Vraag & Antwoord
foutmelding bij opstarten
16 antwoorden
- sinds een aantal dagen krijg ik bij het opstarten van de pc een foutmelding:
C:\Users\Adrie\Locals~1\Temp\dfa4fffc0003205b.exe……
echter ik kan dit nergens vinden, virus progamma kan het niet vinden en malware-progamma ook niet.
wat nu te doen??
wie kan mij helpen?
groet sandhawk - Waarschijnlijk een overblijfsel van een verwijderd virus. Wellicht slim om toch maar eens een hijackthis log te plaatsen.
- Hallo sandhawk, dat is een malware teken inderdaad.
En omdat je het niet vinden kan, wordt het weer door wat anders beschermd!
[b:73efd704ec]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:73efd704ec] - Vermoedelijk is het (bij voorbeeld) al voldoende om eens even te kijken of deze .exe nog vermeld staat in [u:ee25b36884]msconfig[/u:ee25b36884].
Ofwel in Win7: Conf. scherm>Systeembeheer>Systeemconfiguratie>Opstarten. - hierbij het Hijackthis verslag en mbam-log:
naar mijn idee staat de foutmelding onder F3
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:40:45, on 18-11-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ad.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nl.woofi.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/anyvideo2dvd/{CFD09F71-B0A9-4BC3-9CC6-03BDFD7E0FBB}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - (no file)
F3 - REG:win.ini: load=C:\Users\adrie\LOCALS~1\Temp\dfa4fffc0003205b.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
O4 - HKLM\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
–
End of file - 9559 bytes
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Databaseversie: 8189
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
18-11-2011 21:00:08
mbam-log-2011-11-18 (21-00-08).txt
Scantype: Volledige scan (C:\|)
Objecten gescand: 359536
Verstreken tijd: 1 uur/uren, 47 minuut/minuten, 34 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd) - Hallo sandhawk, ik heb de volgende opdrachten voor jou:
- TDSS heeft niets gevonden.
combofix heeft het volgende:
ComboFix 11-11-19.03 - adrie 19-11-2011 16:47:07.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1689 [GMT 1:00]
Gestart vanuit: c:\users\adrie\Downloads\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\adrie\AppData\Roaming\EurekaLog
c:\users\adrie\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\adrie\AppData\Roaming\inst.exe
c:\users\adrie\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))
.
.
2011-11-19 16:01 . 2011-11-19 16:02 ——– d—–w- c:\users\adrie\AppData\Local\temp
2011-11-19 16:01 . 2011-11-19 16:01 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-19 16:01 . 2011-11-19 16:01 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-11-19 11:28 . 2011-11-19 11:28 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA092AAD-0FAB-416D-AE83-5C25623D91D2}\offreg.dll
2011-11-18 19:13 . 2011-10-18 00:28 6668624 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA092AAD-0FAB-416D-AE83-5C25623D91D2}\mpengine.dll
2011-11-18 18:10 . 2011-11-18 18:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2011-11-18 18:10 . 2011-08-31 16:00 22216 —-a-w- c:\windows\system32\drivers\mbam.sys
2011-11-18 16:32 . 2011-11-18 16:32 388096 —-a-r- c:\users\adrie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-18 16:32 . 2011-11-18 16:32 ——– d—–w- c:\program files\Trend Micro
2011-11-16 12:06 . 2011-11-16 12:19 ——– d—–w- c:\program files\Wise Registry Cleaner
2011-11-15 15:38 . 2011-11-15 15:38 ——– d—–w- c:\users\adrie\AppData\Local\Panda Security
2011-11-15 15:36 . 2010-06-22 17:13 26696 —-a-w- c:\windows\system32\drivers\pavboot.sys
2011-11-15 15:36 . 2007-03-15 18:38 54832 —-a-w- c:\windows\system32\pavcpl.cpl
2011-11-15 15:36 . 2003-10-22 17:23 446464 —-a-w- c:\windows\system32\HHActiveX.dll
2011-11-15 15:36 . 2010-06-21 16:02 193344 —-a-w- c:\windows\system32\TpUtil.dll
2011-11-15 06:44 . 2011-11-15 15:16 ——– d—–w- c:\users\adrie\AppData\Roaming\Ickyco
2011-11-15 06:44 . 2011-11-15 15:01 ——– d—–w- c:\users\adrie\AppData\Roaming\Qoecikb
2011-11-12 18:51 . 2011-11-12 19:21 ——– d—–w- c:\program files\Battlefield
2011-11-12 18:47 . 2011-11-12 18:47 ——– d—–w- c:\program files\Nieuwe map
2011-11-10 18:35 . 2011-11-13 15:03 ——– d—–w- C:\Call of Duty- Modern Warfare 3
2011-11-08 22:08 . 2011-10-17 11:41 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-08 22:08 . 2011-09-20 21:02 913280 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 22:08 . 2011-09-20 13:44 31232 —-a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-08 22:08 . 2011-09-30 15:57 707584 —-a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 16:31 . 2011-10-15 08:53 61248 —-a-w- c:\windows\system32\OpenCL.dll
2011-11-08 16:31 . 2011-10-15 08:53 919872 —-a-w- c:\windows\system32\nvdispco32.dll
2011-11-08 16:31 . 2011-10-15 08:53 877376 —-a-w- c:\windows\system32\nvgenco32.dll
2011-11-08 16:31 . 2011-10-15 08:53 5578560 —-a-w- c:\windows\system32\nvcuda.dll
2011-11-08 16:31 . 2011-10-15 08:53 2401088 —-a-w- c:\windows\system32\nvcuvid.dll
2011-11-08 16:31 . 2011-10-15 08:53 2099520 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-11-08 16:31 . 2011-10-15 08:53 18871616 —-a-w- c:\windows\system32\nvoglv32.dll
2011-11-08 16:31 . 2011-10-15 08:53 17248576 —-a-w- c:\windows\system32\nvcompiler.dll
2011-11-08 16:31 . 2011-10-15 08:53 10327360 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-08 15:22 . 2011-11-08 15:22 ——– d–h–w- c:\program files\Common Files\EAInstaller
2011-11-06 12:16 . 2011-11-06 12:16 25512 —-a-w- c:\windows\system32\drivers\ggsemc.sys
2011-11-06 12:16 . 2011-11-06 12:16 13224 —-a-w- c:\windows\system32\drivers\ggflt.sys
2011-11-06 12:16 . 2011-11-06 12:16 1112288 —-a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-11-06 12:15 . 2011-11-06 12:15 ——– d—–w- c:\program files\Sony Ericsson
2011-11-04 19:00 . 2011-11-04 19:02 ——– d—–w- c:\users\adrie\AppData\Local\Nero
2011-11-04 18:19 . 2011-11-04 18:19 ——– d—–w- c:\users\adrie\AppData\Roaming\Nero
2011-11-04 17:39 . 2011-11-04 17:46 ——– d—–w- c:\programdata\Nero
2011-11-04 17:39 . 2011-11-04 17:39 ——– d—–w- c:\program files\Common Files\Nero
2011-11-04 16:08 . 2011-11-04 16:08 ——– d—–w- c:\programdata\vsosdk
2011-11-04 14:55 . 2009-09-02 12:44 65602 —-a-w- c:\windows\system32\cook3260.dll
2011-11-04 14:55 . 2009-09-02 12:44 626688 —-a-w- c:\windows\system32\vp7vfw.dll
2011-11-04 14:55 . 2009-09-02 12:44 217127 —-a-w- c:\windows\system32\drv43260.dll
2011-11-04 14:55 . 2009-09-02 12:44 208935 —-a-w- c:\windows\system32\drv33260.dll
2011-11-04 14:55 . 2009-09-02 12:44 176165 —-a-w- c:\windows\system32\drv23260.dll
2011-11-04 14:55 . 2009-09-02 12:44 1184984 —-a-w- c:\windows\system32\wvc1dmod.dll
2011-11-04 14:55 . 2009-09-02 12:44 102439 —-a-w- c:\windows\system32\sipr3260.dll
2011-11-04 14:55 . 2011-11-04 14:55 ——– d—–w- c:\program files\VSO
2011-11-04 07:58 . 2011-11-04 07:58 ——– d—–w- c:\users\adrie\AppData\Roaming\VS Revo Group
2011-11-04 07:12 . 2011-11-04 07:18 ——– d—–w- c:\program files\P2000 Kaart 2.0.0
2011-11-02 12:19 . 2011-11-02 12:19 ——– d—–w- c:\program files\City Interactive
2011-11-01 02:05 . 2011-11-01 02:05 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-26 11:08 . 2009-02-24 16:42 116736 —-a-w- c:\windows\system32\drivers\mcdbus.sys
2011-10-26 11:08 . 2011-10-26 11:10 ——– d—–w- c:\program files\MagicDisc
2011-10-23 08:33 . 2011-10-23 08:33 ——– d—–w- c:\program files\Microsoft WSE
2011-10-23 08:15 . 2011-10-23 08:15 232512 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-23 08:15 . 2011-10-23 08:15 ——– d—–w- c:\program files\DAEMON Tools Lite
2011-10-23 08:07 . 2011-10-23 08:10 ——– d—–w- c:\users\adrie\AppData\Roaming\DAEMON Tools Pro
2011-10-23 08:07 . 2011-10-23 08:07 ——– d—–w- c:\programdata\DAEMON Tools Pro
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 05:53 . 2011-06-24 21:12 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-08-02 07:27 602432 —-a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-15 08:53 . 2011-05-02 22:43 7041856 —-a-w- c:\windows\system32\nvwgf2um.dll
2011-10-15 08:53 . 2011-02-23 06:27 13205312 —-a-w- c:\windows\system32\nvd3dum.dll
2011-10-15 08:53 . 2010-07-09 14:37 6350144 —-a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-07-09 14:37 3840320 —-a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-07-09 14:37 203072 —-a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-07-09 14:37 1136448 —-a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2010-04-03 16:27 3074368 —-a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2009-06-26 14:32 123712 —-a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2007-12-27 22:16 2458432 —-a-w- c:\windows\system32\nvapi.dll
2011-10-14 23:54 . 2011-10-14 23:54 321856 —-a-w- c:\windows\system32\nvStreaming.exe
2011-10-03 04:06 . 2010-05-04 09:15 472808 —-a-w- c:\windows\system32\deployJava1.dll
2011-09-23 21:52 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-06 13:30 . 2011-10-12 05:12 2043392 —-a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 09:29 1798144 —-a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 09:29 1126912 —-a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 09:29 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-08-25 16:15 . 2011-10-12 05:12 555520 —-a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 05:12 563712 —-a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-12 05:12 238080 —-a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-12 05:12 4096 —-a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2011-09-02 4768848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2011-09-02 4768848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55 55552 —-a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 —-a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 —-a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-04-28 23:24 934800 —-a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-04-28 23:24 19856 —-a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-04-28 23:24 3373968 —-a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 16:00 1047208 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 —-a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-25 8192]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 EraserUtilDrv10733;EraserUtilDrv10733;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-11-06 13224]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-05-08 47360]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 232512]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-06-28 101720]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - 30090442
*Deregistered* - 30090442
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 15:14]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 15:14]
.
.
——- Bijkomende Scan ——-
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.ad.nl/
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{CFD09F71-B0A9-4BC3-9CC6-03BDFD7E0FBB}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-19 17:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
.
c:\users\adrie\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-1146195505-2108647171-991311496-1000\Software\SecuROM\License information*]
"datasecu"=hex:54,51,59,e1,3d,df,d0,18,31,ac,3d,88,11,4a,93,a1,c2,f4,ce,b9,33,
57,34,16,23,58,7b,da,3c,96,40,ff,60,0c,d7,3a,0f,38,97,d7,ea,86,5f,3d,20,59,\
"rkeysecu"=hex:a3,c0,4e,25,88,59,e3,82,61,40,22,2c,6d,3e,fb,65
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-11-19 17:16:25
ComboFix-quarantined-files.txt 2011-11-19 16:16
.
Pre-Run: 371.920.965.632 bytes beschikbaar
Post-Run: 372.096.425.984 bytes beschikbaar
.
- - End Of File - - E3DCC623B1E0184997BB24FD70D5D4EA - Het log ziet er inmiddels goed uit.
Heb je nog last van die opstarter en hoe draait Windows nu? - "opstarter" is verwijderd en zie deze dus niet meer verschijnen.
bedankt voor alle hulp.
windows start weer normaal op.
mvrgr,
sandhawk :wink: :wink: - Fijn, dan gaan we opruimen.
- Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
[b:902c06ae00]``````````````````````````````
[u:902c06ae00]Antivirus/Firewall Check:[/u:902c06ae00][/b:902c06ae00]
- Er zijn broodnodig verbeteringen noodzakelijk!
Ik neem overigens aan, dat Flashplayer ook onderdeel is in jouw Windows.
Er zijn twee onderdelen in Windows, die altijd de nieuwste versie dienen te zijn en dat zijn Java runtime en Adobe Flash Player.
Waarom: in die nieuwste versies zijn altijd de ontdekte veiligheidsrisico's uitverbeterd en ook dat vaak het tool zelf beter funktioneert!
Ga nu eerst naar Configuratiescherm
[list:f02da1f131][*:f02da1f131][b:f02da1f131]Software[/b:f02da1f131] - Windows 2000/Windows XP
[*:f02da1f131][b:f02da1f131]Programma's en onderdelen[/b:f02da1f131] - Windows Vista en Windows 7[/list:u:f02da1f131]
en verwijder daar volgende onderdelen:
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
en indien aanwezig ook:
Adobe Flash Player
Herstart je PC opnieuw!
Vervolgens ga jij eerst met Internet Explorer naar http://get.adobe.com/nl/flashplayer/ om de nieuwste Flasplayer 11.1.102.55 te laten installeren;
(wil je de [b:f02da1f131]Gratis Google Toolbar of McAfee Security Scan(optioneel) [/b:f02da1f131] niet erbij hebben, haal dan eerst het vinkje weg bij die melding!).
Op deze wijze wordt de Flashplayer niet alleen voor IE maar ook voor Windows geïnstalleerd!
[b:f02da1f131]Java[/b:f02da1f131]
Download ook [b:f02da1f131]Java 7 Update 2 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline[/b:f02da1f131] eerst naar je bureaublad.
Daarna mag jij de nieuwste Java-versie ook installeren.
[b:f02da1f131]Adobe Reader[/b:f02da1f131]
Adobe Reader Versie X(10.1) is uit - deze is veiliger dan de voorgaande Readers, doordat deze versie in een virtuele omgeving opstart!
Dus: verwijder eerst de oude Reader en dan ga naar http://get.adobe.com/nl/reader/ om de nieuwste versie te verkrijgen!
Vink wel eerst de meeliftende software van Google of McAfee uit, indien je die niet erbij wil hebben!
Adobe Reader updaten:
dat doe je door in de menubalk van Adobe Reader op de knop [b:f02da1f131]Help[/b:f02da1f131] te klikken
en vervolgens in het uitklapmenu op [b:f02da1f131]Controleren op updates…[/b:f02da1f131] te klikken.
De updater zal dan aktief worden, let op meldingen.
Is er een update beschikbaar, geef akkoord en wacht verdere meldingen in de systray af.
N.B. - zorg er wel voor dat Adobe Reader afgesloten is indien de update wordt geïnstalleerd. - ben klaar met de laatste updates, denk dat het systeem weer up to date is nu…..
ben ik nu klaar of volgen er nog meer instructies?
groet,sandhawk - Hoi Sandhawk, ik heb een laatste tip voor je:
ga een paar keer per jaar naar [b:d97f5c9cc0]Secunia PSI (klik)[/b:d97f5c9cc0] om te controleren of ook alles binnen Windows uptodate is.
Want alleen dan is Windows op zijn veiligst!
Klik op de Secunia site eerst op de knop [b:d97f5c9cc0]Start Scanner[/b:d97f5c9cc0] en zet vervolgens op de nieuwe pagina eerst een vinkje bij [b:d97f5c9cc0]Enable thorough system inspection[/b:d97f5c9cc0] aleer op [b:d97f5c9cc0]Start[/b:d97f5c9cc0] te klikken!
Gebruik je geen Java, dan zal de site niet werken.
Dan kan je de [b:d97f5c9cc0]Secunia Personal Software Inspector (PSI)[/b:d97f5c9cc0] downloaden en installeren.
N.B.: na installatie start dit tool automatisch met Windows, maar dat is echt niet nodig en kan uitgescakeld worden!
http://secunia.com/vulnerability_scanning/personal/ - alles is weer up to date….. :lol:
nu ben ik wel klaar, denk ik
gr,
sandhawk - Ja hoor, we zijn klaar.
Weer veel plezier met jouw PC.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
