Vraag & Antwoord
Wordt firefox naar verkeerde sites omgeleid.
22 antwoorden
- Als ik met in firefox met google diverse sites heb gevonden en klik op een gevonden site, dan wordt dit omgeleid naar een vreemde site.
In IE heb ik dat probleem niet.
Wie kan mij helpen? - Probleem inmiddels niet meer aanwezig. Met een volledige scan met Ad Aware versie 8.3.1. (duur 2,5 u) is 1 infectie gevonden met Trojan W32.Generic!BT. Na opnieuw opstarten PC geen probleem meer ondervonden.
Hoop dat het zo blijft, anders meld ik me weer. - Als firefox een poos heeft aangestaan doet het probleem zich toch weer voor.
Het is heel vervelend steeds naar een verkeerde site omgeleid te worden. Alles op virus en spy e.d. gecontroleerd met spybot, Ad Aware, Malwarebytes en Avast.; er wordt echter niets meer gevonden.
Wie kan mij helpen?? Alvast bedankt. - Hierbij het Hijackthis.log. Wil hier iemand naar kijken wat mogelijk de oorzaak kan zijn van het doorsluizen naar verkeerde websites als ik klik op een via google gezochte site?
Alvast bedankt.
Ben
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:37:59, on 26-8-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updateservice (gupdate1c9c258abb2dba) (gupdate1c9c258abb2dba) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 5873 bytes - In je log kan ik ook gen vreemde zaken ontwaren, ziet er goed uit!
Installeer de nieuwste versie van FF eens schoon! - Mij bljkt nu waarom deze twee bestanden niet te verwijderen zijn!
En dus ook niet gevaarlijk zijn.
Want telkens is Kaspersky AV aanwezig in de logs!
Dat betekent dat je nu ook weet dat Windows defender geen brokken heeft gemaakt!
Combofix mag je verwijderen.
[list:1d7abf13ff][*:1d7abf13ff] ga daarvoor naar Start - Uitvoeren
[*:1d7abf13ff] kopieer en plak hierin het volgende: [b:1d7abf13ff]Combofix /Uninstall[/b:1d7abf13ff]
[*:1d7abf13ff] klik daarna op [b:1d7abf13ff]OK[/b:1d7abf13ff].
[*:1d7abf13ff] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:1d7abf13ff]
Voorbeeld:
[img:1d7abf13ff]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:1d7abf13ff]
Uitvoeren kan ook gestart worden door de toetsencombinatie [img:1d7abf13ff]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:1d7abf13ff]
En geef een update hoe jouw Windows nu draait. - Bedankt Abraham. Ik was het weekend weg maar gisterenavond vond ik met de Kaspersky 30 dagen proefversie scanner toch nog besmettingen (zie log). Ik vind het vreemd dat Avast 5 deze niet kon vinden. Daarna vond de Windows Live OneCare scanner nog besmettingen die deze niet kon verwijderen (eveneens in C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\. )
Firefox vervangen door Google Chrome. Geen last meer van omleidingen naar verkeerde sites.
Gezien de nog aanwezige besmettingen vraag ik me af of grover geschut niet noodzakelijk is. Combofix o.i.d.? Dat doe ik slechts wanneer jij dat ziet zitten.
Alvast bedankt voor je antwoord.
