Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo,

Mijn broertje heeft op zijn laptop (Windows Vista) de laatste tijd vreselijk veel last van pop-ups, zelfs als hij er niets op doet. Ik heb hier alvast een HijackThis logje:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:44:59, on 6/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Xfire\Xfire.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Kieke\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9550 bytes

Ik hoop dat jullie mij kunnen helpen, alvast bedankt.

Geplaatst:

Download Combofix en zet het op je Bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang het log van Combofix en een nieuw log van HJT aan je volgende bericht.

Geplaatst:

Hallo,

Hier is het logje van HJT:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:55:34, on 6/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Xfire\Xfire.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Kieke\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8790 bytes

En hier dat van Combofix:

ComboFix 08-04-04.1 - Kieke 2008-04-06 19:22:25.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1043.18.373 [GMT 2:00]

Gestart vanuit: C:\Users\Kieke\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\x64

C:\Windows\system32\drivers\core.cache.dsk . . . . konden niet verwijderd worden

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))

.

Geen nieuwe bestanden aangemaakt in deze periode

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-05 18:01 --------- d-----w C:\ProgramData\Xfire

2008-03-31 20:39 --------- d-----w C:\Program Files\Windows Live

2008-03-31 20:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-31 20:34 --------- d-----w C:\ProgramData\WLInstaller

2008-03-30 14:35 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-30 14:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0

2008-03-30 14:23 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-30 13:58 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner

2008-03-30 13:53 --------- d-----w C:\Program Files\Defraggler

2008-03-28 19:08 --------- d-----w C:\Users\Kieke\AppData\Roaming\LimeWire

2008-03-24 07:00 --------- d-----w C:\ProgramData\Avg7

2008-03-18 16:31 --------- d-s---w C:\Program Files\Xfire

2008-03-18 16:31 --------- d-----w C:\Users\Kieke\AppData\Roaming\Xfire

2008-03-13 23:06 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-03-13 17:43 --------- d-----w C:\Program Files\Windows Mail

2008-03-13 17:27 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys

2008-03-12 16:13 --------- d-----w C:\Program Files\TOPCOM

2008-03-12 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-23 14:11 --------- d-----w C:\Program Files\NHN USA

2008-02-23 12:27 --------- d-----w C:\Program Files\MAIET

2008-02-22 21:50 --------- d-----w C:\ProgramData\Pure Networks

2008-02-22 21:25 --------- d-----w C:\Users\Kieke\AppData\Roaming\BitTorrent DNA

2008-02-18 15:53 --------- d-----w C:\Users\Kieke\AppData\Roaming\AVG7

2008-02-17 19:36 --------- d-----w C:\ProgramData\Apple Computer

2008-02-17 19:25 --------- d-----w C:\Program Files\DVD Shrink

2008-02-17 14:24 9,216 ----a-w C:\Windows\System32\avgwlntf.dll

2008-02-17 14:24 --------- d-----w C:\ProgramData\Grisoft

2008-02-17 14:12 86,144 ----a-w C:\Windows\system32\drivers\tdxx.sys

2008-02-17 14:12 167,545 ----a-w C:\Windows\system32\drivers\core.cache.dsk

2008-02-13 18:10 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-02-12 20:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-12 20:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-12 20:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-12 20:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-12 20:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-12 20:51 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys

2008-02-12 20:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-12 20:51 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-12 20:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-12 20:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-12 20:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-12 20:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-12 20:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-12 20:50 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-12 20:50 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-12 20:50 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-12 20:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-12 20:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-12 20:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-12 20:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-12 20:50 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-12 20:47 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-12 20:47 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-12 20:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-12 20:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-10 17:53 --------- d-----w C:\Program Files\Lavalys

