Elke twee minuten opent IE nieuw venster met spam

anoniem · 26 januari 2011

Mijn IE opent elke twee minuten een nieuw venster met reclame. Win een Iphone, gratis spellen etc. Ik heb getracht om dit op te laten houden door een Hijackthis log te maken. Hier heb ik enkele dingen uitgehaald maar dit verhelpt het probleem niet. Weet iemand hoe ik hiervan af kan komen?

anoniem · 26 januari 2011

Hallo Ben, een beetje doehetzelven? Post in ieder geval aansluitend een aktueel log van Hijack This, want anders wordt het een beetje moeilijk om je verder met je probleem te helpen! En doe ook onderstaande: [b:4b46f3001c]Welk programma[/b:4b46f3001c]: Malwarebytes MBAM [b:4b46f3001c]Waarvoor/waarom[/b:4b46f3001c]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:4b46f3001c]Download Malwarebytes MBAM via één van deze locaties[/b:4b46f3001c]: [list:4b46f3001c] [*:4b46f3001c][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:4b46f3001c]Download.com[/b:4b46f3001c][/url] [*:4b46f3001c][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:4b46f3001c]Softpedia.com[/b:4b46f3001c][/url][*:4b46f3001c][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:4b46f3001c]Majorgeeks.com[/b:4b46f3001c][/url][/list:u:4b46f3001c] [b:4b46f3001c]Allereerst[/b:4b46f3001c]: [list:4b46f3001c][*:4b46f3001c] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:4b46f3001c] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:4b46f3001c] [b:4b46f3001c]Scannen[/b:4b46f3001c]: [list:4b46f3001c][*:4b46f3001c] Start 'MBAM' en kies voor 'Snelle Scan'. [*:4b46f3001c][b:4b46f3001c]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor 'Als Administrator uitvoeren'.[/b:4b46f3001c] [*:4b46f3001c]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:4b46f3001c]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:4b46f3001c] [b:4b46f3001c]Infecties gevonden[/b:4b46f3001c]: [list:4b46f3001c][*:4b46f3001c]Klik nu eerst op OK om de melding weg te klikken [*:4b46f3001c]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:4b46f3001c]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:4b46f3001c]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:4b46f3001c]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:4b46f3001c]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:4b46f3001c] [b:4b46f3001c]MBAM-Log[/b:4b46f3001c]: [list:4b46f3001c][*:4b46f3001c] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:4b46f3001c] [b:4b46f3001c]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:4b46f3001c]

anoniem · 26 januari 2011

Ik probeer de Hijack logjes zelf te ontrafelen. Hijackthis.de heeft een analyzer tool, welke ik gebruik. Of het verstandig is weet ik niet, of ik het goed doe weet ik ook niet. Ik zie alleen, dat er veel mensen vragen hoe een Hijackthis log werkt. Waar ik liever kijk hoe ik dat zelf kan doen.. Hier de laatste Hijacklog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:06:37, on 26-1-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Boltjes\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Windows\system32\conime.exe C:\Windows\Kmumab.exe C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Boltjes\AppData\Local\Temp\Kk1.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Boltjes\AppData\Local\Temp\Kk3.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [CE8SIIFGSU] C:\Users\Boltjes\AppData\Local\Temp\Kk1.exe O4 - HKUS\S-1-5-18\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Boltjes\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Users\Boltjes\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Boltjes\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - D:\Virus programma's\Spybot - Search & Destroy\SDWinSec.exe (file missing) O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9723 bytes Heb trouwens geen idee wat kmumab.exe is (c:\Windows\kmumab.exe) Ben momenteel de snelle scan van MBAM aan het doen. De log hiervan post ik straks hier. Bedankt voor het snelle antwoord!

anoniem · 26 januari 2011

Hier de MBAM log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 5608 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 26-1-2011 11:42:56 mbam-log-2011-01-26 (11-42-56).txt Scantype: Snelle scan Objecten gescand: 159292 Verstreken tijd: 9 minuut/minuten, 2 seconde(n) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 6 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 8 Geheugenprocessen geïnfecteerd: c:\Windows\Kmumab.exe (Trojan.FraudPack.Gen) -> 115496 -> Unloaded process successfully. c:\Users\Benjamin\AppData\Local\Temp\Kk3.exe (Trojan.FraudPack.Gen) -> 226016 -> Unloaded process successfully. c:\Users\Benjamin\AppData\Local\Temp\Kk1.exe (Trojan.FraudPack.Gen) -> 227904 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FraudPack.Gen) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\Kmumab.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Benjamin\AppData\Local\Temp\Kk3.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Benjamin\AppData\Local\Temp\Kk1.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\System32\sshnas21.dll (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Kmumaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

anoniem · 26 januari 2011

Hoi Ben, die site die je noemt, wel die wordt inderdaad vaak gebruikt. Maar je loopt het gevaar, dat je teveel verwijderd of dat de site het zelfs verkeerd heeft! Met als gevolg, dat je handelen in een stukkende Windows resulteert! Er lopen een aantal vreemde processen in jouw Windows, die onderdel kunnen zijn van dieper weggedoken malware! [b:c7523af686]Welk programma[/b:c7523af686]: ComboFix [b:c7523af686]Waarvoor/waarom[/b:c7523af686]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:c7523af686]Moeilijkheidsgraad[/b:c7523af686]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:c7523af686]Downloadlokatie[/b:c7523af686]: Dit programma absoluut naar het bureaublad downloaden! [b:c7523af686]Download ComboFix via één van deze locaties[/b:c7523af686]: [list:c7523af686][*:c7523af686][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:c7523af686]Bleepingcomputer[/b:c7523af686][/url] [*:c7523af686][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:c7523af686]ForoSpyware[/b:c7523af686][/url] [*:c7523af686][url=http://subs.geekstogo.com/ComboFix.exe][b:c7523af686]Geekstogo[/b:c7523af686][/url][/list:u:c7523af686] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:c7523af686]Hier[/b:c7523af686][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:c7523af686]Hier[/b:c7523af686][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:c7523af686]hier[/b:c7523af686][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:c7523af686]Voor alle duidelijkheid nogmaals[/b:c7523af686]: ComboFix dient vanaf het bureaublad gestart te worden. [b:c7523af686]Opmerkingen[/b:c7523af686]: [list:c7523af686][*:c7523af686] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:c7523af686]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:c7523af686]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:c7523af686] [b:c7523af686]ComboFix is opgestart[/b:c7523af686]: [list:c7523af686][*:c7523af686]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:c7523af686]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:c7523af686]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:c7523af686]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:c7523af686]Post de inhoud van dit logbestand in je volgende bericht. [*:c7523af686]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:c7523af686] [b:c7523af686]Belangrijke opmerking[/b:c7523af686]: [list:c7523af686][*:c7523af686][b:c7523af686][color=Red:c7523af686]Indien er een error wordt getoond met de melding: [/color:c7523af686][color=blue:c7523af686]Illegal operation attempted on a registery key that has been marked for deletion.[/color:c7523af686][color=Red:c7523af686] - start dan de computer opnieuw op.[/color:c7523af686][/b:c7523af686][/list:u:c7523af686]

anoniem · 26 januari 2011

Combifix is bijna drie kwartier bezig geweest wat op een behoorlijk vervuilde laptop duidt, ofniet? Hier de log: ComboFix 11-01-25.03 - Boltjes 26-01-2011 12:41:48.4.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1732 [GMT 1:00] Gestart vanuit: d:\bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Boltjes\AppData\Roaming\inst.exe c:\users\Boltjes\AppData\Roaming\PriceGong c:\users\Boltjes\AppData\Roaming\PriceGong\Data\1.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\a.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\b.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\c.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\d.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\e.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\f.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\g.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\h.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\i.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\J.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\k.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\l.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\m.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\n.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\o.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\p.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\q.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\r.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\s.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\t.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\u.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\v.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\w.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\x.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\y.xml c:\users\Boltjes\AppData\Roaming\PriceGong\Data\z.xml c:\windows\Fonts\FORTE.TTF . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RKHIT -------\Service_RkHit (((((((((((((((((((( Bestanden Gemaakt van 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))) . 2011-01-26 12:10 . 2011-01-26 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-26 10:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-26 10:31 . 2011-01-26 10:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 10:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-26 10:00 . 2011-01-26 10:00 388096 ----a-r- c:\users\Boltjes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-26 10:00 . 2011-01-26 10:00 -------- d-----w- c:\program files\Trend Micro 2011-01-25 10:09 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423BEAC2-00FD-4BCA-AE49-0799DFC29F86}\mpengine.dll 2011-01-24 19:00 . 2011-01-24 19:00 -------- d-----w- c:\program files\Uninstall Gold 2011-01-23 14:23 . 2011-01-23 14:23 -------- d-----w- c:\users\Public\CyberLink 2011-01-21 21:43 . 2011-01-21 21:43 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcBEDD.tmp 2011-01-20 16:19 . 2011-01-20 16:19 -------- d-----w- c:\programdata\FLEXnet 2011-01-20 15:54 . 2011-01-20 15:59 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2011-01-20 15:54 . 2011-01-20 15:59 -------- d-----w- c:\program files\AutoCAD 2010 2011-01-20 15:25 . 2011-01-20 15:25 -------- d-----w- c:\program files\Autodesk 2011-01-18 20:25 . 2011-01-24 07:27 -------- d-----w- c:\users\Boltjes\AppData\Roaming\skypePM 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----w- c:\program files\Common Files\Skype 2011-01-18 20:24 . 2011-01-24 07:46 -------- d-----w- c:\users\Boltjes\AppData\Roaming\Skype 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----r- c:\program files\Skype 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----w- c:\programdata\Skype 2011-01-12 20:58 . 2011-01-20 16:10 -------- d-----w- c:\users\Boltjes\AppData\Roaming\vlc 2011-01-12 20:04 . 2011-01-12 20:04 -------- d-----w- c:\program files\Movie Subtitles Searcher 2011-01-12 16:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-01-12 16:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 16:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 16:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-12 16:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-01-12 16:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 16:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-01-08 08:58 . 2011-01-25 09:57 -------- d-----w- c:\program files\Google 2010-12-28 12:23 . 2010-12-28 12:23 -------- d-----w- c:\users\Boltjes\AppData\Roaming\NVIDIA 2010-12-28 12:20 . 2011-01-09 12:31 -------- d-----w- c:\users\Boltjes\AppData\Local\Cyberlink 2010-12-28 12:10 . 2010-12-28 12:10 -------- d-----w- c:\program files\Common Files\CyberLink 2010-12-28 11:59 . 2010-12-28 11:56 29480 ----a-w- c:\windows\system32\msxml3a.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 12:19 . 2008-09-22 13:50 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-01-24 10:55 . 2009-07-21 16:55 214816 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-24 10:55 . 2008-09-23 08:36 214816 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-24 10:54 . 2008-09-23 08:36 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-13 08:47 . 2010-07-03 08:43 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2010-02-21 19:45 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-13 08:41 . 2010-02-21 19:46 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:40 . 2010-02-21 19:46 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2010-02-21 19:46 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2010-02-21 19:46 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2010-02-21 19:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-28 11:55 . 2008-09-12 20:11 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-12-28 11:55 . 2008-09-12 20:11 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-12-26 15:29 . 2010-12-26 15:29 3911 ----a-w- C:\STF1DF2.tmp 2010-12-15 16:46 . 2010-06-22 10:07 420920 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-11-30 19:42 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2010-11-30 19:42 . 2010-06-24 09:33 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-11-05 11:25 . 2010-08-30 16:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-11-04 18:56 . 2010-12-19 12:58 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-04 18:55 . 2010-12-19 12:58 352768 ----a-w- c:\windows\system32\taskschd.dll 2010-11-04 18:55 . 2010-12-19 12:58 270336 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-04 18:55 . 2010-12-19 12:58 601600 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-04 16:34 . 2010-12-19 12:58 171520 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 06:01 . 2010-12-19 12:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-02 05:57 . 2010-12-19 12:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-02 05:57 . 