Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HJT ter controle

KaCey
22 antwoorden
  • Een van mijn dochters probeert een vriendin te helpen wiens laptop zwaar vervuild was.

    MBAM, anywhere,MRT gedraaid en een hoop verwijderd.

    Hierbij een HJT met de vraag of de experts er even naar willen kijken.
    Omslachtige manier, we weten het maar kennisje is een redelijke digibeet
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:39:13, on 21-12-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {454EC6D4-79C6-4F8C-BF58-5656C37982B0} - c:\windows\system32\ywdfiqe.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANgA4ADAAMAA0ADUAMQAwAC0AVAA1AC0AQgBBACsAMQAtAEsAVgAzACsANwAtAEIAMgA0AC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA"&"prod=90"&"ver=9.0.872
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\qaxr\setup.exe (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: kroover - Unknown owner - C:\WINDOWS\system32\drivers\kroover.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SMART Board-service (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

    End of file - 11049 bytes
  • Hallo Anjo, het log ziet er al redelijk goed uit.
    Jammer dat jij het MBAM-log niet meegepost hebt.

    Wil je dat alsnog doen in een volgende post?


    Sluit alle openstaande vensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:f44c6be1a5]Fix checked[/b:f44c6be1a5] klikt!


    Start nu HijackThis en klik op de knop [b:f44c6be1a5]Do a Scan only,

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: (no name) - {454EC6D4-79C6-4F8C-BF58-5656C37982B0} - c:\windows\system32\ywdfiqe.dll (file missing)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O23 - Service: kroover - Unknown owner - C:\WINDOWS\system32\drivers\kroover.exe (file missing)[/b:f44c6be1a5]
    [list:f44c6be1a5][*:f44c6be1a5] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
    [*:f44c6be1a5] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:f44c6be1a5]Fix checked[/b:f44c6be1a5]
    [*:f44c6be1a5] Klik hierna HijackThis op uit.[/list:u:f44c6be1a5]

    Post naast het MBAM-log ook een nieuw HJT-log.
  • Ga t doorgeven en kijken of een vd dames t verder overneemt.
    MBT MBAM, die had een aantal malwareitems gevonden en verwijderdt, hoop dat t log nog boven water te krijgen is.
    Alvast bedankt.
  • Je klikt daarvoor gewoon op de tab "Logbestanden" in MBAM.
  • Dag Allen,

    Heb de aanpassingen gedaan die aangegeven zijn an het draaien van HJT. Ik zal straks s kijken of ik aan de logs kan komen.

    Er komt nog een probleem bij:
    Elke keer als zij een USB erin stopt krijgt ze de volgende melding:

    Windows kan het bestand taapoq.exe niet vinden. Controleer of u de naam huist hebt ingevoerd en probeer het daarna opnieuw. Klik als u naar een bestand wilt zoeken op de knop Start en daarna op Zoeken.

    Dit gebeurd bij alle USB sticks die ze erin stopt en op verschillende poorten.

    Greot, KaCey
  • Ook dat is is een besmetting!

    En: hebben we het nog steeds over dezelfde PC waarvan Anjo het log heeft gepost?
  • ja we hebben t over dezelde laptop :)

    Die hebben we al gecanned. Alleen blijft er nog iets op zitten.

    Die heb ik gister nog gescanned met MS Essentials, maar niets gevonden. Nog ideeen?
  • CCleaner heeft iig wat geholpen. De USB kan weer benaderd worden.
  • Hoi KaCey, je mag het volgende gaan doen:

    Download ComboFix van één van deze locaties:

    [b:f595361ff4]Bleepingcomputer[/b:f595361ff4]

    [b:f595361ff4]ForoSpyware[/b:f595361ff4]


    [b:f595361ff4]* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op *[/b:f595361ff4][/color:f595361ff4]

    [list:f595361ff4][*:f595361ff4] Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

    Hier is een handleiding over hoe je ze kan uitschakelen: [b:f595361ff4]Klik hier[/b:f595361ff4]

    [*:f595361ff4] Indien het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.[*:f595361ff4]Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.[*:f595361ff4] ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

    [b:f595361ff4]**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.[/b:f595361ff4][/color:f595361ff4]

    [*:f595361ff4]Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.[/list:u:f595361ff4]
    [img:f595361ff4]http://www.bleepstatic.com/combofix/nl/cf-rc-auto.jpg[/img:f595361ff4]


    Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

    [img:f595361ff4]http://www.bleepstatic.com/combofix/nl
    c-auto-done.jpg[/img:f595361ff4]



    [b:f595361ff4]Klik op Ja om verder te gaan met het scannen naar malware.[/b:f595361ff4]


    Wanneer ComboFix klaar is, zal het het een logbestand voor je maken.
    Post de inhoud van dit logbestand (te vinden als [b:f595361ff4]C:\ComboFix.txt[/b:f595361ff4]) in je volgende bericht.
  • Dag Abraham54,

    Hier is de log:
    Hoop dat je nog iets kan vinden als er nog een virus op staat.

    ComboFix 10-12-26.01 - Preinstalled user 27-12-2010 16:14:08.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1526.924 [GMT 1:00]
    Gestart vanuit: d:\mijn documenten\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Documenten\Settings
    c:\documents and settings\Preinstalled user\baauz.exe
    c:\documents and settings\Preinstalled user\caewov.exe
    c:\documents and settings\Preinstalled user\gnam.exe
    c:\documents and settings\Preinstalled user\heocib.exe
    c:\documents and settings\Preinstalled user\jaaput.exe
    c:\documents and settings\Preinstalled user
    oevk.exe
    c:\documents and settings\Preinstalled user\reues.exe
    c:\documents and settings\Preinstalled user\taeduq.exe
    c:\documents and settings\Preinstalled user\waucic.exe
    c:\documents and settings\Preinstalled user\yiozoj.exe
    c:\windows\system32\drivers\kqeeh.sys
    c:\windows\system32\drivers\vvzsl.sys
    c:\windows\system32\Oeminfo.ini
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_SSHNAS
    ——-\Service_czmrl
    ——-\Service_neuhtecwaplrzje


    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-27 to 2010-12-27 ))))))))))))))))))))))))))))))
    .

    2010-12-27 14:49 . 2010-12-27 14:59 ——– d–h–r- c:\documents and settings\Preinstalled user\Onlangs geopend
    2010-12-26 17:37 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C502704-1604-41F9-B372-11E19202ED2B}\mpengine.dll
    2010-12-21 15:56 . 2010-12-27 13:05 ——– d—–w- c:\program files\CCleaner
    2010-12-21 15:34 . 2010-12-21 15:35 388096 —-a-r- c:\documents and settings\Preinstalled user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-21 15:31 . 2010-12-21 15:31 ——– d—–w- c:\program files\Trend Micro
    2010-12-21 13:47 . 2010-12-21 13:47 ——– d—–w- c:\documents and settings\Preinstalled user\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-21 06:50 . 2010-09-18 06:53 954368 -c—-w- c:\windows\system32\dllcache\mfc40.dll
    2010-12-21 06:50 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-21 06:49 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-21 06:49 . 2010-08-23 16:13 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-21 06:48 . 2010-11-02 15:17 40960 -c—-w- c:\windows\system32\dllcache
    dproxy.sys
    2010-12-21 06:45 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-21 06:41 . 2010-10-11 14:59 45568 -c—-w- c:\windows\system32\dllcache\wab.exe
    2010-12-20 22:14 . 2010-12-20 22:14 ——– d—–w- c:\documents and settings\Administrator
    2010-12-20 20:13 . 2010-12-20 20:13 138496 —-a-w- c:\windows\system32\drivers\AFD.SYS
    2010-12-20 20:00 . 2010-12-20 20:00 138496 —-a-w- c:\windows\system32\drivers\xxjuiddu.sys
    2010-12-20 18:57 . 2010-12-20 18:57 138496 —-a-w- c:\windows\system32\drivers\rewqkrte.sys
    2010-12-20 18:13 . 2010-10-19 20:51 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-12-20 17:55 . 2010-12-20 17:57 ——– d—–w- c:\program files\Microsoft Security Client
    2010-12-19 18:56 . 2010-12-19 18:56 ——– d—–w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-12-19 17:32 . 2010-12-19 17:32 ——– d—–w- c:\documents and settings\Preinstalled user\Local Settings\Application Data\PCHealth
    2010-12-16 18:03 . 2010-12-16 18:03 733184 —-a-w- c:\windows\system32\alk19.dll
    2010-12-16 18:03 . 2010-12-16 18:03 0 —-a-w- c:\windows\system32\alk19.tmp
    2010-12-16 18:03 . 2010-12-16 18:03 733184 —-a-w- c:\windows\system32\alk18.dll
    2010-12-16 18:03 . 2010-12-16 18:03 0 —-a-w- c:\windows\system32\alk18.tmp
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-18 16:17 . 2010-11-18 16:17 740864 —-a-w- c:\windows\system32\alk17.dll
    2010-11-18 16:17 . 2010-11-18 16:17 0 —-a-w- c:\windows\system32\alk17.tmp
    2010-11-18 16:17 . 2010-11-18 16:17 740864 —-a-w- c:\windows\system32\alk16.dll
    2010-11-18 16:17 . 2010-11-18 16:17 0 —-a-w- c:\windows\system32\alk16.tmp
    2010-11-18 16:16 . 2010-11-18 16:16 740864 —-a-w- c:\windows\system32\alk15.dll
    2010-11-18 16:16 . 2010-11-18 16:16 0 —-a-w- c:\windows\system32\alk15.tmp
    2010-11-09 13:49 . 2010-11-09 13:49 745984 —-a-w- c:\windows\system32\alk30.dll
    2010-11-09 13:49 . 2010-11-09 13:49 0 —-a-w- c:\windows\system32\alk30.tmp
    2010-11-07 18:07 . 2010-10-03 16:33 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-02 15:17 . 2006-05-31 07:19 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-24 20:25 . 2010-10-24 20:25 165264 —-a-w- c:\windows\system32\drivers\MpFilter.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-8 503808]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-1-3 155648]
    SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Preinstalled user^Menu Start^Programma's^Opstarten^Antimalware Doctor.lnk]
    path=c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\Antimalware Doctor.lnk
    backup=c:\windows\pss\Antimalware Doctor.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    2005-08-11 14:14 266240 —-a-w- c:\windows\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3-10-2010 17:33 64288]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-8-2010 13:15 1389400]
    R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [15-7-2010 15:48 844688]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 14:12 98816]
    S1 ikmpnqan;ikmpnqan;\??\c:\windows\system32\drivers\ikmpnqan.sys –> c:\windows\system32\drivers\ikmpnqan.sys [?]
    S2 AMService;AMService;c:\windows\TEMP\qaxr\setup.exe run –> c:\windows\TEMP\qaxr\setup.exe run [?]
    S2 enwcodjs;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Monitor;c:\windows\System32\svchost.exe -k netsvcs [31-5-2006 8:19 14336]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12-8-2010 13:15 15264]
    S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [15-7-2010 15:48 1662352]
    S4 kroover;kroover;c:\windows\system32\drivers\kroover.exe –> c:\windows\system32\drivers\kroover.exe [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    enwcodjs
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 06:37]

    2010-12-27 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp09.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    MSConfigStartUp-3121 - c:\docume~1\PREINS~1\LOCALS~1\Temp\99512.exe
    MSConfigStartUp-AMService - c:\windows\TEMP\plpo\setup.exe
    MSConfigStartUp-buoufo - c:\documents and settings\Preinstalled user\buoufo.exe
    MSConfigStartUp-coiut - c:\documents and settings\Preinstalled user\coiut.exe
    MSConfigStartUp-faekol - c:\documents and settings\Preinstalled user\faekol.exe
    MSConfigStartUp-foealos - c:\documents and settings\Preinstalled user\foealos.exe
    MSConfigStartUp-fumuy - c:\documents and settings\Preinstalled user\fumuy.exe
    MSConfigStartUp-gaitoi - c:\documents and settings\Preinstalled user\gaitoi.exe
    MSConfigStartUp-Izepodaqoxo - c:\windows\mlcumol.dll
    MSConfigStartUp-joateo - c:\documents and settings\Preinstalled user\joateo.exe
    MSConfigStartUp-joatuog - c:\documents and settings\Preinstalled user\joatuog.exe
    MSConfigStartUp-joaveo - c:\documents and settings\Preinstalled user\joaveo.exe
    MSConfigStartUp-kcxis - c:\documents and settings\Preinstalled user\kcxis.exe
    MSConfigStartUp-laaemab - c:\documents and settings\Preinstalled user\laaemab.exe
    MSConfigStartUp-maetoz - c:\documents and settings\Preinstalled user\maetoz.exe
    MSConfigStartUp-nlxis - c:\documents and settings\Preinstalled user
    lxis.exe
    MSConfigStartUp-prkes - c:\documents and settings\Preinstalled user\prkes.exe
    MSConfigStartUp-releaseversion70700 - c:\documents and settings\Preinstalled user\Application Data\CE17613F657CADA8F7D27ACFF60F9C08\releaseversion70700.exe
    MSConfigStartUp-vntouh - c:\documents and settings\Preinstalled user\vntouh.exe
    MSConfigStartUp-voahes - c:\documents and settings\Preinstalled user\voahes.exe
    MSConfigStartUp-yoapuok - c:\documents and settings\Preinstalled user\yoapuok.exe
    MSConfigStartUp-ZE18MW23GY - c:\docume~1\PREINS~1\LOCALS~1\Temp\Oh2.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-27 16:25
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(2820)
    c:\windows\system32\webcheck.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    c:\windows\system32\TODDSrv.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\SMART Technologies\SMART Product Drivers\Aware.exe
    c:\program files\SMART Technologies\SMART Product Drivers\Marker.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-12-27 16:34:25 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-12-27 15:34

    Pre-Run: 10.043.392.000 bytes beschikbaar
    Post-Run: 10.380.214.272 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B350099D48939D2A64A2F441F81B7F40
  • Hoi KaCey, dit notebook is behoorlijk besmet.

    Mede doordat de antivirus een deel van de Microsoft Forefront antivirus is!
    Dus geen echte totaal oplossing!

    Is dit mogelijk een bedrijfsnotebook?


    Open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:1f7053b400]File::
    c:\windows\system32\drivers\xxjuiddu.sys
    c:\windows\system32\drivers\rewqkrte.sys
    c:\windows\system32\alk19.dll
    c:\windows\system32\alk19.tmp
    c:\windows\system32\alk18.dll
    c:\windows\system32\alk18.tmp
    c:\windows\system32\alk17.dll
    c:\windows\system32\alk17.tmp
    c:\windows\system32\alk16.dll
    c:\windows\system32\alk16.tmp
    c:\windows\system32\alk15.dll
    c:\windows\system32\alk15.tmp
    c:\windows\system32\alk30.dll
    c:\windows\system32\alk30.tmp

    Driver::
    c:\windows\system32\drivers\xxjuiddu.sys
    c:\windows\system32\drivers\rewqkrte.sys[/color:1f7053b400][/b:1f7053b400]


    Sla dit kladblokbestand op je bureaublad op als [b:1f7053b400]CFScript.txt[/b:1f7053b400].

    [b:1f7053b400]Nu eerst de antivirus deaktiveren![/b:1f7053b400]


    Sleep CFScript.txt in ComboFix.exe


    [img:1f7053b400]http://home.kpn.nl/~stefsmeenk/CFScript.gif[/img:1f7053b400]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Hoi KaCey, wil het lukken?
  • Ik ga straks weer aan de slag met de laptop. Dan heb ik de laptop weer voor me. Zodra ik meer weet post ik nieuwe info. Alvast bedankt voor de hulp.
  • Hoi KaCey, even dit, misschien kan je er niks aan doen, maar het tijdsverloop tussen opdracht en uitvoeren daarvan moet niet te groot worden!
  • Heb opnieuw de combofix gedraaid en dit is de log:

    ComboFix 10-12-31.01 - Preinstalled user 31-12-2010 19:28:22.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1526.1098 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Preinstalled user\Bureaublad\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-28 to 2010-12-31 ))))))))))))))))))))))))))))))
    .

    2010-12-30 18:34 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80B904CC-AB9E-46F2-8BBB-5EF4D0D75921}\mpengine.dll
    2010-12-27 22:15 . 2010-12-31 15:29 ——– d–h–r- c:\documents and settings\Preinstalled user\Onlangs geopend
    2010-12-21 15:56 . 2010-12-27 13:05 ——– d—–w- c:\program files\CCleaner
    2010-12-21 15:34 . 2010-12-21 15:35 388096 —-a-r- c:\documents and settings\Preinstalled user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-21 15:31 . 2010-12-21 15:31 ——– d—–w- c:\program files\Trend Micro
    2010-12-21 13:47 . 2010-12-21 13:47 ——– d—–w- c:\documents and settings\Preinstalled user\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-21 06:50 . 2010-09-18 06:53 954368 -c—-w- c:\windows\system32\dllcache\mfc40.dll
    2010-12-21 06:50 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-21 06:49 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-21 06:49 . 2010-08-23 16:13 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-21 06:48 . 2010-11-02 15:17 40960 -c—-w- c:\windows\system32\dllcache
    dproxy.sys
    2010-12-21 06:45 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-21 06:41 . 2010-10-11 14:59 45568 -c—-w- c:\windows\system32\dllcache\wab.exe
    2010-12-20 22:14 . 2010-12-20 22:14 ——– d—–w- c:\documents and settings\Administrator
    2010-12-20 20:13 . 2010-12-20 20:13 138496 —-a-w- c:\windows\system32\drivers\AFD.SYS
    2010-12-20 20:00 . 2010-12-20 20:00 138496 —-a-w- c:\windows\system32\drivers\xxjuiddu.sys
    2010-12-20 18:57 . 2010-12-20 18:57 138496 —-a-w- c:\windows\system32\drivers\rewqkrte.sys
    2010-12-20 18:13 . 2010-10-19 20:51 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-12-20 17:55 . 2010-12-20 17:57 ——– d—–w- c:\program files\Microsoft Security Client
    2010-12-19 18:56 . 2010-12-19 18:56 ——– d—–w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-12-19 17:32 . 2010-12-19 17:32 ——– d—–w- c:\documents and settings\Preinstalled user\Local Settings\Application Data\PCHealth
    2010-12-16 18:03 . 2010-12-16 18:03 733184 —-a-w- c:\windows\system32\alk19.dll
    2010-12-16 18:03 . 2010-12-16 18:03 0 —-a-w- c:\windows\system32\alk19.tmp
    2010-12-16 18:03 . 2010-12-16 18:03 733184 —-a-w- c:\windows\system32\alk18.dll
    2010-12-16 18:03 . 2010-12-16 18:03 0 —-a-w- c:\windows\system32\alk18.tmp
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 06:38 . 2010-10-03 17:00 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2010-11-18 18:15 . 2006-05-31 07:30 86016 —-a-w- c:\windows\system32\isign32.dll
    2010-11-18 16:17 . 2010-11-18 16:17 740864 —-a-w- c:\windows\system32\alk17.dll
    2010-11-18 16:17 . 2010-11-18 16:17 0 —-a-w- c:\windows\system32\alk17.tmp
    2010-11-18 16:17 . 2010-11-18 16:17 740864 —-a-w- c:\windows\system32\alk16.dll
    2010-11-18 16:17 . 2010-11-18 16:17 0 —-a-w- c:\windows\system32\alk16.tmp
    2010-11-18 16:16 . 2010-11-18 16:16 740864 —-a-w- c:\windows\system32\alk15.dll
    2010-11-18 16:16 . 2010-11-18 16:16 0 —-a-w- c:\windows\system32\alk15.tmp
    2010-11-09 13:49 . 2010-11-09 13:49 745984 —-a-w- c:\windows\system32\alk31.dll
    2010-11-09 13:49 . 2010-11-09 13:49 0 —-a-w- c:\windows\system32\alk31.tmp
    2010-11-09 13:49 . 2010-11-09 13:49 745984 —-a-w- c:\windows\system32\alk30.dll
    2010-11-09 13:49 . 2010-11-09 13:49 0 —-a-w- c:\windows\system32\alk30.tmp
    2010-11-07 18:07 . 2010-10-03 16:33 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-06 00:23 . 2006-05-31 07:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:23 . 2006-05-31 07:19 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:23 . 2006-05-31 07:19 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:27 . 2006-05-31 07:19 385024 —-a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2006-05-31 07:19 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-28 13:09 . 2006-05-31 07:19 290048 —-a-w- c:\windows\system32\atmfd.dll
    2010-10-26 14:00 . 2006-05-31 07:19 1853440 —-a-w- c:\windows\system32\win32k.sys
    2010-10-24 20:25 . 2010-10-24 20:25 165264 —-a-w- c:\windows\system32\drivers\MpFilter.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-8 503808]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-1-3 155648]
    SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Preinstalled user^Menu Start^Programma's^Opstarten^Antimalware Doctor.lnk]
    path=c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\Antimalware Doctor.lnk
    backup=c:\windows\pss\Antimalware Doctor.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    2005-08-11 14:14 266240 —-a-w- c:\windows\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3-10-2010 17:33 64288]
    R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [15-7-2010 15:48 844688]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 14:12 98816]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-8-2010 13:15 1389400]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12-8-2010 13:15 15264]
    S1 ikmpnqan;ikmpnqan;\??\c:\windows\system32\drivers\ikmpnqan.sys –> c:\windows\system32\drivers\ikmpnqan.sys [?]
    S2 AMService;AMService;c:\windows\TEMP\qaxr\setup.exe run –> c:\windows\TEMP\qaxr\setup.exe run [?]
    S2 enwcodjs;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Monitor;c:\windows\System32\svchost.exe -k netsvcs [31-5-2006 8:19 14336]
    S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [15-7-2010 15:48 1662352]
    S4 kroover;kroover;c:\windows\system32\drivers\kroover.exe –> c:\windows\system32\drivers\kroover.exe [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    enwcodjs
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 06:37]

    2010-12-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp09.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 19:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(4388)
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2010-12-31 19:38:11
    ComboFix-quarantined-files.txt 2010-12-31 18:38
    ComboFix2.txt 2010-12-27 15:34

    Pre-Run: 10.014.375.936 bytes beschikbaar
    Post-Run: 10.227.773.440 bytes beschikbaar

    - - End Of File - - 562796C9276073ED32EB0919DEC6869D
  • Hoi KaCey, zo te zien heb je enkel ComboFix opgestart voor een nieuwe scan.

    Zie mijn vorige post en doe nu datgene wat ik er geschreven heb.
  • Dag Abraham54,

    Hier het ComboLog

    ComboFix 10-12-31.01 - Preinstalled user 31-12-2010 20:18:34.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1526.955 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Preinstalled user\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Preinstalled user\Bureaublad\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    FILE ::
    "c:\windows\system32\alk15.dll"
    "c:\windows\system32\alk15.tmp"
    "c:\windows\system32\alk16.dll"
    "c:\windows\system32\alk16.tmp"
    "c:\windows\system32\alk17.dll"
    "c:\windows\system32\alk17.tmp"
    "c:\windows\system32\alk18.dll"
    "c:\windows\system32\alk18.tmp"
    "c:\windows\system32\alk19.dll"
    "c:\windows\system32\alk19.tmp"
    "c:\windows\system32\alk30.dll"
    "c:\windows\system32\alk30.tmp"
    "c:\windows\system32\drivers\rewqkrte.sys"
    "c:\windows\system32\drivers\xxjuiddu.sys"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\alk15.dll
    c:\windows\system32\alk15.tmp
    c:\windows\system32\alk16.dll
    c:\windows\system32\alk16.tmp
    c:\windows\system32\alk17.dll
    c:\windows\system32\alk17.tmp
    c:\windows\system32\alk18.dll
    c:\windows\system32\alk18.tmp
    c:\windows\system32\alk19.dll
    c:\windows\system32\alk19.tmp
    c:\windows\system32\alk30.dll
    c:\windows\system32\alk30.tmp
    c:\windows\system32\drivers\rewqkrte.sys
    c:\windows\system32\drivers\xxjuiddu.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-11-28 to 2010-12-31 ))))))))))))))))))))))))))))))
    .

    2010-12-30 18:34 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80B904CC-AB9E-46F2-8BBB-5EF4D0D75921}\mpengine.dll
    2010-12-27 22:15 . 2010-12-31 19:17 ——– d–h–r- c:\documents and settings\Preinstalled user\Onlangs geopend
    2010-12-21 15:56 . 2010-12-27 13:05 ——– d—–w- c:\program files\CCleaner
    2010-12-21 15:34 . 2010-12-21 15:35 388096 —-a-r- c:\documents and settings\Preinstalled user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-21 15:31 . 2010-12-21 15:31 ——– d—–w- c:\program files\Trend Micro
    2010-12-21 13:47 . 2010-12-21 13:47 ——– d—–w- c:\documents and settings\Preinstalled user\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-21 13:46 . 2010-11-29 16:42 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-21 13:46 . 2010-12-21 13:46 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-21 06:50 . 2010-09-18 06:53 954368 -c—-w- c:\windows\system32\dllcache\mfc40.dll
    2010-12-21 06:50 . 2010-09-18 06:53 953856 -c—-w- c:\windows\system32\dllcache\mfc40u.dll
    2010-12-21 06:49 . 2010-09-18 06:53 974848 -c—-w- c:\windows\system32\dllcache\mfc42.dll
    2010-12-21 06:49 . 2010-08-23 16:13 617472 -c—-w- c:\windows\system32\dllcache\comctl32.dll
    2010-12-21 06:48 . 2010-11-02 15:17 40960 -c—-w- c:\windows\system32\dllcache
    dproxy.sys
    2010-12-21 06:45 . 2010-11-16 11:01 6273872 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-21 06:41 . 2010-10-11 14:59 45568 -c—-w- c:\windows\system32\dllcache\wab.exe
    2010-12-20 22:14 . 2010-12-20 22:14 ——– d—–w- c:\documents and settings\Administrator
    2010-12-20 20:13 . 2010-12-20 20:13 138496 —-a-w- c:\windows\system32\drivers\AFD.SYS
    2010-12-20 18:13 . 2010-10-19 20:51 222080 ——w- c:\windows\system32\MpSigStub.exe
    2010-12-20 17:55 . 2010-12-20 17:57 ——– d—–w- c:\program files\Microsoft Security Client
    2010-12-19 18:56 . 2010-12-19 18:56 ——– d—–w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-12-19 17:32 . 2010-12-19 17:32 ——– d—–w- c:\documents and settings\Preinstalled user\Local Settings\Application Data\PCHealth
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 06:38 . 2010-10-03 17:00 15880 —-a-w- c:\windows\system32\lsdelete.exe
    2010-11-18 18:15 . 2006-05-31 07:30 86016 —-a-w- c:\windows\system32\isign32.dll
    2010-11-09 13:49 . 2010-11-09 13:49 745984 —-a-w- c:\windows\system32\alk31.dll
    2010-11-09 13:49 . 2010-11-09 13:49 0 —-a-w- c:\windows\system32\alk31.tmp
    2010-11-07 18:07 . 2010-10-03 16:33 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-06 00:23 . 2006-05-31 07:19 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:23 . 2006-05-31 07:19 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:23 . 2006-05-31 07:19 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:27 . 2006-05-31 07:19 385024 —-a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2006-05-31 07:19 40960 —-a-w- c:\windows\system32\drivers
    dproxy.sys
    2010-10-28 13:09 . 2006-05-31 07:19 290048 —-a-w- c:\windows\system32\atmfd.dll
    2010-10-26 14:00 . 2006-05-31 07:19 1853440 —-a-w- c:\windows\system32\win32k.sys
    2010-10-24 20:25 . 2010-10-24 20:25 165264 —-a-w- c:\windows\system32\drivers\MpFilter.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-8 503808]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-22 110592]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-1-3 155648]
    SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Preinstalled user^Menu Start^Programma's^Opstarten^Antimalware Doctor.lnk]
    path=c:\documents and settings\Preinstalled user\Menu Start\Programma's\Opstarten\Antimalware Doctor.lnk
    backup=c:\windows\pss\Antimalware Doctor.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    2005-08-11 14:14 266240 —-a-w- c:\windows\system32\TPSMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3-10-2010 17:33 64288]
    R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [15-7-2010 15:48 844688]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 14:12 98816]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-8-2010 13:15 1389400]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12-8-2010 13:15 15264]
    S1 ikmpnqan;ikmpnqan;\??\c:\windows\system32\drivers\ikmpnqan.sys –> c:\windows\system32\drivers\ikmpnqan.sys [?]
    S2 AMService;AMService;c:\windows\TEMP\qaxr\setup.exe run –> c:\windows\TEMP\qaxr\setup.exe run [?]
    S2 enwcodjs;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Monitor;c:\windows\System32\svchost.exe -k netsvcs [31-5-2006 8:19 14336]
    S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [15-7-2010 15:48 1662352]
    S4 kroover;kroover;c:\windows\system32\drivers\kroover.exe –> c:\windows\system32\drivers\kroover.exe [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    enwcodjs
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-12-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 06:37]

    2010-12-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp09.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 20:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2010-12-31 20:24:56
    ComboFix-quarantined-files.txt 2010-12-31 19:24
    ComboFix2.txt 2010-12-31 18:38
    ComboFix3.txt 2010-12-27 15:34

    Pre-Run: 10.243.289.088 bytes beschikbaar
    Post-Run: 10.221.101.056 bytes beschikbaar

    - - End Of File - - BC160E3AC24E34724467BCB5256BDD70
  • Hoi KaCey, dat ziet er beter uit!

    [b:d69dceed63]Herstart MBAM.[/b:d69dceed63]
    [list:d69dceed63][*:d69dceed63] Klik eerst op de tab 'Update'.
    [*:d69dceed63] Klik vervolgens op de knop 'Controleer op updates'.
    [*:d69dceed63] Indien een nieuwe versie van MBAM wordt aangeboden - ga hiermee akkoord.
    [*:d69dceed63] Nadat MBAM vernieuwd is eerst weer de updatecyclus opstarten.
    [*:d69dceed63] Daarna kies je voor 'Snelle Scan'[/list:u:d69dceed63]
    [list:d69dceed63][*:d69dceed63] Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:d69dceed63] Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
    [*:d69dceed63] Zorg ervoor, dat alles aangevinkt is.
    [*:d69dceed63] Vervolgens klik je op: 'Verwijder geselecteerde'.
    [*:d69dceed63] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.[/list:u:d69dceed63]

    [list:d69dceed63][*:d69dceed63] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door op de tab 'Logs' te klikken in 'MBAM'.[/list:u:d69dceed63]

    [list:d69dceed63][*:d69dceed63] Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:d69dceed63] Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:d69dceed63]
    [b:d69dceed63]Hierna post je de inhoud van de volgende logs:[/b:d69dceed63]
    [list:d69dceed63][*:d69dceed63] een nieuw Hijackthis-log
    [*:d69dceed63] MBAM scanlog[/list:u:d69dceed63]
  • Hallo Kacey, waarom duurt het allemaal weer zo lang?

    Wordt er misschien niks meer gedaan?
  • Dag Abraham54,

    Ik had geen toegang meer tot de laptop. Hier is een HJT scan. Heb ik ook een MBAM log gepost eerder?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:38:52, on 23-1-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANgA4ADAAMAA0ADUAMQAwAC0AVAA1AC0AQgBBACsAMQAtAEsAVgAzACsANwAtAEIAMgA0AC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA"&"prod=90"&"ver=9.0.872
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79344.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/8/defaults/activex/ImageUploader3.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\qaxr\setup.exe (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SMART Board-service (SMART Board Service) - SMART Technologies - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    O23 - Service: SMART Display Controller - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


    End of file - 10413 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.