = 195.130.130.132 195.130.131.132

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-08 13:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(592)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2832)

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-08 13:19:37 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-08 12:19

ComboFix2.txt 2012-01-07 11:21

ComboFix3.txt 2012-01-05 14:04

.

Pre-Run: 220.202.123.264 bytes beschikbaar

Post-Run: 220.032.491.520 bytes beschikbaar

.

- - End Of File - - 64A7E595F337BBC90D7036033864D325

er word nog altijd gezegt : de hoger vermelde real time scanner's zijn nog steeds actief

Avira AntiVir Personal Edition class

---------- Post toegevoegd om 13:27 ---------- Vorige post was om 13:24 ----------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:27:25, on 8/01/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Fighters\sfagent.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Fighters\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fighters\FighterSuiteService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP Software Update

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe

O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mary1950.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mary1950.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Application Updater - Unknown owner - C:\Program Files\Application Updater\ApplicationUpdater.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe

O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 7155 bytes

Link naar reactie
Delen op andere sites

deze heb ik gekregen van iemand die zegt dat je hiermee AGSearcHook kan verwijderen Maar ik begrijp hier niks van

engels is niet mijn sterkste kant wil je eens kijken michien is dit oplossing aub

Method 1.

That's right it is associated with webshots, I may need to check in the Programs under control panel if this software or its toolbar is installed.

Uninstall or change a program

Uninstall or change a program

One of the community users "Sassydeb" resolved this issue by uninstall the webshots software.

Here is the link.

Internet Explore 8 Won't Open - Microsoft Answers

Method 2.

a. If you suspect any virus activity I would strongly recommend you to run the Virus Scan.

I would recommend you to run online Virus Scan to remove any infections, if present.

Follow the link below to run the free online scan:

Windows Live OneCare

b. Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.

Links to download this tool.

Microsoft Malicious Removal Tool - 32 bit

Download: Windows Malicious Software Removal Tool - Microsoft Download Center - Download Details

Microsoft Malicious Removal Tool - 64 bit

Download: Windows Malicious Software Removal Tool x64 - Microsoft Download Center - Download Details

Method 3.

If the issue still exists I would ask you to perform a clean boot to find with which program this file is associated.

How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

Note: Make sure once the troubleshooting is over you set the computer to normal startup as mentioned and explained in the article above.

Hope this helps.


Link naar reactie
Delen op andere sites

Dat gaat over een aantal mogelijkheden die we al (tevergeefs) hebben uitgevoerd en over een programma dat verwijderd werd waardoor hetr probleem werd opgelost, maar jij hebt dat programma niet en dat is dus niet van toepassing.

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "Application Updater" en druk op Enter.

Noteer de melding die op het scherm komt na deze actie.

Tik in: sc delete "Application Updater" en druk op Enter.

Noteer de melding die op het scherm komt na deze actie.

Tik in exit en druk Enter.

Plaats nu de reacties die je hebt genoteerd; eerst deze op de Stop en dan die op de delete.

aangepast door kweezie wabbit
Link naar reactie
Delen op andere sites

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop "Application Updater" en druk op Enter.

Dit is een instructie die windows moet uitvoeren. Hierop geeft windows een reactie over hoe de opdracht verlopen is.

bvb "toegang geweigerd" of "access denied" of "service stopped" of service gestopt" of een andere melding.

Schrijf deze melding op een stuk papier.

Tik in: sc delete "Application Updater" en druk op Enter.

Schrijf ook hiervan de melding op.

Typ dan de opgeschreven meldingen in het tekstvak om te reageren op een forumbericht.

1. de eerste melding die je hebt opgeschreven.

2. de tweede melding die je hebt opgeschreven.

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.