Verwijderd (10)
30-8-2010 7:01:36 Verwijderd Trojaans programma Trojan-Downloader.JS.Agent.fns C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/mosdef.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Trojan-Downloader.JS.Agent.fns C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/mosdef.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/SiteError.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8/dostuff.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/SiteError.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99/dostuff.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.CVE-2009-3867.e C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e24ba25-11a82d5f/seopack.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cw C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/crime4u.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cv C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/NOD32.class Hoog
30-8-2010 7:01:36 Verwijderd Trojaans programma Exploit.Java.Agent.cu C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c/KAK/NED/sexxxy.class Hoog
Gedesinfecteerd (4)
30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\e8267fc-6016b6a8 Hoog
30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2010-0094.a C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\26b522f-6e5a6f99 Hoog
30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.CVE-2009-3867.e C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e24ba25-11a82d5f Hoog
30-8-2010 7:01:36 Gedesinfecteerd Trojaans programma Exploit.Java.Agent.cv C:\Documents and Settings\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\32f3ff9e-54ced52c Hoog
Geïnfecteerd (4)
29-8-2010 20:13:17 Geïnfecteerd malware HackTool.Win32.PassDic.be D:\Program Files\iWisoft Flash SWF to Video Converter\swf2avi.exe Gemiddeld
29-8-2010 23:29:40 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query D:\PROGRAM FILES\HYVES DESKTOP\BIN\HYVESDESKTOP.EXE Laag
29-8-2010 21:10:57 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query C:\PROGRAM FILES\WINDOWS LIVE SAFETY CENTER\WLSCUPLOADER.EXE Laag
29-8-2010 19:14:05 Geïnfecteerd legale software die door criminelen kan worden gebruikt om uw computer of uw persoonlijke gegevens te beschadigen PDM.DNS Query D:\PROGRAM FILES\TELETEKSTBROWSER\TELETEKST.EXE Laag - Ik wil nu eerst gaag een nieuw [b:d41070f2bb]HijackThis-log[/b:d41070f2bb] van jou.
Wat betreft Av's: Kaspersky is niet gratis en één van de topsuites!
Wil jij echt goed beveiligd zijn, dan neem je een te betalen internet security suite! - Hallo Abraham, hierbij de nieuwe Hijackthis log. Zijn deze 2 deze regels juist?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
Voor een goed beeld doe ik alsnog de log van Mbam er nog bij toen de besmetting zich vorige week voordeed. Ik heb Mbam net volledig laten scannen (2,5 uur) en vindt niets.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4475
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
25-8-2010 18:55:02
mbam-log-2010-08-25 (18-55-02).txt
Scantype: Snelle scan
Objecten gescand: 140697
Verstreken tijd: 8 minuut/minuten, 48 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 3
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 2
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 4
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
C:\Windows\System32\d3dx9_2732.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\Ben\AppData\Roaming\2A9D.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d3d10warp32.dll (Trojan.Tracur) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fce2be0-5e31-47c5-9c63-793ed7a35917} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\d3dx9_2732.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\d3dx9_2732.dll -> Delete on reboot.
Mappen geïnfecteerd:
C:\ProgramData\579076250 (Rogue.Multiple) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\Windows\System32\d3dx9_2732.dll (Trojan.Tracur) -> Delete on reboot.
C:\Users\Ben\AppData\Roaming\2A9D.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d3d10warp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\d3dx9_3332.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:15:05, on 30-8-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O20 - AppInit_DLLs: eNetHook.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updateservice (gupdate1c9c258abb2dba) (gupdate1c9c258abb2dba) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 6547 bytes - Die twee door jou aangehaalde regels zijn legitiem hoor!
Bij hosts is het 01Host t.b.v. IPV6.
Je log ziet er ook goed uit.
Heb je nog problemen?
Bijv. met FF - krijg je daar nog steeds omleidingen? - Hallo Abraham, bedankt voor je snelle reactie. Ik laat FF er even af. Ik kijk of Google Chrome als alternatief bevalt. Nog niet gevonden hoe je daarin je bezochte sites na afsluiten automatisch kan laten verwijderen, maar dat zoek ik wel op. Mocht jij dat zonder gezoek weten, dan houd ik me aanbevolen.
Ik vind mijn pc langzaam. Dacht als gevolg van de virussen e.d. maar mogelijk is geheugenruimtetekort het probleem, maar het valt ineens meer op.
Blij dat hij in ieder geval weer 'schoon' is.
Hartstikke bedankt!!!
Ben - Hoi Ben - het was niet niks dat MBAM heeft verwijderd.
[b:fc11472b4c]Laat Combofix jouw Windows scannen (klik)[/b:fc11472b4c].
[b:fc11472b4c]Hoe Combofix goed te gebruiken (klik)[/b:fc11472b4c]
[list:fc11472b4c][*:fc11472b4c][b:fc11472b4c] Om Combofix te kunnen gebruiken geldt het volgende:[/b:fc11472b4c]
[*:fc11472b4c][b:fc11472b4c]Vista- en Windows 7 gebruikers starten Combofix op met Administratorrechten![/b:fc11472b4c]
[*:fc11472b4c] - Abraham, hier is de Combofix log. Na de hernieuwde opstart deden geen van beiden browsers (IE en Google Chrome) het meer en moest ik opnieuw starten.
ComboFix 10-08-29.03 - Ben 30-08-2010 15:09:56.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.417 [GMT 2:00]
Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1256996263v4.kwd
c:\programdata\SysWoW32\mu1256996263v5.kwd
c:\programdata\SysWoW32\mu1256996263v6.kwd
c:\programdata\SysWoW32\mu1256996263v7.kwd
c:\programdata\SysWoW32\wu1256996263v0
c:\programdata\SysWoW32\wu1256996263v0.kwd
c:\programdata\SysWoW32\wu1256996263v1
c:\programdata\SysWoW32\wu1256996263v1.kwd
c:\programdata\SysWoW32\wu1256996263v2
c:\programdata\SysWoW32\wu1256996263v2.kwd
c:\programdata\SysWoW32\wu1256996263v3
c:\programdata\SysWoW32\wu1256996263v3.kwd
c:\programdata\unrar.exe
c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}
c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\chrome.manifest
c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\chrome\xulcache.jar
c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\defaults\preferences\xulcache.js
c:\users\Ben M\AppData\Roaming\Mozilla\Firefox\Profiles\sb2mxiyf.default\extensions\{150998bb-45ba-47b2-86ee-838db728a26d}\install.rdf
c:\users\Ben\AppData\Roaming\02000000a1a14868988C.manifest
c:\users\Ben\AppData\Roaming\02000000a1a14868988O.manifest
c:\users\Ben\AppData\Roaming\02000000a1a14868988P.manifest
c:\users\Ben\AppData\Roaming\02000000a1a14868988S.manifest
c:\windows\system32\%appdata%
D:\install.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 13:22 . 2010-08-30 13:28 ——– d—–w- c:\users\Ben\AppData\Local\temp
2010-08-30 13:22 . 2010-08-30 13:22 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-08-30 13:22 . 2010-08-30 13:22 ——– d—–w- c:\users\Ben M\AppData\Local\temp
2010-08-29 18:02 . 2010-08-29 18:02 ——– d—–w- c:\users\Ben\AppData\Local\Adobe
2010-08-29 13:27 . 2010-08-29 13:37 97549 —-a-w- c:\windows\system32\drivers\klick.dat
2010-08-29 13:27 . 2010-08-29 13:37 113933 —-a-w- c:\windows\system32\drivers\klin.dat
2010-08-29 13:23 . 2010-08-30 13:24 ——– d—–w- c:\programdata\Kaspersky Lab
2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
2009-03-25 21:24 . 2009-03-25 21:24 1707 —-a-w- c:\program files\Uninstall.lnk
2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS VERWIJDERD - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 15:27
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'Explorer.exe'(1280)
d:\program files\Malwarebytes' Anti-Malware\mbamext.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Voltooingstijd: 2010-08-30 15:40:43 - machine werd herstart
ComboFix-quarantined-files.txt 2010-08-30 13:40
ComboFix2.txt 2009-03-28 18:34
Pre-Run: 7.454.715.904 bytes beschikbaar
Post-Run: 7.271.821.312 bytes beschikbaar
- - End Of File - - 301AA8CF935FEF65542E0C505A503A5A - Gebruik in eerste instantie het Norton removaltool om de laatste resten van Norton uit jouw Windows te halen!
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/nl_docid/20050411155130924?OpenDocument&seg=hm&lg=nl&ct=nl
Daarna onderstaande doen:
open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in ht lege kladblokvenstervenster
[b:d16529aa38] - Hoi Abraham. Alle opdrachten uitgevoerd. Combofix had een update hetgeen ik toegestaan heb.
ComboFix 10-08-29.04 - Ben 30-08-2010 17:04:03.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.448 [GMT 2:00]
Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ben\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\program files\Uninstall.lnk"
"c:\windows\system32\drivers\klick.dat"
"c:\windows\system32\drivers\klin.dat"
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Uninstall.lnk
c:\windows\system32\drivers\klin.dat
c:\windows\system32\drivers\klick.dat . . . . konden niet verwijderd worden
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 15:18 . 2010-08-30 15:18 113933 —-a-w- c:\windows\system32\drivers\klin.dat
2010-08-30 15:15 . 2010-08-30 15:22 ——– d—–w- c:\users\Ben\AppData\Local\temp
2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Public\AppData\Local\temp
2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-08-30 15:15 . 2010-08-30 15:15 ——– d—–w- c:\users\Ben M\AppData\Local\temp
2010-08-29 18:02 . 2010-08-29 18:02 ——– d—–w- c:\users\Ben\AppData\Local\Adobe
2010-08-29 13:37 . 2010-08-29 13:37 125624 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-08-29 13:37 . 2010-08-29 13:37 109240 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-08-29 13:37 . 2010-08-29 13:37 129720 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-08-29 13:37 . 2010-08-29 13:37 113336 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-08-29 13:35 . 2010-08-29 13:35 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-29 13:27 . 2010-08-29 13:37 97549 —-a-w- c:\windows\system32\drivers\klick.dat
2010-08-29 13:23 . 2010-08-30 15:22 ——– d—–w- c:\programdata\Kaspersky Lab
2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
2010-08-26 10:57 . 2010-08-26 10:57 388096 —-a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
2010-08-18 20:56 . 2010-08-18 20:56 73000 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
2010-08-15 21:57 . 2010-08-15 21:57 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\igfxext.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2010-08-30 17:32:53 - machine werd herstart
ComboFix-quarantined-files.txt 2010-08-30 15:32
ComboFix2.txt 2010-08-30 13:40
ComboFix3.txt 2009-03-28 18:34
Pre-Run: 7.162.703.872 bytes beschikbaar
Post-Run: 7.141.523.456 bytes beschikbaar
- - End Of File - - EC032654FFC32D59F75A2E8311B1C07F - Schijnbaar was mijn script niet goed!
Open wederom een nieuw kladblok bestand, Start>Alle programma’s>Bureau-accessoires>Kladblok,
kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[b:cfc728dd18] - Daar is tie weer!
ComboFix 10-08-29.04 - Ben 30-08-2010 18:25:07.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1013.254 [GMT 2:00]
Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ben\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 16:39 . 2010-08-30 16:39 ——– d—–w- c:\users\Ben\AppData\Local\temp
2010-08-29 12:52 . 2010-08-29 12:52 ——– d—–w- c:\programdata\Kaspersky Lab Setup Files
2010-08-26 20:34 . 2010-08-26 20:34 ——– d—–w- c:\program files\Common Files\Java
2010-08-26 10:57 . 2010-08-26 10:57 ——– d—–w- c:\program files\Trend Micro
2010-08-25 23:23 . 2010-08-25 23:23 ——– d—–w- c:\users\Ben\AppData\Local\Sunbelt Software
2010-08-22 15:32 . 2010-08-22 15:32 ——– d—–w- c:\program files\Conduit
2010-08-21 06:19 . 2010-08-21 06:19 ——– d—–w- c:\program files\Common Files\DVDVideoSoft
2010-08-18 21:03 . 2010-08-18 21:03 ——– d—–w- c:\program files\iPod
2010-08-18 21:02 . 2010-08-18 21:04 ——– d—–w- c:\program files\iTunes
2010-08-18 18:32 . 2010-08-29 19:11 ——– d—–w- c:\program files\Windows Live Safety Center
2010-08-14 09:18 . 2010-06-21 13:37 2037760 —-a-w- c:\windows\system32\win32k.sys
2010-08-14 09:18 . 2010-06-18 17:31 36864 —-a-w- c:\windows\system32\rtutils.dll
2010-08-14 09:18 . 2010-06-08 17:35 3600768 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 09:18 . 2010-06-08 17:35 3548040 —-a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 09:18 . 2010-06-11 16:15 1248768 —-a-w- c:\windows\system32\msxml3.dll
2010-08-14 09:18 . 2010-06-18 15:04 302080 —-a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 09:18 . 2010-06-18 15:04 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 09:14 . 2010-06-16 16:04 905088 —-a-w- c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:39 . 2010-08-29 13:23 ——– d—–w- c:\programdata\Kaspersky Lab
2010-08-30 15:18 . 2010-08-30 15:18 113933 —-a-w- c:\windows\system32\drivers\klin.dat
2010-08-30 11:28 . 2006-11-02 16:11 667352 —-a-w- c:\windows\system32\perfh013.dat
2010-08-30 11:28 . 2006-11-02 16:11 126854 —-a-w- c:\windows\system32\perfc013.dat
2010-08-30 11:18 . 2008-10-27 12:22 1 —-a-w- c:\users\Ben\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 13:38 . 2010-06-28 17:47 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-29 13:37 . 2010-08-29 13:37 125624 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-08-29 13:37 . 2010-08-29 13:37 109240 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-08-29 13:37 . 2010-08-29 13:27 97549 —-a-w- c:\windows\system32\drivers\klick.dat
2010-08-29 13:37 . 2010-08-29 13:37 129720 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
2010-08-29 13:37 . 2010-08-29 13:37 113336 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
2010-08-29 13:37 . 2010-08-29 13:37 170680 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-08-29 13:35 . 2010-08-29 13:35 283984 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-29 13:26 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2010-08-29 12:55 . 2007-08-23 20:12 ——– d—–w- c:\programdata\Lavasoft
2010-08-26 20:34 . 2007-07-05 06:16 ——– d—–w- c:\program files\Java
2010-08-26 20:31 . 2009-10-19 19:34 ——– d—–w- c:\users\Ben\AppData\Roaming\HpUpdate
2010-08-26 13:51 . 2007-06-06 12:06 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-08-26 10:57 . 2010-08-26 10:57 388096 —-a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-26 08:25 . 2007-06-05 15:06 79336 —-a-w- c:\users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 11:11 . 2009-01-26 23:01 ——– d—–w- c:\users\Ben\AppData\Roaming\LimeWire
2010-08-24 07:34 . 2008-06-05 14:17 ——– d—–w- c:\users\Ben\AppData\Roaming\gtk-2.0
2010-08-18 21:03 . 2007-08-12 15:58 ——– d—–w- c:\program files\Common Files\Apple
2010-08-18 21:02 . 2007-07-07 21:20 ——– d—–w- c:\programdata\Apple Computer
2010-08-18 20:56 . 2010-08-18 20:56 73000 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-16 09:44 . 2007-07-07 21:24 ——– d—–w- c:\users\Ben\AppData\Roaming\Apple Computer
2010-08-15 21:57 . 2010-08-15 21:57 970504 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-14 08:52 . 2010-06-05 10:24 ——– d—–w- c:\users\Ben\AppData\Roaming\PhotoScape
2010-08-13 15:47 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-07-17 03:00 . 2010-04-17 16:27 423656 —-a-w- c:\windows\system32\deployJava1.dll
2010-07-12 07:59 . 2010-07-12 07:59 92816 —-a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.0.232\Dutch\setup.exe
2010-07-10 23:14 . 2007-12-11 19:01 ——– d—–w- c:\users\Ben\AppData\Roaming\DivX
2010-07-10 22:50 . 2010-07-10 22:50 57344 —-a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 22:32 . 2010-07-10 22:28 ——– d—–w- c:\programdata\DivX
2010-07-10 22:32 . 2009-05-18 22:01 ——– d—–w- c:\program files\Common Files\DivX Shared
2010-07-10 22:32 . 2007-09-04 11:18 ——– d—–w- c:\program files\DivX
2010-07-10 22:32 . 2010-07-10 22:32 56765 —-a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 22:32 . 2010-07-10 22:32 56997 —-a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-10 22:32 . 2010-07-10 22:32 53600 —-a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-10 22:32 . 2010-07-10 22:32 57715 —-a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 84054 —-a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 57054 —-a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 54166 —-a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 57532 —-a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 56458 —-a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 54174 —-a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 54153 —-a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 54128 —-a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-10 22:31 . 2010-07-10 22:31 54644 —-a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-10 22:30 . 2010-07-10 22:30 57409 —-a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-10 22:30 . 2010-07-10 22:30 54101 —-a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-10 22:30 . 2010-07-10 22:30 52963 —-a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-10 22:30 . 2010-07-10 22:30 54073 —-a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-10 22:30 . 2010-07-10 22:30 56969 —-a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-10 22:29 . 2010-07-10 22:32 1062184 —-a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-10 22:28 . 2010-07-10 22:32 895256 —-a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 16:47 . 2007-07-06 06:55 ——– d—–w- c:\users\Ben\AppData\Roaming\Thunderbird
2010-07-09 09:50 . 2010-07-09 09:50 1037648 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-07-06 08:08 . 2008-06-14 10:24 ——– d—–w- c:\programdata\Google Updater
2010-06-30 05:06 . 2010-06-30 05:06 271696 —-a-w- c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-26 06:05 . 2010-08-14 09:19 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-14 09:19 109056 —-a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-14 09:19 71680 —-a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-14 09:19 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2010-06-11 16:16 . 2010-08-14 09:19 274944 —-a-w- c:\windows\system32\schannel.dll
2009-03-19 18:56 . 2009-03-19 18:56 1001472 —-a-w- c:\program files\QuickTide.exe
2009-03-09 08:57 . 2009-03-09 08:57 53134 —-a-w- c:\program files\QuickTide.htm
2009-03-02 10:51 . 2009-03-02 10:51 1417 —-a-w- c:\program files\QuickTide.txt
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4 .lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk
backup=c:\windows\pss\OpenOffice.org 2.4 .lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12 111936 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 —-a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2b,9c,dc,a4,88,fa,c9,01
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 gupdate1c9c258abb2dba;Google Updateservice (gupdate1c9c258abb2dba);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 J;J;c:\users\Ben\AppData\Local\Temp\J.exe [x]
R4 LA;LA;c:\users\Ben\AppData\Local\Temp\LA.exe [x]
R4 OFXLBSW;OFXLBSW;c:\users\Ben\AppData\Local\Temp\OFXLBSW.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2255622846-3536518166-2921446557-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 07:01]
.
.
——- Bijkomende Scan ——-
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.startpagina.nl/
uInternet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 18:39
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-08-30 18:48:05
ComboFix-quarantined-files.txt 2010-08-30 16:48
ComboFix2.txt 2010-08-30 15:32
ComboFix3.txt 2010-08-30 13:40
ComboFix4.txt 2009-03-28 18:34
Pre-Run: 7.170.154.496 bytes beschikbaar
Post-Run: 7.077.965.824 bytes beschikbaar
- - End Of File - - B9CA864C7B76C9FE08D00F67445902D6 - Abraham, ik zie nu pas dat ik defender niet goed had uitgeschakeld. Kan dat de boel vertragen?
- Hallo Abraham,
Combifix verwijderd. Wel abusievelijk in de zoekopdracht gezet, maar dat werkte ook.
Windows draait weer lekker. In Taakbeheer ook nog geen geheugen verslindende activiteit gezien van meer dan 300,000 kB voor een svchost.exe, zoals gisteren het geval was. Nu maximum rond 42,000 kB voor een svchost.exe.
Wat ik wel gek vind is dat Avast 5 vorige week tot 3 keer toe een melding gaf dat een ongewenste url was geblokkeerd voordat het schade had kunnen aanrichten. Die schade is er dus wel degelijk gekomen. Is daar ets meer over bekend? Ik had k een programma binnengehaald om mp3 van de youtube muziekfilmpjes te maken. Vervolgens startte
quicktime, maar die wilde niet starten zonder iets binnen te halen. Daarbij gaf Avast die melding. Ik hoop dat je hieraan wat hebt. De juiste benamingen ben ik kwijt.
In ieder geval bedankt voor alles steun Abraham. Jullie doen hiermee heel goed werk.
Groet
Ben - Bij mijn weten zijn er bepaalde tools voor YouTube wel degelijk met spyware uitgevoerd!
En nu wil je natuurlijk graag weten welke dan - helaas, dat weet ik niet!
Ik weet alleen dat ik een poosje terug een YouTube downloader installeerde en Norton meldde zich meteen!
Kopieer de urls de volgende naar kladblok en post ze!
Geef in google WebOfTrust in en installeer die toolbar!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
