Vraag & Antwoord

Beveiliging & privacy

Controle hijackthis

27 antwoorden
  • Laatste maanden veel problemen met Laptop met Vista Buisness. Geheugen 4 Gb. Veel programma,s lopen vast. Laptop is lang bezig met opstarten. Veel schijfactiviteit. CCleaner al uitgevoerd. Hieronder log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:32:22, on 27-4-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Mobile Net Switch\MNS.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\mstsc.exe C:\windows\system32\taskmgr.exe C:\Users\Gerben\Desktop\Tools\HijackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.accessonline.abnamro.com/wos/open/index.nl.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 217.21.241.31 DynamicSMTP O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NVC] "C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe" -autostart O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9456D7-4E60-4A58-B373-E4B2BE9B6819}: NameServer = 172.28.1.3 O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - OptionNV - C:\windows\system32\GtFlashSwitch.exe O23 - Service: Google Updateservice (gupdate1c9fbe9ce62e291) (gupdate1c9fbe9ce62e291) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe -- End of file - 14542 bytes
  • Hoi Gerben, doe het volgende: sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop [b:a3e9ab783f]Fix checked[/b:a3e9ab783f] klikt! Start nu HijackThis middels rechtsklik met Administratorrechten en klik op de knop [b:a3e9ab783f]Do a Scan only, O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray[/b:a3e9ab783f] [list:a3e9ab783f][*:a3e9ab783f] zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen [*:a3e9ab783f] Sluit nu de webbrowser en vervolgens klik je daarna op de knop [b:a3e9ab783f]Fix checked[/b:a3e9ab783f] [*:a3e9ab783f] Klik hierna HijackThis op uit.[/list:u:a3e9ab783f] [b:a3e9ab783f] Start de computer na de fix opnieuw op[/b:a3e9ab783f] [b:a3e9ab783f]Welk programma[/b:a3e9ab783f]: Malwarebytes MBAM [b:a3e9ab783f]Waarvoor/waarom[/b:a3e9ab783f]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:a3e9ab783f]Moeilijkheidsgraad[/b:a3e9ab783f]: geen. [b:a3e9ab783f]Download Malwarebytes MBAM via één van deze locaties[/b:a3e9ab783f]: [list:a3e9ab783f] [*:a3e9ab783f][url=http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?][b:a3e9ab783f]Download.com[/b:a3e9ab783f][/url] [*:a3e9ab783f][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:a3e9ab783f]Softpedia.com[/b:a3e9ab783f][/url][*:a3e9ab783f][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:a3e9ab783f]Majorgeeks.com[/b:a3e9ab783f][/url][/list:u:a3e9ab783f] [b:a3e9ab783f]Allereerst[/b:a3e9ab783f]:[list:a3e9ab783f][*:a3e9ab783f] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:a3e9ab783f] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:a3e9ab783f] [b:a3e9ab783f]Malwarebytes MBAM opstarten[/b:a3e9ab783f]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [b:a3e9ab783f]Scannen[/b:a3e9ab783f]: [list:a3e9ab783f][*:a3e9ab783f] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:a3e9ab783f]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:a3e9ab783f]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:a3e9ab783f] [b:a3e9ab783f]Infecties gevonden[/b:a3e9ab783f]: [list:a3e9ab783f][*:a3e9ab783f]Klik nu eerst op OK om de melding weg te klikken [*:a3e9ab783f]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:a3e9ab783f]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:a3e9ab783f]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:a3e9ab783f]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:a3e9ab783f]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:a3e9ab783f] [b:a3e9ab783f]MBAM-Log[/b:a3e9ab783f]: [list:a3e9ab783f][*:a3e9ab783f] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:a3e9ab783f] [b:a3e9ab783f]Post aansluitend in je volgende bericht de inhoud van het MBAM-log en een nieuw Hijack This-log.[/b:a3e9ab783f]
  • Hierbij het Mbam log en het Hijackthis log. Heeft volgens mij niets opgeleverd. Firefox loopt erg vaak vast. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6456 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27-4-2011 14:17:59 mbam-log-2011-04-27 (14-17-59).txt Scantype: Snelle scan Objecten gescand: 234968 Verstreken tijd: 16 minuut/minuten, 16 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ---------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:23:10, on 27-4-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Mobile Net Switch\MNS.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\windows\system32\NOTEPAD.EXE C:\windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\windows\system32\wermgr.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\rundll32.exe C:\Users\Gerben\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gerben\Desktop\Tools\HijackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.accessonline.abnamro.com/wos/open/index.nl.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 217.21.241.31 DynamicSMTP O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NVC] "C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe" -autostart O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9456D7-4E60-4A58-B373-E4B2BE9B6819}: NameServer = 172.28.1.3 O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - OptionNV - C:\windows\system32\GtFlashSwitch.exe O23 - Service: Google Updateservice (gupdate1c9fbe9ce62e291) (gupdate1c9fbe9ce62e291) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe -- End of file - 15207 bytes
  • Hoi Gerben, jouw laatste Hijack This-log staat vol aktiviteiten. Maak een nieuw log, waarbij jij er op let, dat er geen applikaties zijn opgestart! Dus geen geopende webbrowser, kladblok enz. En dan de volgende vraag: gebruik jij dit notebook zowel zakelijk als privé?
  • Hierbij het nieuwe log. laptop wordt hoofdzakelijk zakelijk gebruikt al zal er ook best wel eens wat prive opstaan. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:58:32, on 28-4-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\windows\system32\taskeng.exe C:\windows\system32\Dwm.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Mobile Net Switch\MNS.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\windows\system32\conime.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Gerben\Downloads\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.accessonline.abnamro.com/wos/open/index.nl.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 217.21.241.31 DynamicSMTP O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NVC] "C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe" -autostart O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9456D7-4E60-4A58-B373-E4B2BE9B6819}: NameServer = 172.28.1.3 O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - OptionNV - C:\windows\system32\GtFlashSwitch.exe O23 - Service: Google Updateservice (gupdate1c9fbe9ce62e291) (gupdate1c9fbe9ce62e291) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe -- End of file - 14291 bytes
  • Hoi Gerben, je notebook heeft nogal wat opstarters! Doe dus nu het volgende: ga naar [b:8dbffd6ee1]Start[/b:8dbffd6ee1] en typ [in de zoekregel [b:8dbffd6ee1]msconfig[/b:8dbffd6ee1]; bovenaan het startmenu zie je nu de betreffende snelkoppeling. Klik deze snelkoppeling met rechts aan en kies voor [b:8dbffd6ee1]Als administrator uitvoeren[/b:8dbffd6ee1]. Klik op de tab "Opstarten" en haal vervolgens de vinkjes weg bij die regels die met onderstaande regels overeenkomen: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden = wanneer je geen duurdere CD- en DVD-roms gebruikt voor lightscribing! [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe Gebruik jij dit programma: HP ProtectTools Security Manager Indien niet, deaktiveer dan ook [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start Herstart hierna je notebook en post een nieuw Hijack This-log. Laat ook weten wat Taakbeheer aangeeft over het aantal processen en processorgebruik. Een vraag: is Avast de gratis versie?
  • Hierbij het nieuwe logje van Hijackthis Avast is de gratis versie. Aantal Processen (Met outlook en Firefox) 112 Processor gebruik : CPU gebruik 59% fysiek 47 Deze percentages vooral na het opstarten. Na ongeveer een half uur tot een uur normaliseert de situatie zich en gaat het processor gebruik terug naar ongeveer 6% Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:14:18, on 28-4-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19048) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Mobile Net Switch\MNS.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Users\Gerben\Desktop\Tools\HijackThis(2).exe C:\windows\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.accessonline.abnamro.com/wos/open/index.nl.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 217.21.241.31 DynamicSMTP O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NVC] "C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe" -autostart O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9456D7-4E60-4A58-B373-E4B2BE9B6819}: NameServer = 172.28.1.3 O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - OptionNV - C:\windows\system32\GtFlashSwitch.exe O23 - Service: Google Updateservice (gupdate1c9fbe9ce62e291) (gupdate1c9fbe9ce62e291) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\windows\system32\MNSFramework.exe O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files\TightVNC\tvnserver.exe -- End of file - 12784 bytes
  • Hoi Gerben, dat aantal processen en processorgebruik zijn ongehoord hoog. Mogelijk ligt dat voor een deel aan de speciale software voor veilige vpn-verbindingen. Maar 112 processen in een HP-notebook ben ik nog niet eerder tegengekomen. Mijn notebook: Dell Studio XPS M1645 met i7, 8GB met Windows 7 x64 Enterprise, met NIS 2011, diverse Dell-applicaties, FireFox en Outlook 2007 open: 60 processen; processorgebruik schommelt tussen de 2 en 4%. Ergo, ik denk nu dat het toch raadzaam is jou onderstaande te laten doen: [b:14664749c1]Welk programma[/b:14664749c1]: ComboFix [b:14664749c1]Waarvoor/waarom[/b:14664749c1]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:14664749c1]Moeilijkheidsgraad[/b:14664749c1]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:14664749c1]Downloadlokatie[/b:14664749c1]: Dit programma absoluut naar het bureaublad downloaden! [b:14664749c1]Download ComboFix via één van deze locaties[/b:14664749c1]: [list:14664749c1][*:14664749c1][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:14664749c1]Bleepingcomputer[/b:14664749c1][/url] [*:14664749c1][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:14664749c1]ForoSpyware[/b:14664749c1][/url] [*:14664749c1][url=http://subs.geekstogo.com/ComboFix.exe][b:14664749c1]Geekstogo[/b:14664749c1][/url][/list:u:14664749c1] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:14664749c1]Hier[/b:14664749c1][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:14664749c1]Hier[/b:14664749c1][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:14664749c1]hier[/b:14664749c1][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:14664749c1]Voor alle duidelijkheid nogmaals[/b:14664749c1]: ComboFix dient vanaf het bureaublad gestart te worden. [b:14664749c1]Opmerkingen[/b:14664749c1]: [list:14664749c1][*:14664749c1] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:14664749c1]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:14664749c1]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:14664749c1] [b:14664749c1]ComboFix is opgestart[/b:14664749c1]: [list:14664749c1][*:14664749c1]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:14664749c1]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:14664749c1]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:14664749c1]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:14664749c1]Post de inhoud van dit logbestand in je volgende bericht. [*:14664749c1]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:14664749c1] [b:14664749c1]Belangrijke opmerking[/b:14664749c1]: [list:14664749c1][*:14664749c1][b:14664749c1][color=Red:14664749c1]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:14664749c1][/b:14664749c1] [*:14664749c1][b:14664749c1][color=blue:14664749c1]Illegal operation attempted on a registery key that has been marked for deletion.[/color:14664749c1][/b:14664749c1] [*:14664749c1][b:14664749c1][color=Red:14664749c1]Start dan de computer opnieuw op.[/color:14664749c1][/b:14664749c1][/list:u:14664749c1]
  • Was even met vakantie. Heb Combofix gedwonload en instructies gelezen. Ga er zo snel mogelijk mee aan de slag. Hierbij het logbestand: ComboFix 11-05-09.03 - Gerben 10-05-2011 20:08:53.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.3066.1723 [GMT 2:00] Gestart vanuit: c:\users\Gerben\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))) . . 2011-05-10 16:53 . 2011-05-10 16:53 -------- d-----w- c:\users\Gerben\AppData\Local\{BB7A0100-6C7B-45DE-809A-4825EC187C9B} 2011-05-10 08:11 . 2011-05-10 15:00 -------- d--h--w- c:\windows\msdownld.tmp 2011-05-10 07:51 . 2011-05-10 07:51 -------- d-----w- C:\e6778f6dcfd4860697eaa45ad6e28e 2011-05-10 06:17 . 2011-05-10 06:17 -------- d-----w- c:\users\Gerben\AppData\Local\{56129F36-8C86-4DF0-A77D-D2049AE8BD7A} 2011-05-09 06:09 . 2011-05-09 06:10 -------- d-----w- c:\users\Gerben\AppData\Local\{107324B0-F204-491A-B935-B56A60F04794} 2011-04-28 06:18 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-28 06:18 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-28 06:17 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-28 06:08 . 2011-04-28 06:08 -------- d-----w- c:\users\Gerben\AppData\Local\{EDA0FF16-D77E-4738-A927-2B43FC91CC20} 2011-04-27 06:16 . 2011-04-27 06:17 -------- d-----w- c:\users\Gerben\AppData\Local\{1099341B-4AEE-4EC4-8CD7-80AAEC2142FE} 2011-04-26 06:11 . 2011-04-26 06:12 -------- d-----w- c:\users\Gerben\AppData\Local\{D7443059-6B9E-401C-919F-AEB6BE56D55F} 2011-04-23 14:37 . 2011-04-23 14:37 -------- d-----w- c:\program files\iPod 2011-04-23 14:37 . 2011-04-23 14:38 -------- d-----w- c:\program files\iTunes 2011-04-23 14:34 . 2011-04-23 14:34 -------- d-----w- c:\program files\Bonjour 2011-04-23 07:42 . 2011-04-23 07:43 -------- d-----w- c:\users\Gerben\AppData\Local\{9AFF8BDF-0B89-4409-AE42-10F17A9F7219} 2011-04-22 06:12 . 2011-04-22 06:12 -------- d-----w- c:\users\Gerben\AppData\Local\{83B66D9A-FB12-4386-8DCC-8E86E3BE7557} 2011-04-21 07:09 . 2011-04-21 07:09 -------- d-----w- c:\program files\CCleaner 2011-04-21 06:15 . 2011-04-21 06:15 -------- d-----w- c:\users\Gerben\AppData\Local\{A853B355-D84D-45CD-A84B-C63EBF3E7E38} 2011-04-20 18:13 . 2011-04-20 18:13 -------- d-----w- c:\users\Gerben\AppData\Local\{1FA13E1F-524D-4625-AEEF-C9A4E680CAB7} 2011-04-20 06:11 . 2011-04-20 06:12 -------- d-----w- c:\users\Gerben\AppData\Local\{85EC02B3-8429-41B8-804A-65389EE394A0} 2011-04-19 18:09 . 2011-04-19 18:09 -------- d-----w- c:\users\Gerben\AppData\Local\{9AA412EE-82E3-4EEA-966A-78B610B58B2B} 2011-04-19 06:07 . 2011-04-19 06:08 -------- d-----w- c:\users\Gerben\AppData\Local\{E203CA26-4BC8-47A0-9112-8B1A324C8957} 2011-04-18 15:07 . 2011-04-18 15:07 -------- d-----w- c:\windows\CheckSur 2011-04-18 06:07 . 2011-04-18 06:08 -------- d-----w- c:\users\Gerben\AppData\Local\{EA7DB7C5-2EE6-4631-B563-067E1E9DF82B} 2011-04-17 07:36 . 2011-04-17 07:36 -------- d-----w- c:\users\Gerben\AppData\Local\{D6FFEB2E-D546-4CDF-B0A5-AC52024D2463} 2011-04-14 06:29 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll 2011-04-14 06:29 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-04-13 13:55 . 2011-04-13 13:55 -------- d-----w- c:\users\Gerben\AppData\Local\Hewlett-Packard . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-09 07:14 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-03 15:40 . 2011-04-28 06:18 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-28 06:18 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-28 06:18 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-28 06:18 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 07:22 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 07:22 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 07:22 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-04-14 16:41 . 2011-04-26 11:40 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-08 09:23 . 2009-06-30 13:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Gerben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Gerben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Gerben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2009-06-16 1086976] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192] "NVC"="c:\program files\Nortel\Nortel VPN Client\Nvc.exe" [2008-12-11 1762584] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624] "tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-06-30 815704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . c:\users\Gerben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer] 2011-01-30 15:45 1219488 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS] 2008-05-21 00:42 24848 ----a-w- c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-14 09:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-03-18 00:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR] 2008-05-08 00:34 238984 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2008-05-24 00:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9fbe9ce62e291;Google Updateservice (gupdate1c9fbe9ce62e291);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 133104] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-08 30192] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 133104] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 aswSP;aswSP; [x] S1 RsvLock;RsvLock; [x] S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 GtFlashSwitch;GtFlashSwitch Service;c:\windows\system32\GtFlashSwitch.exe [2011-01-17 123208] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936] S2 MSSQL$PAPEXPRESS;SQL Server (PAPEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 NvcSvcMgr;Nortel VPN Client;c:\program files\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2008-12-11 615712] S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2008-12-04 68104] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-12-21 399416] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672] S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-06-30 815704] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2008-12-04 39944] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc Cognizance REG_MULTI_SZ ASBroker ASChannel HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 bthsvcs REG_MULTI_SZ BthServ HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2010-11-23 c:\windows\Tasks\fba_Heijmen Backup .job - c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2010-11-23 12:17] . 2011-05-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 14:21] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 14:23] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 14:23] . 2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-724910510-3074891565-36114832-1004Core.job - c:\users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-02 14:16] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-724910510-3074891565-36114832-1004UA.job - c:\users\Gerben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-02 14:16] . 2011-05-10 c:\windows\Tasks\User_Feed_Synchronization-{7F6F9E99-A774-44D8-8569-E0C306135769}.job - c:\windows\system32\msfeedssync.exe [2011-04-14 04:43] . . ------- Bijkomende Scan ------- . uStart Page = https://www.accessonline.abnamro.com/wos/open/index.nl.html uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: {DF9456D7-4E60-4A58-B373-E4B2BE9B6819} = 172.28.1.3 FF - ProfilePath - c:\users\Gerben\AppData\Roaming\Mozilla\Firefox\Profiles\gkhqatbm.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel . . . ************************************************************************** scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(6100) c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\users\Gerben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\lpksetup.exe c:\windows\system32\AEADISRV.EXE c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\MNSFramework.exe c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conime.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Media Player\wmpnscfg.exe . ************************************************************************** . Voltooingstijd: 2011-05-10 20:37:48 - machine werd herstart ComboFix-quarantined-files.txt 2011-05-10 18:37 . Pre-Run: 108.544.983.040 bytes beschikbaar Post-Run: 107.949.629.440 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 173E1E0616B6A912F551142B3245FEBE
  • Hoi Gerben, behalve dat ik een aantal opstarters vind, waarvan ik het vind dat deze niet hoeven op te starten, ziet het log er goed uit! Doe het volgende: [b:87c6d21713]Welk programma[/b:87c6d21713]: "aswMBR.exe' [b:87c6d21713]Waarvoor/waarom[/b:87c6d21713]: MBR-Rootkitscanner [b:87c6d21713]Moeilijkheidsgraad[/b:87c6d21713]: geen [b:87c6d21713]Downloadlokatie[/b:87c6d21713]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:87c6d21713]Download[/b:87c6d21713] [b:87c6d21713]aswMBR.exe[/b:87c6d21713] [url=http://public.avast.com/~gmerek/aswMBR.exe][b:87c6d21713]hier[/b:87c6d21713][/url]. [b:87c6d21713]aswMBR.exe gebruiken[/b:87c6d21713]: [list:87c6d21713][*:87c6d21713]Windows 2000 en Windows XP: start "aswMBR.exe" middels dubbelklik op "aswMBR.exe". [*:87c6d21713]Windows Vista en Windows 7: start "aswMBR.exe" middels rechtsklik op "aswMBR.exe" en kies jij voor [b:87c6d21713]Als Administrator uitvoeren[/b:87c6d21713].[/list:u:87c6d21713] [list:87c6d21713][*:87c6d21713] Klik nu in het zwarte scherm op de knop [b:87c6d21713]Scan[/b:87c6d21713] [*:87c6d21713] Als de melding "Scan finished successfully" komt, klik dan vervolgens op de knop [b:87c6d21713]Save log[/b:87c6d21713] [*:87c6d21713] Het makkelijkst is het, als opslaglokatie voor het log gewoon het bureaublad te kiezen. [*:87c6d21713] Tevens vindt je nu op het bureaublad ook het bestand [b:87c6d21713]MBR.dat[/b:87c6d21713]! [*:87c6d21713] [b:87c6d21713]MBR.dat[/b:87c6d21713] is een backupbestand, bewaar dat dus voorlopig. [*:87c6d21713] Ook op het bureaublad staat een kladbloktekst-document genaamd [b:87c6d21713]aswMBR.txt[/b:87c6d21713] [*:87c6d21713] Post de inhoud van [b:87c6d21713]aswMBR.txt[/b:87c6d21713] in jouw volgende bericht.[/list:u:87c6d21713] Vermeld ook of er in het zwarte venster na de scan regels in rode kleur staan.
  • Ik kan alleen de knoppen FixMbr, Save Log en Exit kiezen. De knoppen scan en fis zijn grijs.
  • Gebruik dan "SaveLog" en post de inhoud van dat log.
  • Log: aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software Run date: 2011-05-11 13:40:11 ----------------------------- 13:40:11.341 OS Version: Windows 6.0.6002 Service Pack 2 13:40:11.341 Number of processors: 2 586 0x1706 13:40:11.342 ComputerName: LAPTOP_GERBEN UserName: Gerben 13:40:11.683 Initialze error 0 14:35:40.472 The log file has been saved successfully to "C:\Users\Gerben\Documents\aswMBR.txt"
  • In je documentenmap vindt jij [b:a81f78eb94]aswMBR.txt[/b:a81f78eb94]. Daarvan wil ik graag, dat jij de inhoud post!
  • Meer als dit staat er echt niet in: aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software Run date: 2011-05-11 13:40:11 ----------------------------- 13:40:11.341 OS Version: Windows 6.0.6002 Service Pack 2 13:40:11.341 Number of processors: 2 586 0x1706 13:40:11.342 ComputerName: LAPTOP_GERBEN UserName: Gerben 13:40:11.683 Initialze error 0 14:35:40.472 The log file has been saved successfully to "C:\Users\Gerben\Documents\aswMBR.txt" aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software Run date: 2011-05-11 15:04:05 ----------------------------- 15:04:05.149 OS Version: Windows 6.0.6002 Service Pack 2 15:04:05.150 Number of processors: 2 586 0x1706 15:04:05.152 ComputerName: LAPTOP_GERBEN UserName: Gerben 15:04:05.857 Initialze error 0 15:04:39.703 The log file has been saved successfully to "C:\Users\Gerben\Documents\aswMBR.txt"
  • C:\Users\Gerben\Documents\[b:da69f5115c]aswMBR.txt[/b:da69f5115c] Vanaf welke lokatie heb jij eigenlijk "aswMBR.exe' gestart. Standaard owerden log en de back-up op het bureaublad geplaatst!
  • Hallo, Ik heb het opgestart vanaf zijn bureaublad. (Zoals voorgeschreven.)
  • Hoi Gerben, dan gaan we wat anders doen om de MBR van de HD te controleren! [b:caa2693424]Welk programma[/b:caa2693424]: MBRCheck.exe [b:caa2693424]Waarvoor/waarom[/b:caa2693424]: speciale scan op mbr-rootkits [b:caa2693424]Moeilijkheidsgraad[/b:caa2693424]: geen. [b:caa2693424]Download [url=http://ad13.geekstogo.com/MBRCheck.exe]MBRCheck.exe[/url][/b:caa2693424] [b:caa2693424]MBRCheck.exe opstarten[/b:caa2693424]: Windows 2000 en Windows XP: start MBRCheck.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start MBRCheck.exe middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [list:caa2693424][*:caa2693424]een zwart scherm toont zich met enkele data erin. [*:caa2693424]Op je bureaublad zal een logbestand met de naam "MBRcheckxxxx.txt" verschijnen. [*:caa2693424]Kopieer nu de inhoud van dat log in je volgende post.[/list:u:caa2693424]
  • Dat levert in ieder geval meer data op: Verder loopt het op dit moment wel lekker. Alleen vanmorgen liep Firefox een keer vast bij het ophalen van informatie van de bank. Rendering engine omgeschakeld naar IE omdat het anders niet werkt. Log: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Business Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Compaq 6830s Logical Drives Mask: 0x0000003c Kernel Drivers (total 219): 0x82E52000 \SystemRoot\system32\ntkrnlpa.exe 0x82E1F000 \SystemRoot\system32\hal.dll 0x80407000 \SystemRoot\system32\kdcom.dll 0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047E000 \SystemRoot\system32\PSHED.dll 0x8048F000 \SystemRoot\system32\BOOTVID.dll 0x80497000 \SystemRoot\system32\CLFS.SYS 0x804D8000 \SystemRoot\system32\CI.dll 0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8067F000 \SystemRoot\system32\drivers\acpi.sys 0x806C5000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806CE000 \SystemRoot\system32\drivers\msisadrv.sys 0x806D6000 \SystemRoot\system32\drivers\pci.sys 0x806FD000 \SystemRoot\system32\drivers\isapnp.sys 0x8070C000 \SystemRoot\system32\drivers\mpio.sys 0x80728000 \SystemRoot\System32\drivers\partmgr.sys 0x80737000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8073A000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80744000 \SystemRoot\system32\drivers\volmgr.sys 0x80753000 \SystemRoot\System32\drivers\volmgrx.sys 0x8079D000 \SystemRoot\system32\drivers\intelide.sys 0x807A4000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807B2000 \SystemRoot\system32\drivers\pciide.sys 0x807B9000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x807E6000 \SystemRoot\system32\drivers\aliide.sys 0x807ED000 \SystemRoot\system32\drivers\amdide.sys 0x807F4000 \SystemRoot\system32\drivers\cmdide.sys 0x805B8000 \SystemRoot\System32\drivers\mountmgr.sys 0x805C8000 \SystemRoot\system32\drivers\msdsm.sys 0x805E2000 \SystemRoot\system32\drivers\nvraid.sys 0x8B803000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B824000 \SystemRoot\system32\drivers\viaide.sys 0x8B82C000 \SystemRoot\system32\drivers\iastor.sys 0x8B8FA000 \SystemRoot\system32\drivers\iastorv.sys 0x8B99B000 \SystemRoot\system32\drivers\atapi.sys 0x8B9A3000 \SystemRoot\system32\drivers\ataport.SYS 0x8B9C1000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x8BA01000 \SystemRoot\system32\drivers\storport.sys 0x8BA42000 \SystemRoot\system32\drivers\hpcisss.sys 0x8BA4D000 \SystemRoot\system32\drivers\adp94xx.sys 0x8BAB7000 \SystemRoot\system32\drivers\adpahci.sys 0x8BB03000 \SystemRoot\system32\drivers\adpu160m.sys 0x8BB1E000 \SystemRoot\system32\drivers\SCSIPORT.SYS 0x8BB44000 \SystemRoot\system32\drivers\adpu320.sys 0x8BB6A000 \SystemRoot\system32\drivers\djsvs.sys 0x8BB7E000 \SystemRoot\system32\drivers\arc.sys 0x8BB94000 \SystemRoot\system32\drivers\arcsas.sys 0x8BC07000 \SystemRoot\system32\drivers\elxstor.sys 0x8BC9B000 \SystemRoot\system32\drivers\i2omp.sys 0x8BCA5000 \SystemRoot\system32\drivers\iirsp.sys 0x8BCB5000 \SystemRoot\system32\drivers\iteatapi.sys 0x8BCC1000 \SystemRoot\system32\drivers\iteraid.sys 0x8BCCD000 \SystemRoot\system32\drivers\lsi_fc.sys 0x8BCE7000 \SystemRoot\system32\drivers\lsi_sas.sys 0x8BCFF000 \SystemRoot\system32\drivers\megasas.sys 0x8BD09000 \SystemRoot\system32\drivers\megasr.sys 0x8BDC0000 \SystemRoot\system32\drivers\mraid35x.sys 0x8BDCB000 \SystemRoot\system32\drivers\msahci.sys 0x8BDD5000 \SystemRoot\system32\drivers\nfrd960.sys 0x8BDE3000 \SystemRoot\system32\drivers\nvstor.sys 0x8BE05000 \SystemRoot\system32\drivers\ql2300.sys 0x8BF3D000 \SystemRoot\system32\drivers\ql40xx.sys 0x8BF92000 \SystemRoot\system32\drivers\sisraid2.sys 0x8BF9F000 \SystemRoot\system32\drivers\sisraid4.sys 0x8BFB4000 \SystemRoot\system32\drivers\symc8xx.sys 0x8BFC0000 \SystemRoot\system32\drivers\sym_hi.sys 0x8BFCB000 \SystemRoot\system32\drivers\sym_u3.sys 0x8BBAA000 \SystemRoot\system32\drivers\uliahci.sys 0x8BFD6000 \SystemRoot\system32\drivers\ulsata.sys 0x8C00E000 \SystemRoot\system32\drivers\ulsata2.sys 0x8C03A000 \SystemRoot\system32\drivers\vsmraid.sys 0x8C05B000 \SystemRoot\System32\Drivers\SbAlg.sys 0x8C066000 \SystemRoot\system32\drivers\fltmgr.sys 0x8C098000 \SystemRoot\system32\drivers\fileinfo.sys 0x8C0A8000 \SystemRoot\System32\Drivers\SbFsLock.sys 0x8C0AA000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8C0B4000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8C205000 \SystemRoot\system32\drivers\ndis.sys 0x8C310000 \SystemRoot\system32\drivers\msrpc.sys 0x8C33B000 \SystemRoot\system32\drivers\NETIO.SYS 0x8C405000 \SystemRoot\System32\drivers\tcpip.sys 0x8C4EF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C60F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8C71F000 \SystemRoot\system32\drivers\wd.sys 0x8C727000 \SystemRoot\system32\drivers\volsnap.sys 0x8C760000 \SystemRoot\System32\Drivers\spldr.sys 0x8C768000 \SystemRoot\system32\drivers\sbp2port.sys 0x8C77D000 \SystemRoot\System32\Drivers\SafeBoot.sys 0x8C796000 \SystemRoot\System32\Drivers\mup.sys 0x8C7A5000 \SystemRoot\System32\drivers\ecache.sys 0x8C7CC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x8C7D5000 \SystemRoot\system32\drivers\disk.sys 0x8C7E6000 \SystemRoot\system32\drivers\crcdisk.sys 0x8C600000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8C5D8000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8C5E1000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x9020D000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x906DC000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x9077C000 \SystemRoot\System32\drivers\watchdog.sys 0x90788000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x90793000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x907D1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8C125000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90C03000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x90F8C000 \SystemRoot\system32\DRIVERS\yk60x86.sys 0x90FD8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90FEB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x90FF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x91400000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9153D000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9153F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9154A000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91562000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x91568000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x91573000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x91577000 \SystemRoot\system32\DRIVERS\cpqbttn.sys 0x9157A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9158A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x91591000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9159A000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x915C9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x915D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x915EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8C376000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x907E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C399000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8C3AD000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x907EF000 \SystemRoot\system32\DRIVERS\ntnvca.sys 0x91607000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x91690000 \SystemRoot\system32\DRIVERS\termdd.sys 0x916A0000 \SystemRoot\system32\DRIVERS\swenum.sys 0x916A2000 \SystemRoot\system32\DRIVERS\ks.sys 0x916CC000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x916D6000 \SystemRoot\system32\DRIVERS\umbus.sys 0x916E3000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91718000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x91721000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91732000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x91795000 \SystemRoot\system32\drivers\portcls.sys 0x917C2000 \SystemRoot\system32\drivers\drmk.sys 0x91E07000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x91F2D000 \SystemRoot\system32\drivers\modem.sys 0x91F3A000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x91F47000 \SystemRoot\System32\Drivers\bthport.sys 0x9200E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x921C7000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x921D4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x921DB000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x921E4000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x91FC7000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x921EC000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x8C3C2000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x91FF0000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0x92A06000 \SystemRoot\system32\drivers\btwavdt.sys 0x92A6D000 \SystemRoot\system32\drivers\btwaudio.sys 0x92AED000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x92AF0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x92AF9000 \SystemRoot\System32\Drivers\Null.SYS 0x92B00000 \SystemRoot\System32\Drivers\Beep.SYS 0x92B07000 \SystemRoot\System32\drivers\vga.sys 0x92B13000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x92B34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x92B3C000 \SystemRoot\system32\drivers\rdpencdd.sys 0x92B44000 \SystemRoot\System32\Drivers\Msfs.SYS 0x92B4F000 \SystemRoot\System32\Drivers\Npfs.SYS 0x92B5D000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x92B66000 \SystemRoot\system32\DRIVERS\tdx.sys 0x92B7C000 \SystemRoot\system32\DRIVERS\smb.sys 0x92B90000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8C1B2000 \SystemRoot\system32\drivers\afd.sys 0x92BC2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x92BD8000 \SystemRoot\system32\DRIVERS\netbios.sys 0x92BE6000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x92BF9000 \SystemRoot\System32\Drivers\RsvLock.SYS 0x92C0A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x92C46000 \SystemRoot\System32\Drivers\fastfat.SYS 0x92C6E000 \SystemRoot\system32\DRIVERS\psinknc.sys 0x92C90000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92C9A000 \SystemRoot\system32\drivers\csc.sys 0x92CF5000 \SystemRoot\System32\Drivers\dfsc.sys 0x92D0C000 \SystemRoot\System32\Drivers\crashdmp.sys 0x92D19000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x92DE7000 \SystemRoot\System32\Drivers\dump_SbHiber.sys 0x9E280000 \SystemRoot\System32\win32k.sys 0x92DE8000 \SystemRoot\System32\drivers\Dxapi.sys 0x917E7000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9E4A0000 \SystemRoot\System32\TSDDD.dll 0x9E4C0000 \SystemRoot\System32\cdd.dll 0x8C50A000 \SystemRoot\system32\drivers\luafv.sys 0x8C525000 \SystemRoot\system32\DRIVERS\PSINAflt.sys 0x8C54C000 \SystemRoot\system32\DRIVERS\PSINProt.sys 0x8C56B000 \SystemRoot\system32\DRIVERS\PSINFile.sys 0x8C587000 \SystemRoot\system32\DRIVERS\PSINProc.sys 0x82A0C000 \SystemRoot\system32\drivers\spsys.sys 0x82ABC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x82ACC000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x82AF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x82B00000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x82B13000 \SystemRoot\system32\drivers\HTTP.sys 0x82B80000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x82B9D000 \SystemRoot\system32\DRIVERS\bowser.sys 0x82BB6000 \SystemRoot\System32\drivers\mpsdrv.sys 0x82BCB000 \SystemRoot\system32\drivers\mrxdav.sys 0x8C5A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2E09000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2E42000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2E5A000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2E82000 \SystemRoot\System32\DRIVERS\srv.sys 0xA2EE9000 \SystemRoot\system32\DRIVERS\nvcwfpco.sys 0xA2EFC000 \SystemRoot\system32\drivers\peauth.sys 0xA2FDA000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA2FE4000 \SystemRoot\system32\DRIVERS\psi_mf.sys 0xA2FE7000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA2ED1000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA2E00000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA2FF3000 \SystemRoot\system32\DRIVERS\serscan.sys 0x82BEC000 \??\C:\Users\Gerben\AppData\Local\Temp\aswMBR.sys 0x77220000 \Windows\System32\ntdll.dll Processes (total 125): 0 System Idle Process 4 System 604 C:\Windows\System32\smss.exe 672 csrss.exe 732 C:\Windows\System32\wininit.exe 744 csrss.exe 780 C:\Windows\System32\services.exe 796 C:\Windows\System32\lsass.exe 804 C:\Windows\System32\lsm.exe 956 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\winlogon.exe 1052 C:\Windows\System32\svchost.exe 1084 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe 1116 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1164 C:\Windows\System32\svchost.exe 1204 C:\Windows\System32\svchost.exe 1276 C:\Windows\System32\Ati2evxx.exe 1376 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\svchost.exe 1432 C:\Windows\System32\svchost.exe 1520 C:\Windows\System32\audiodg.exe 1548 C:\Windows\System32\svchost.exe 1596 C:\Windows\System32\SLsvc.exe 1628 C:\Windows\System32\svchost.exe 1728 C:\Windows\System32\hpservice.exe 1804 C:\Windows\System32\svchost.exe 1816 C:\Windows\System32\Ati2evxx.exe 728 C:\Windows\System32\taskeng.exe 1036 C:\Windows\System32\spoolsv.exe 1560 C:\Windows\System32\svchost.exe 2156 C:\Program Files\ActivIdentity\ActivClient\accoca.exe 2180 C:\Windows\System32\AEADISRV.EXE 2216 C:\Windows\System32\agrsmsvc.exe 2244 C:\Program Files\ActivIdentity\ActivClient\acevents.exe 2252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2312 C:\Program Files\Bonjour\mDNSResponder.exe 2348 C:\Windows\System32\svchost.exe 2388 C:\Windows\System32\GtFlashSwitch.exe 2432 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe 2712 C:\Windows\System32\svchost.exe 2728 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2768 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 2800 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2888 C:\Windows\System32\MNSFramework.exe 2940 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe 2992 C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe 3112 C:\Windows\System32\taskeng.exe 3176 C:\Windows\System32\dwm.exe 3260 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe 3324 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe 3348 C:\Windows\explorer.exe 3412 C:\Windows\System32\svchost.exe 3436 C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe 3724 C:\Windows\System32\svchost.exe 3752 C:\Windows\System32\svchost.exe 3764 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3840 C:\Program Files\Secunia\PSI\psia.exe 2324 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 1768 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe 2548 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2736 C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe 2784 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 2820 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 3012 C:\Program Files\Analog Devices\Core\smax4pnp.exe 3028 C:\Program Files\TightVNC\tvnserver.exe 3296 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3284 C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe 3556 C:\Program Files\Mobile Net Switch\MNS.exe 3592 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3672 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 3736 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe 3800 C:\Users\Gerben\AppData\Roaming\Dropbox\bin\Dropbox.exe 2280 C:\Program Files\Secunia\PSI\sua.exe 4188 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 4200 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 4268 C:\Windows\System32\svchost.exe 4300 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 4356 C:\Program Files\TightVNC\tvnserver.exe 4396 C:\Windows\System32\svchost.exe 4476 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 4556 C:\Windows\System32\SearchIndexer.exe 4608 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 5268 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 5944 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe 3880 C:\Program Files\ActivIdentity\ActivClient\acevents.exe 5508 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5716 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 6100 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 364 WmiPrvSE.exe 4572 C:\Windows\System32\svchost.exe 5340 C:\Windows\System32\svchost.exe 5104 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 5300 C:\Program Files\Windows Media Player\wmpnscfg.exe 312 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4372 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2148 C:\Program Files\Windows Media Player\wmpnetwk.exe 3976 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 7996 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 7792 WmiPrvSE.exe 5576 C:\Program Files\Internet Explorer\iexplore.exe 3988 C:\Program Files\Internet Explorer\iexplore.exe 8036 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe 6684 C:\Program Files\Internet Explorer\iexplore.exe 6600 C:\Program Files\Mozilla Firefox\firefox.exe 6032 C:\Program Files\Mozilla Firefox\plugin-container.exe 2644 C:\Program Files\Mozilla Firefox\plugin-container.exe 2056 C:\Program Files\Mozilla Firefox\plugin-container.exe 7504 C:\Windows\System32\mstsc.exe 4616 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 1556 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe 6864 C:\Windows\System32\UI0Detect.exe 6200 C:\Program Files\PDFCreator\PDFCreator.exe 7688 C:\Windows\explorer.exe 8008 C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe 6548 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 3960 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE 6316 C:\Program Files\Internet Explorer\iexplore.exe 4776 C:\Program Files\Internet Explorer\iexplore.exe 3628 C:\Windows\System32\SearchProtocolHost.exe 5004 C:\Windows\System32\SearchFilterHost.exe 6836 C:\Windows\System32\SearchProtocolHost.exe 7344 dllhost.exe 6432 dllhost.exe 6604 C:\Users\Gerben\Desktop\MBRCheck.exe 6296 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`f892e000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000037`b8800000 (FAT32) PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40F Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done!
  • Mooi, niks mis met de MBR. Ik wil dat je het volgende gaat doen: Download [b:5004a50b2b]GMER[/b:5004a50b2b] van één van de volgende locaties, en sla het op je Bureaublad op:[list:5004a50b2b] [*:5004a50b2b][b:5004a50b2b][url=http://gmer.net/download.php]Primaire downloadlocatie[/url][/b:5004a50b2b] [i:5004a50b2b]Deze mirror zal een random genaamd bestand geven (Aanbevolen)[/i:5004a50b2b] [*:5004a50b2b][b:5004a50b2b][url=http://gmer.net/gmer.zip]Gezipt bestand[/url][/b:5004a50b2b] [i:5004a50b2b]Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.[/i:5004a50b2b][/list:u:5004a50b2b][list:5004a50b2b] [*:5004a50b2b]Verbreek je internetverbinding en [b:5004a50b2b]sluit alle openstaande programma's[/b:5004a50b2b]. [*:5004a50b2b]Schakel tijdelijk je real-time beveiligingssoftware uit. [*:5004a50b2b]Dubbelklik op het [b:5004a50b2b]random vernoemd[/b:5004a50b2b] GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de [b:5004a50b2b]gmer.sys[/b:5004a50b2b] driver wordt geladen, als dit gevraagd wordt. [*:5004a50b2b][i:5004a50b2b][color=green:5004a50b2b]Let op: Als je de gezipte vesie hebt gedownload, pak het bestand dan uit naar een vaste map, zoals bijvoorbeeld C:\gmer en dubbelklik dan op gmer.exe.[/color:5004a50b2b][/i:5004a50b2b] [img:5004a50b2b]http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif[/img:5004a50b2b] [*:5004a50b2b]GMER zal het Rootkit/Malware tabblad openen, en een automatische snelle scan uitvoeren wanneer GMER voor de eerste keer uitgevoerd wordt. [i:5004a50b2b](gebruik de computer niet tijdens de scan)[/i:5004a50b2b] [*:5004a50b2b]Als je een [b:5004a50b2b]WARNING!!![/b:5004a50b2b] over rootkit activiteit ontvangt, en je wordt gevraagd om je systeem geheel te scannen...klik dan op [b:5004a50b2b]NO[/b:5004a50b2b]. [*:5004a50b2b]Klik nu op de [b:5004a50b2b]Scan[/b:5004a50b2b] knop. Als je een rootkit waarschuwingsvenster krijgt, klik dan op OK. [*:5004a50b2b]Klik op de [b:5004a50b2b]Save...[/b:5004a50b2b] knop als de scan voltooid is, en sla het logbestand op je bureaublad op. Sla het bestand op als [b:5004a50b2b]gmer.log[/b:5004a50b2b]. [*:5004a50b2b]Klik op de [b:5004a50b2b]Copy[/b:5004a50b2b] knop en post de log in je volgende bericht. [*:5004a50b2b]Sluit GMER en zet alle real-time protectie weer aan.[/list:u:5004a50b2b][i:5004a50b2b][color=green:5004a50b2b]-- Als je enige problemen hebt, probeer GMER dan in [b:5004a50b2b][url=http://www.computerhope.com/issues/chsafe.htm]veilige modus[/url][/b:5004a50b2b] uit te voeren[/color:5004a50b2b][/i:5004a50b2b].

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.