2008-02-08 19:31 --------- d-----w C:\Users\Kieke\AppData\Roaming\Grisoft

2008-01-25 17:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll

2008-01-16 17:25 679,936 ----a-w C:\Windows\System32\ijjiSetup.exe

2008-01-13 21:47 12,632 ----a-w C:\Windows\System32\lsdelete.exe

2008-01-10 16:50 88,576 ----a-w C:\Windows\System32\infocardapi.dll

2008-01-10 16:50 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll

2008-01-10 16:50 579,584 ----a-w C:\Windows\System32\icardagt.exe

2008-01-10 16:50 350,744 ----a-w C:\Windows\System32\PresentationHost.exe

2008-01-10 16:50 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll

2008-01-10 16:50 11,776 ----a-w C:\Windows\System32\icardres.dll

2008-01-10 16:50 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2008-01-10 16:40 96,760 ----a-w C:\Windows\System32\dfshim.dll

2008-01-10 16:40 84,480 ----a-w C:\Windows\System32\mscories.dll

2008-01-10 16:40 41,984 ----a-w C:\Windows\System32\netfxperf.dll

2008-01-10 16:40 282,112 ----a-w C:\Windows\System32\mscoree.dll

2008-01-10 16:40 158,720 ----a-w C:\Windows\System32\mscorier.dll

2008-01-09 17:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2007-08-31 22:08 174 --sha-w C:\Program Files\desktop.ini

2007-12-09 12:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-12-09 12:32 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-12-09 12:32 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

2007-06-24 16:41 22 --sha-w C:\Windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:21 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-24 19:32 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 10:32 472800]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-10 08:00 77824]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 10:19 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 10:18 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 10:18 133656]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 16:28 579072]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 16:28 219136]

C:\Users\Kieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-03-14 01:06:18 2979664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2008-02-17 16:24 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"=

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

backup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-27 17:47 286016 C:\Users\Kieke\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C1DF7724-1FFC-4FDB-8C18-FB28B78E6C2C}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{193D5E4C-E2ED-41DC-97C7-3F883ABC2596}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP

"{45960047-2328-4A4D-83BB-2FB5C3C59A4E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{DF3616AD-217E-40D3-9BD7-F39B49C448FA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{B9074523-D9EA-4F35-A8F2-905ECD202830}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{BE7E395C-7461-46F8-AA58-F2BEE438E2DB}"= UDP:C:\Program Files\Codemasters\Archlord\Archlord.exe:Archlord

"{009E491E-32FA-4630-AB06-080C7FA0A11F}"= TCP:C:\Program Files\Codemasters\Archlord\Archlord.exe:Archlord

"{3E4852A8-F29C-4355-9A6E-AA0B206C3F3A}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"{40FDC19C-A12C-4160-AF31-3468519379C6}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"TCP Query User{0B64FFCF-9AE4-443A-9DF3-8D3E90888A74}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent

"UDP Query User{F80FE924-CABF-447C-AE25-796D53A43E61}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent

"TCP Query User{FA69E1E8-9B0F-41E0-997C-2779D10E803F}C:\\users\\kieke\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\kieke\program files\bittorrent\bittorrent.exe:bittorrent.exe

"UDP Query User{8BC431BD-B105-4AEF-8587-70C6E673BEA9}C:\\users\\kieke\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\kieke\program files\bittorrent\bittorrent.exe:bittorrent.exe

"TCP Query User{470EABCC-9B4A-4D7A-9D34-8FAA26BAE4AE}C:\\users\\sven\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\sven\program files\bittorrent\bittorrent.exe:bittorrent.exe

"UDP Query User{E966B23D-8723-4D70-BE03-31459DAB8ACB}C:\\users\\sven\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\sven\program files\bittorrent\bittorrent.exe:bittorrent.exe

"TCP Query User{8B13F084-D477-439C-B55A-0D0237DE4E66}C:\\users\\kieke\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\kieke\program files\bittorrent\bittorrent.exe:bittorrent.exe

"UDP Query User{8A642E92-3939-427D-A317-CA7D93052F46}C:\\users\\kieke\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\kieke\program files\bittorrent\bittorrent.exe:bittorrent.exe

"TCP Query User{0C4BFD04-ED3D-4CC3-A714-7152F1379ECD}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{8DE7CD3D-DDE2-4B76-B879-E4BD0898A998}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{603AABC3-B9E2-4843-B3B9-AB123B76DCA7}C:\\ijji\\english\\gunz\\gunz.exe"= UDP:C:\ijji\english\gunz\gunz.exe:Gunz

"UDP Query User{34E8084E-FF85-4AB2-AC7B-481BCC90257F}C:\\ijji\\english\\gunz\\gunz.exe"= TCP:C:\ijji\english\gunz\gunz.exe:Gunz

"TCP Query User{46F4B12D-04C0-4A66-96D9-29E50E5EF106}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{6A8D033E-3584-40DD-A727-306457475C4B}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{6467E73A-ACF7-4652-97D3-4EC5B930813F}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"UDP Query User{2527C549-EAB1-4EFF-9A42-B8BA98B48954}C:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:C:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher

"{B104E094-575D-4C94-9217-8CCD8A44B627}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{5BD4A90A-75C4-41AC-9846-B9569A06EDD4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{35E4D72A-1D43-4088-A4A6-810686856506}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{6DE02E0C-A474-4406-A82C-B974150942AF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{A4807F9D-10A7-4DEB-9144-07E747C9AB19}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{CA82EBA6-9689-428E-8E21-3ACD7FF45563}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"{7C38B910-2FC2-4E80-9C1E-E103EEA984E6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 19:27]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 10:05]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 18:20]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-05-11 17:40]

S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16ab2046-22a1-11dc-9d10-001b2435fa6b}]

\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58806a67-b0ac-11dc-a972-000e2ed647b7}]

\shell\AutoRun\command - G:\LaunchU3.exe

.

Inhoud van de 'Gedeelde Taken' map

"2008-04-06 17:30:07 C:\Windows\Tasks\User_Feed_Synchronization-{FB890C1E-8D07-4E03-BB45-2523AAF38F4E}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 19:30:36

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\LEXBCES.EXE

C:\Windows\System32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\conime.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\DllHost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-06 19:34:58 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-06 17:34:46

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

.

2008-04-06 10:54:32 --- E O F ---

Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\system32\drivers\tdxx.sys

C:\Windows\system32\drivers\core.cache.dsk

C:\Windows\System32\ijjiSetup.exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat meteen eens horen hoe het met de pop-ups gesteld is ?

Geplaatst:

Hallo,

Ik heb gedaan wat je zei, maar er gebeurt niets. Ik krijg een schermpje te zien waar je kan zien dat hij het file erin laad, en daarna een schermpje met een foutmelding. Ik kan de foutmelding niet goed zien omdat het veel te snel voorbijflitst.

Ik ben ook nog altijd niet van de pop-ups verlost.

Groeten.

Geplaatst:

Blijkbaar loopt er op dit ogenblik iets behoorlijk fout met Combofix. Jij bent niet de enige die er maar niet in slaagt om de bestanden via dit programma te verwijderen. Dan gaan we het met een ander programma aanpakken :

Download The Avenger en plaats het op je bureaublad:

Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Files to delete:

C:\Windows\system32\drivers\tdxx.sys

C:\Windows\system32\drivers\core.cache.dsk

C:\Windows\System32\ijjiSetup.exe

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt). Post de inhoud van de logfile.

Als dit gelukt is, laat je dan eens weten of dit invloed heeft op je pop-iups ?

Geplaatst:

Hier is het logje van Avenger:

Logfile of The Avenger Version 2.0, © by Swandog46

Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\Windows\system32\drivers\tdxx.sys" deleted successfully.

File "C:\Windows\system32\drivers\core.cache.dsk" deleted successfully.

File "C:\Windows\System32\ijjiSetup.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ik ben van mijn pop-ups verlost, dus alvast bedankt hiervoor :)

Maar sinds ik de laatste keer combofix gestard had hebbek geen

pictogrammen meer in "Deze computer" en mijn "C-schijf".

Geplaatst:

Probleem is dat we niet meer kunnen achterhalen wat Combofix heeft uitgespookt in dat mislukte nummertje met de foutmelding. Want in de rest van de fixen zit geen enkele die verband houdt met je pictogrammen en die daar dus een invloed op kan hebben.

Vreemd ... heb je eigenlijk helemaal geen pictogrammen ? Of zo'n rechthoekig Windows-vakje zonder speciale afbeelding in ? Maak anders eens een screenshot van zo'n situatie. Kunnen we (misschien) iets uit afleiden.

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.