2010-12-19 12:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-02 05:57 . 2010-12-19 12:56 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-11-02 05:57 . 2010-12-19 12:56 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-11-02 05:01 . 2010-12-19 12:56 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 04:26 . 2010-12-19 12:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-11-02 04:24 . 2010-12-19 12:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-10-28 15:44 . 2010-12-19 12:57 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-28 13:27 . 2010-12-19 12:57 292352 ----a-w- c:\windows\system32\atmfd.dll 2010-10-28 13:20 . 2010-12-19 12:53 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Boltjes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Boltjes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Boltjes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "Skytel"="Skytel.exe" [2007-08-03 1826816] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-05 210216] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] c:\users\Boltjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Boltjes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Boltjes^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk] path=c:\users\Boltjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver] 2008-09-22 13:37 37232 ----a-w- c:\windows\ASScrProlog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector] 2008-09-22 13:37 33136 ----a-w- c:\windows\ASScrPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA] 2006-11-02 06:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-12-28 11:53 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-01-03 18:23 342848 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2010-11-11 08:27 570688 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] 2009-10-12 15:51 692321 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTV4Me] 2008-04-21 04:48 1445888 ----a-w- c:\program files\PCTV4Me\PCTV4Me.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] 2007-07-19 10:18 778240 ----a-w- c:\program files\P4P\P4P.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-03 14:44 15028104 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2010-11-16 10:07 422912 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-12-15 19:31 1242448 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-03-02 21:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost] 2009-12-03 16:14 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2314126100-972619266-2034270587-1000] "EnableNotificationsRef"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176] R2 SBSDWSCService;SBSD Security Center Service;d:\virus programma's\Spybot - Search & Destroy\SDWinSec.exe [x] R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-12-03 23680] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-15 420920] S1 aswSP;aswSP; [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-12-03 7936] S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/28 13:11];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 87536] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-18 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-18 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-26 1375992] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592] S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-05 15264] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - LAVASOFT_KERNEXPLORER [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2011-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 13:24] 2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:59] 2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:59] 2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{1958A1E7-76A0-4944-BD82-950BCB7EF054}.job - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Boltjes\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Boltjes\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\users\Boltjes\AppData\Roaming\Mozilla\Firefox\Profiles\sv48yz8i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ost FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-AdobeBridge - (no file) MSConfigStartUp-a-squared - c:\program files\a-squared Anti-Malware\a2guard.exe MSConfigStartUp-CubeDesktop - c:\program files\CubeDesktop\cubedesktop.exe MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe MSConfigStartUp-IP Changer 2 - c:\program files\Plustech Inc.\IP Changer 2.0\yourapp.Exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malware\Malwarebytes' Anti-Malware\mbam.exe MSConfigStartUp-MaxCounter - d:\downloads\MaxCounter.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-WallpaperSS - c:\program files\WallpaperSS\WallpaperSS.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-26 13:20 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.avi" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.CDA" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.M3U" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MP3" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WAV" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMA" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMV" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WPL" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WVX" [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16B6D388-56B8-BCA6-85D0-5D3CEC9C14FC}*] "jagonmaciplglaaldepe"=hex:66,61,64,61,69,6b,69,65,70,6b,70,66,00,51 "paonmngannpdlpcinnibebjckbmaamhj"=hex:62,61,63,61,00,6b "hagonmaciplglaal"=hex:6e,62,64,61,67,6b,64,6b,65,69,6d,6c,6d,62,63,64,67,70, 64,61,62,63,6f,6d,67,62,62,66,6b,66,70,6d,6d,6e,6c,6a,62,66,61,6a,64,6d,6d,\ [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59F70E37-45CE-1310-26BA-7C2069B5492F}*] "haiplbmllijlnnjo"=hex:61,61,00,00 "jaiplbmllijlnnjobfmo"=hex:63,61,6a,66,65,61,00,00 "paaaiahijjiiehodfdemkdogaeomenac"=hex:64,61,6c,66,6a,67,68,61,00,f8 [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\SecuROM\License information*] "datasecu"=hex:72,99,fb,a8,3c,95,5e,49,5d,65,1a,63,6d,ff,41,0b,41,54,c2,49,d1, 13,2e,0a,77,51,e3,63,63,e1,7c,21,1b,c6,11,b0,31,b9,b5,aa,19,c0,d5,11,95,3f,\ "rkeysecu"=hex:7e,5c,8e,46,26,9a,71,09,dd,bb,84,ad,8f,04,c5,d0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(5520) c:\program files\ASUS\Asus MultiFrame\HookTitle.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll c:\users\Boltjes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\ASUS\ASUS CopyProtect\aspg.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\WUDFHost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Voltooingstijd: 2011-01-26 13:28:40 - machine werd herstart ComboFix-quarantined-files.txt 2011-01-26 12:28 Pre-Run: 31.064.055.808 bytes beschikbaar Post-Run: 30.524.604.416 bytes beschikbaar Current=2 Default=2 Failed=1 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - FE6EAF46BCEB29E4957E78776E7695B2

anoniem · 26 januari 2011

Hoi Ben, ComboFix heeft onder andere een trojan-Backdoor-service verwijderd! Dat houdt in, dat jouw PC mogelijk door derden was overgenomen! In ieder geval is het belangrijk, dat jij vanaf een andere computer overal je online wachtwoorden gaat vernieuwen! En neem ook contact op met jouw bank, om af te spreken dat er geen onbekende betalingen vanaf jouw rekening(en mogen plaatsvinden! Als laatste kan je overwegen, uit veiligheidsoogpunt, om Windows schoon opnieuw te installeren! Laat me weten wat jij wil!

anoniem · 26 januari 2011

Ik wil mijn laptop al opnieuw installeren, alleen lukt mij dit zelf niet! Heb zelf wel de recovery CD, maar het lukte mij niet bepaald. Of jij moet hiermee raad weten? Alle wachtwoorden ga ik veranderen. *Pff, zijn er nogal wat* Super dat je me hebt geholpen! Zijn er nog andere dingen die ik moet doen?

anoniem · 26 januari 2011

Wat is merk en type van jouw klapkoffer dan? Ik zie dat je een Asus hebt. Hoe de herstelfunlktie van Asus werkt, weet ik niet. Maar ik neem aan dat van de recoverydisk moet booten. Waarschuwing: indien je documenten en andere bestanden, die bewaard moeten blijven en niet gebackupt zijn, ben je die wel kwijt als je de recovery gaat gebruiken!

anoniem · 26 januari 2011

Ik heb alle bestanden op een externe harde schijf te staan. Ik heb een Asus Pro57S. Ik druk die herstelCD erin (Dit is eigenlijk de installer van vista want meer cd's heb ik er niet bijgekregen!) en dan wat?:$

anoniem · 26 januari 2011

Ik zou een nieuw topic hierover starten in Software: OS Windows. Suc6!!

anoniem · 26 januari 2011

Hoi Ben, je dient ervoor te zorgen dat het bios weet, dat je vanaf de CD-rom wil opstarten! Mogelijk is de bootmenu optie al geaktiveerd. Let bij het opstarten van het bios-scherm op meldingen welke funktietoets gebruikt moet worden om in het bios te geraken en mogelijk, indien geaktiveerd welke funktietoets gebruikt moet worden voor het bootmenu. Dus of in het bios de bootoptie veranderen of het bootmenu gebruiken om middels de pijltoetsen de CD-rom te kiezen en via de entertoets de optie te aktiveren.

anoniem · 26 januari 2011

Ik heb hier al eens een topic over gestart. Toen had ik problemen met mijn DVD drive. Wellicht gaat het nu wel goed komen. Ik maak met Drivermax nog een backup van mijn drivers en zet mijn laatste documenten op mijn externe schijf. Is er trouwens ook een snelle manier om deze te synchroniseren met de harde schijf van je computer? Nu duurt het wel even voordat 160 GB is gekopieërd. Dan ga ik vanavond proberen of Vista opnieuw geïnstalleerd kan worden. Bedankt voor je hulp!

anoniem · 26 januari 2011

Hoi Ben, de recovery moet feitelijk inclusief de drivers zijn, dus is het back-uppen van de drivers niet echt nodig. Ik acht het ook mogelijk, dat op de Asussupportsite voor jouw notebook nieuwere drivers staan!

anoniem · 26 januari 2011

Okee. Ga ik nog even uitzoeken hoe dat dan precies werkt. De drivers van de Asus site afhalen en gebruiken.

anoniem · 27 januari 2011

Ik heb geprobeerd om de laptop opnieuw te instaleren maar dit lukte niet. Ik kreeg dezelfde foutmelding als in een eerder gestart topic van mij (http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1412782) Couldn't find NTLDR... Ik laat mijn laptop opnieuw instaleren door een kenner, ga ik van uit... In ieder geval houd het hier in dit subforum op. Mijn virussen zijn er af en de dank daarvoor is groot. Bedankt!

anoniem · 27 januari 2011

Hoi Ben, indien je notebook nog steeds kan opstarten, klk dan daarna met rechts op Computer en kies dan Beheren. In het scherm Computerbeheer klik je vervolgens in de linkerkolom op Schijfbeheer. Staat er op de HD een verborgen partitie van een 6 tot 8 GB groot en is die nog gevuld? Zoja, dan moet je de recovery vanaf de harddisk kunnen starten! Hoe dat verder in zijn werk gaat moet in de gebruiksaanwijzing van jouw notebook staan! Dan nog iets: jouw notebook is zondermeer ook geschikt voor Windows 7. Een overstap daarop is aan te bevelen! Mogelijk zelfs, dat je voor de 64-bit versie kan gaan!

anoniem · 27 januari 2011

Ga ik daar straks nog even naar kijken. Een overstap naar 64 bit. Dat is goed te doen? Ik maak veel gebruik van Autocad en andere 3D software die voor mijn opleiding belangrijk zijn. Ontstaan er daardoor geen conflicten meer? Dan moet ik nu dus wel een windows 7 pakket kopen, ofniet?

anoniem · 27 januari 2011

Ik zie in systeembeheer wel 3 schijven staan. Een NTFS schijf, C van 78 GB, een tweede NTFS schijf, D van 219 GB en nog een derde schijf, een RAW welke over geen capaciteit beschikt... Daar staat wel bij dat deze 100% vrij is. Nog iets.. Moet ik combofix ook nog verwijderen? heb namelijk in mijn C schijf nog mappen staan can Combofix zelf en van Found.001, found.002 etc.

anoniem · 27 januari 2011

Laat Combofix nog maar eens scannen. Wil het tool zich eerst updaten of dat het je het tool opnieuw moet downloaden, sta dat dan toe! En post daarna het log.

anoniem · 27 januari 2011

Hier de log. Mijn windows verkenner is alleen wel weg. Met veel knutsel werk heb ik internet ervoor gekregen. STart wel ff opnieuw op.. ComboFix 11-01-26.04 - Benjamin 27-01-2011 18:47:26.5.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1481 [GMT 1:00] Gestart vanuit: d:\bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Benjamin\AppData\Roaming\inst.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))) . 2011-01-27 18:11 . 2011-01-27 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-27 17:40 . 2011-01-27 17:41 -------- d-----w- C:\32788R22FWJFW 2011-01-27 13:07 . 2011-01-27 13:07 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Belastingdienst 2011-01-27 13:03 . 2011-01-27 13:03 -------- d-----w- c:\program files\Belastingdienst 2011-01-26 21:48 . 2011-01-26 21:48 -------- d-----w- c:\users\Benjamin\AppData\Roaming\mkvtoolnix 2011-01-26 21:47 . 2011-01-26 21:47 -------- d-----w- c:\program files\MKVtoolnix 2011-01-26 21:26 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll 2011-01-26 21:26 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll 2011-01-26 21:26 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll 2011-01-26 21:26 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll 2011-01-26 21:26 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll 2011-01-26 21:26 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2011-01-26 21:26 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2011-01-26 15:59 . 2011-01-26 15:59 -------- d-----w- c:\program files\Innovative Solutions 2011-01-26 15:00 . 2011-01-26 15:00 -------- d-----w- c:\program files\Activision 2011-01-26 10:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-26 10:31 . 2011-01-26 10:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-26 10:31 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-26 10:00 . 2011-01-26 10:00 388096 ----a-r- c:\users\Benjamin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-26 10:00 . 2011-01-26 10:00 -------- d-----w- c:\program files\Trend Micro 2011-01-25 10:09 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423BEAC2-00FD-4BCA-AE49-0799DFC29F86}\mpengine.dll 2011-01-24 19:00 . 2011-01-24 19:00 -------- d-----w- c:\program files\Uninstall Gold 2011-01-23 14:23 . 2011-01-23 14:23 -------- d-----w- c:\users\Public\CyberLink 2011-01-21 21:43 . 2011-01-21 21:43 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcBEDD.tmp 2011-01-20 16:19 . 2011-01-20 16:19 -------- d-----w- c:\programdata\FLEXnet 2011-01-20 15:54 . 2011-01-20 15:59 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2011-01-20 15:54 . 2011-01-20 15:59 -------- d-----w- c:\program files\AutoCAD 2010 2011-01-20 15:25 . 2011-01-20 15:25 -------- d-----w- c:\program files\Autodesk 2011-01-18 20:25 . 2011-01-24 07:27 -------- d-----w- c:\users\Benjamin\AppData\Roaming\skypePM 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----w- c:\program files\Common Files\Skype 2011-01-18 20:24 . 2011-01-24 07:46 -------- d-----w- c:\users\Benjamin\AppData\Roaming\Skype 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----r- c:\program files\Skype 2011-01-18 20:24 . 2011-01-18 20:24 -------- d-----w- c:\programdata\Skype 2011-01-12 20:58 . 2011-01-26 13:23 -------- d-----w- c:\users\Benjamin\AppData\Roaming\vlc 2011-01-12 20:04 . 2011-01-12 20:04 -------- d-----w- c:\program files\Movie Subtitles Searcher 2011-01-12 16:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2011-01-12 16:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-12 16:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-12 16:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-12 16:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-01-12 16:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-12 16:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-01-08 08:58 . 2011-01-25 09:57 -------- d-----w- c:\program files\Google . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-26 21:21 . 2010-10-21 17:17 47360 ----a-w- c:\users\Benjamin\AppData\Roaming\pcouffin.sys 2011-01-26 12:19 . 2008-09-22 13:50 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-01-24 10:55 . 2009-07-21 16:55 214816 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-24 10:55 . 2008-09-23 08:36 214816 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-24 10:54 . 2008-09-23 08:36 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-13 08:47 . 2010-07-03 08:43 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2010-02-21 19:45 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-13 08:41 . 2010-02-21 19:46 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:40 . 2010-02-21 19:46 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2010-02-21 19:46 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2010-02-21 19:46 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2010-02-21 19:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-28 11:56 . 2010-12-28 11:59 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-12-28 11:55 . 2008-09-12 20:11 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-12-28 11:55 . 2008-09-12 20:11 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-12-26 15:29 . 2010-12-26 15:29 3911 ----a-w- C:\STF1DF2.tmp 2010-12-15 16:46 . 2010-06-22 10:07 420920 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-11-30 19:42 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2010-11-30 19:42 . 2010-06-24 09:33 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-11-05 11:25 . 2010-08-30 16:30 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-11-04 18:56 . 2010-12-19 12:58 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-04 18:55 . 2010-12-19 12:58 352768 ----a-w- c:\windows\system32\taskschd.dll 2010-11-04 18:55 . 2010-12-19 12:58 270336 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-04 18:55 . 2010-12-19 12:58 601600 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-04 16:34 . 2010-12-19 12:58 171520 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 06:01 . 2010-12-19 12:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-02 05:57 . 2010-12-19 12:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-02 05:57 . 2010-12-19 12:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-02 05:57 . 2010-12-19 12:56 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-11-02 05:57 . 2010-12-19 12:56 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-11-02 05:01 . 2010-12-19 12:56 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 04:26 . 2010-12-19 12:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-11-02 04:24 . 2010-12-19 12:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Benjamin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "Skytel"="Skytel.exe" [2007-08-03 1826816] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-01-05 210216] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Benjamin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk] path=c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver] 2008-09-22 13:37 37232 ----a-w- c:\windows\ASScrProlog.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector] 2008-09-22 13:37 33136 ----a-w- c:\windows\ASScrPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA] 2006-11-02 06:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-12-28 11:53 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-01-03 18:23 342848 ----a-w- c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2010-11-11 08:27 570688 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-02-29 02:12 76304 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] 2009-10-12 15:51 692321 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTV4Me] 2008-04-21 04:48 1445888 ----a-w- c:\program files\PCTV4Me\PCTV4Me.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone] 2007-07-19 10:18 778240 ----a-w- c:\program files\P4P\P4P.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-03 14:44 15028104 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2010-11-16 10:07 422912 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-12-15 19:31 1242448 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-03-02 21:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost] 2009-12-03 16:14 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2314126100-972619266-2034270587-1000] "EnableNotificationsRef"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 136176] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-26 1375992] R2 SBSDWSCService;SBSD Security Center Service;d:\virus programma's\Spybot - Search & Destroy\SDWinSec.exe [x] R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-12-03 23680] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2007-09-26 15416] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-15 420920] S1 aswSP;aswSP; [x] S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-12-03 7936] S1 ItSDisk;ItSDisk;c:\windows\system32\Drivers\ItSDisk.sys [2006-05-16 23232] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/28 13:11];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 87536] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-18 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-18 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592] S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656] --- Andere Services/Drivers In Geheugen --- *Deregistered* - Lavasoft Kernexplorer [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2011-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 13:24] 2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:59] 2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:59] 2011-01-27 c:\windows\Tasks\User_Feed_Synchronization-{1958A1E7-76A0-4944-BD82-950BCB7EF054}.job - c:\windows\system32\msfeedssync.exe [2010-12-19 04:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\sv48yz8i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ost FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Messenger Plus Live Netherlands Toolbar: {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - %profile%\extensions\{d2ab2732-a124-4fb2-8da5-4a6a9e379331} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-DriverMax - (no file) HKCU-Run-DriverMax_RESTART - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-27 19:12 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... ? [34932] ? [7864] ? [22992] ? [28912] ? [29196] ? [1236] ? [31368] ? [31376] scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.avi" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.CDA" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.M3U" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MP3" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WAV" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMA" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMV" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WPL" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WMP11.AssocFile.WVX" [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16B6D388-56B8-BCA6-85D0-5D3CEC9C14FC}*] "jagonmaciplglaaldepe"=hex:66,61,64,61,69,6b,69,65,70,6b,70,66,00,51 "paonmngannpdlpcinnibebjckbmaamhj"=hex:62,61,63,61,00,6b "hagonmaciplglaal"=hex:6e,62,64,61,67,6b,64,6b,65,69,6d,6c,6d,62,63,64,67,70, 64,61,62,63,6f,6d,67,62,62,66,6b,66,70,6d,6d,6e,6c,6a,62,66,61,6a,64,6d,6d,\ [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59F70E37-45CE-1310-26BA-7C2069B5492F}*] "haiplbmllijlnnjo"=hex:61,61,00,00 "jaiplbmllijlnnjobfmo"=hex:63,61,6a,66,65,61,00,00 "paaaiahijjiiehodfdemkdogaeomenac"=hex:64,61,6c,66,6a,67,68,61,00,f8 [HKEY_USERS\S-1-5-21-2314126100-972619266-2034270587-1000\Software\SecuROM\License information*] "datasecu"=hex:72,99,fb,a8,3c,95,5e,49,5d,65,1a,63,6d,ff,41,0b,41,54,c2,49,d1, 13,2e,0a,77,51,e3,63,63,e1,7c,21,1b,c6,11,b0,31,b9,b5,aa,19,c0,d5,11,95,3f,\ "rkeysecu"=hex:7e,5c,8e,46,26,9a,71,09,dd,bb,84,ad,8f,04,c5,d0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-01-27 19:16:18 ComboFix-quarantined-files.txt 2011-01-27 18:16 ComboFix2.txt 2011-01-26 12:28 Pre-Run: 18.062.221.312 bytes beschikbaar Post-Run: 18.003.660.800 bytes beschikbaar Current=2 Default=2 Failed=1 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 805E2D86C2D781BE93D56429CA3E3DB3

Elke twee minuten opent IE nieuw venster met spam

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

70 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics