Vraag & Antwoord
Hijack log, gaarne iemand naar kijken
12 antwoorden
- Heb hier nog een wat oudere pc.
Die plots wel erg traag is op het internet.
Je praat dan over een 2e internetvenster openen en de cpu draait plots 100% en alles hangt dan vast, muiswijzer kan je wel bewegen.
Toch moet een p4 3.4Ghz, 2GB en HD3850 toch nog soepel door het internet gaan.
Heb ook nog 80GB over op de 320GB HD.
Omdat ik nouwelijks nog games speel voldoet ie nog al zou het niet onverkeerd zijn om hem eens een nieuwe win instal te geven.
Toch hoop ik dat er dusdanig wat verwijderd kan worden dat hij weer vlot is.
Gisteren wel een trojan verwijderd door: Ad-Aware. Na een systeem scan.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:42, on 21-12-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fighters\SPAMfighter\sfagent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fighters\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fighters\FighterSuiteService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
–
End of file - 11599 bytes
Mvg,
Ralph - Hallo, ik kan geen antivirussoftware in deze Windows vinden!
Maar eerst het volgende: - Vind het raar dat je geen antivirus ziet staan weet ook niet of je hem moet zien?
Aangezien ik de gratis versie van avast geinstalleerd heb.
Orgineel van de site.
Toevallig paar dagen terug gedaan ivm eerdere problemen voor de zekerheid en antiirus er opnieuw opgezet.
Ik had avast home 4 volgens mij maar die is niet meer gratis.
Avast Free antivirus.
Ik zie rechtsonder in mijn beeld een scheeldje staan als tekst geeft hij aan : Ad-Aware
Klik ik erop dan krijg je dit:
http://img828.imageshack.us/img828/7949/naamloosmq.png
Achtergrond is de website van avast.
Alles werkt verder?
EDIT:
Is het trouwens niet deze?:
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
Naam is gewoon anders denk? - Lavasoft AdAware mage je van mij volledig verwijderen.
Dat is al jaren een tool dat je liever niet gebruikt.
En jouw Windows zal ook blij zijn!
Je mag met het volgende verder gaan: - Ad-Aware is dus geen virusscanner.
Je zegt dat je Avast geinstalleerd hebt, weet je dat zeker?
Die zou namelijk ook een icoontje moeten laten zien, en dus niet het Ad-aware icoontje waar je het nu over hebt. - Hoi r.marijnissen, wil het lukken?
- @Abraham54, je zei als reactie op het Hijack log van de TS, dat je geen antivirussoftware in deze Windows kon vinden. Maar ik zie in het Hijack log deze regel
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Ik vind dat je daar op zijn minst, iets over had kunnen zeggen. - O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Dat is dan ook het enigste wat er van Avast in dat hele log te vinden is.
Vermoedelijk een achtergebleven opstartgegeven.
En ik zit ondertussen al een poosje op de resultaten van mijn laatste opdracht te wachten.
Want ComboFix zal zonder meer aangeven welke AV nu draait.
Mogelijk namelijk dat er eerder een ander AV in Windows heeft gezeten en ook niet goed verwijderd is geworden. - Van die virus scanner blijf ik wat vaag vinden.
Gewoon naar de site gegaan van avast.
Free antivirus geselecteerd. Want de site wil je wat sturen naar een betaalde variant.
En dat geinstalleerd.
Kan er mee op virussen scannen etc.
Ook al is ie anders dan eerdere avast scanner maar dacht dat het kwam ivm niet meer gratis avast home…
In elk geval nu verwijderd, zal straks jouw link naar die virusscanner van avast installeren.
Net TDSSkiller gedaan zoals gezegt.
Kan geen report in een klad kopieren omdat hij een lijst gaf met gevonden mallware etc.
Ik heb de high risk varianten met het progje verwijderd, reboot gedaan Prog nog een keer gedraaid er er blijven alleen 4 medium risks gevallen over
Zie:
http://img202.imageshack.us/img202/9900/tdss.png
Ik ga zoverder met de combofix daarna installeer ik jouw link naar virusscanner. - ComboFix 11-12-23.01 - Ralph Marijnissen 23-12-2011 20:15:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1371 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Ralph Marijnissen\Bureaublad\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\config.bin
c:\config.bin\755ED1002E9D4AE
c:\documents and settings\Ralph Marijnissen\Application Data\inst.exe
c:\documents and settings\Ralph Marijnissen\Application Data\Toolbar4
c:\documents and settings\Ralph Marijnissen\Application Data\vso_ts_preview.xml
c:\documents and settings\Ralph Marijnissen\WINDOWS
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\win.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-23 to 2011-12-23 ))))))))))))))))))))))))))))))
.
.
2011-12-21 17:09 . 2011-12-21 17:09 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-20 14:29 . 2011-12-23 18:45 ——– d—–w- c:\documents and settings\Ralph Marijnissen\Application Data\Lavasoft
2011-12-17 11:20 . 2011-12-17 11:20 ——– d—–w- c:\documents and settings\LocalService\Bureaublad
2011-12-14 20:45 . 2011-12-14 20:45 ——– d—–w- C:\Nieuwe map
2011-12-14 19:55 . 2011-11-28 18:01 199816 ——w- c:\windows\system32\aswBoot.exe
2011-12-14 19:54 . 2011-12-14 19:55 ——– d—–w- c:\program files\AVAST Software
2011-12-13 20:23 . 2011-12-13 20:30 ——– d—–w- c:\documents and settings\All Users\Application Data\ReaConverter
2011-12-13 20:22 . 2011-12-13 20:22 ——– d—–w- c:\documents and settings\Ralph Marijnissen\Application Data\RCP 6
2011-12-13 20:22 . 2011-12-13 20:22 ——– d—–w- c:\program files\ReaConverter 6.5 Standard
2011-12-13 20:20 . 2004-04-19 17:53 1706800 —-a-w- c:\windows\system32\gdiplus.dll
2011-12-13 20:20 . 2009-10-07 19:39 180224 —-a-w- c:\windows\system32\cnvshell.dll
2011-12-13 20:20 . 2011-12-13 20:20 ——– d—–w- c:\program files\ImageConverter Plus
2011-12-12 19:56 . 2011-12-12 19:56 ——– d—–w- c:\windows\system32\wbem\Repository
2011-12-12 17:59 . 2011-12-12 19:48 ——– d—–w- C:\661fb662321257f75f07dd9ff13f4a
2011-11-29 20:19 . 2011-11-29 21:27 ——– d—–w- c:\documents and settings\Ralph Marijnissen\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-11-29 20:14 . 2011-11-29 20:14 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2011-11-29 20:13 . 2011-11-29 20:13 ——– d—–w- c:\documents and settings\Ralph Marijnissen\Application Data\CD-LabelPrint
2011-11-29 20:13 . 2011-11-29 20:13 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX
2011-11-29 18:41 . 2011-11-29 18:41 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX
2011-11-29 18:41 . 2011-11-29 18:41 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonEPP
2011-11-29 18:41 . 2011-11-29 18:41 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2011-11-29 18:40 . 2011-12-05 18:37 ——– d—–w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2011-11-29 17:43 . 2010-03-18 18:25 307200 —-a-w- c:\windows\system32\CNC6100L.dll
2011-11-29 17:43 . 2010-03-18 16:12 1335296 —-a-w- c:\windows\system32\CNC6100C.dll
2011-11-29 17:43 . 2010-03-18 16:12 114688 —-a-w- c:\windows\system32\CNC6100I.dll
2011-11-29 17:43 . 2010-03-18 16:11 106496 —-a-w- c:\windows\system32\CNC6100U.dll
2011-11-29 17:43 . 2008-08-25 17:02 15872 —-a-w- c:\windows\system32\CNHMCA.dll
2011-11-29 17:43 . 2011-11-29 17:43 ——– d—–w- c:\documents and settings\All Users\Application Data\CanonIJMSetup
2011-11-29 17:43 . 2011-11-29 17:43 ——– d—–w- c:\documents and settings\Ralph Marijnissen\Application Data\Canon Easy-WebPrint EX
2011-11-29 17:17 . 2011-11-29 17:17 ——– d—–w- c:\documents and settings\All Users\Application Data\CanonIJWSpt
2011-11-29 17:12 . 2011-11-29 17:12 ——– d–h–w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-11-29 17:12 . 2010-08-25 04:00 73216 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAG.DLL
2011-11-29 17:12 . 2010-08-25 04:00 27648 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAG.DLL
2011-11-29 17:12 . 2010-08-25 04:00 290816 —-a-w- c:\windows\system32\CNMLMAG.DLL
2011-11-29 17:12 . 2011-11-29 17:12 ——– d–h–w- c:\windows\system32\CanonIJ Uninstaller Information
2011-11-29 17:11 . 2010-06-03 06:12 94208 —-a-w- c:\windows\system32\CNC6100O.dll
2011-11-29 17:11 . 2010-03-10 23:56 180224 —-a-w- c:\windows\system32\CNMIUAG.DLL
2011-11-29 17:11 . 2011-11-29 17:11 ——– d–h–w- c:\program files\CanonBJ
2011-11-29 17:11 . 2011-11-29 17:11 ——– d—–w- c:\windows\system32\STRING
2011-11-29 17:11 . 2010-02-05 01:37 34816 —-a-w- c:\windows\system32\CNMNPUI.DLL
2011-11-29 17:11 . 2010-02-05 01:37 340992 —-a-w- c:\windows\system32\CNMNPPM.DLL
2011-11-27 21:41 . 2011-11-27 21:41 ——– d—–w- c:\program files\ALCATech
2011-11-27 17:36 . 2011-11-27 17:36 ——– d—–w- C:\7876d12233b1ef31a3
2011-11-27 00:01 . 2011-11-27 00:01 ——– d—–w- C:\37dc0ebf0b1c03abf54a27f095a58661
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2011-02-22 12:11 1859712 —-a-w- c:\windows\system32\win32k.sys
2011-11-13 16:51 . 2011-11-13 16:51 29184 —-a-r- c:\documents and settings\Ralph Marijnissen\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-11-04 19:13 . 2011-02-22 12:11 916992 —-a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2011-02-22 12:12 1469440 ——w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2011-02-22 12:12 43520 ——w- c:\windows\system32\licmgr10.dll
2011-11-04 11:25 . 2004-08-04 07:55 385024 ——w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2011-02-22 12:12 1288192 —-a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2011-02-22 12:11 33280 —-a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2011-02-22 12:11 2153472 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2011-02-22 12:11 2031616 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2011-02-22 12:16 186880 —-a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-02-22 12:12 692736 —-a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2011-02-22 12:13 602624 —-a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 18:59 614912 —-a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2003-04-08 19:00 23040 —-a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2003-04-08 19:00 220160 —-a-w- c:\windows\system32\oleacc.dll
2011-11-10 17:25 . 2011-05-10 18:26 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2010-11-12 821384]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3 uprising\\RA3EP1.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3 uprising\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\command and conquer red alert 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\PhoenixRC\\phoenixRC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [25-3-2010 14:39 490280]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 2:18 360224]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [12-11-2010 10:31 214664]
R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [12-11-2010 10:31 1145992]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [22-2-2011 21:15 47360]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys –> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S3 6igje_kwq.sys;6igje_kwq.sys;\??\c:\windows\system32\drivers\6igje_kwq.sys –> c:\windows\system32\drivers\6igje_kwq.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12-6-2011 10:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 21:37 4640000]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [27-1-2011 19:18 47176]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [27-1-2011 19:18 58496]
S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-14 c:\windows\Tasks\Ralph Marijnissen.job
- c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-03-26 09:52]
.
2011-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-02-22 21:18]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\documents and settings\Ralph Marijnissen\Application Data\Mozilla\Firefox\Profiles\9l723z1p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.modelbouwforum.nl/forums/cmps_index.php
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_USERS\S-1-5-21-2025429265-963894560-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:33,5e,af,bc,d6,02,2d,0e,04,37,8a,21,0a,59,b7,37,e8,83,a1,23,b9,
30,0a,e3,7a,b3,45,ea,c8,76,78,1c,69,b0,c4,97,a2,e5,5c,ac,04,41,66,8f,69,fa,\
"rkeysecu"=hex:4e,b6,b5,84,5f,ea,27,44,23,d3,07,12,b0,85,29,41
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2848)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2011-12-23 20:25:37 - machine werd herstart
ComboFix-quarantined-files.txt 2011-12-23 19:25
.
Pre-Run: 84.388.163.584 bytes beschikbaar
Post-Run: 105.186.631.680 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 155C47C19867E1EF6C9795A7F126218C - Ik heb avast er nu weer opstaan zoals hij was.
Avast 6.
De link in je email gaat naar download link ad-aware.
De link via de site gaat naar avast 6.
Apart. - Ik wil graag het TDSSKiller log volledig zien.
Had je mijn handleiding daarvoor goed gelezen, dan hed je dit als laatste gelezen:
[b:d93dc0b281]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:d93dc0b281]
Bovendien: ComboFix geeft ook aan dat Avast niet aktief is.
Het is mij ook niet duidelijk wat jij nu bedoeld met wat je zoal over Avast hebt geschreven.
Het komt over alsof jij de eerste bent die niet begrijpt hoe Avast Free te downloaden.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden