Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
fazantje
Het grootste deel van de rotzooi is weg;)
Er zit nog 1 file erin die er nog uit moet, maar eerst die andere zien terug te krijgen.
Groetjes Huib:)
Hoi Roosje,
Als je kunt, het Divx opnieuw installeren.
Anders systeemherstel uitvoeren.
Als je systeemherstel doet, na opnieuw opgestart, dan combofix weer opnieuw downloaden uitvoeren zoals de 1e keer, zie link hieronder:
http://antivirus.startpagina.nl/prikbord/12152610/12173266/re-graag-advies#msg-12173266
Als dit is gebeurd, dan nogmaals de volgende link weer uitvoeren. Ik heb nu het verkeerde bestand veranderd in het goede bestand:
http://antivirus.startpagina.nl/prikbord/read.php?190,12152610,12179633#msg-12179633
Succes,
Huib:)
Hoi Huib,
Ik wilde systeemherstel doen op de deerste dag van combofix, mara dat lukte niet, ik kon alleen maar terug naar 25 mei, de 2e keer dat ik de computer scande met combofix, maar ook die bestanden heb verwijderd.
Nu combofix gedaan, wat er gebeurt is weet ik niet, maar heb nu geen internet, ik krijg de melding:
C:\Program Files\Windows Live\Mail\wlmail.exe
Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleiutel die is gemarkeerd voor verwijdering.
Wat moet ik nu doen, waar is het fout gegaan?
Groetjes Roosje
Hallo Huib,
Na een paar keer opstarten, geen melding meer gehad.
Hier komen de logjes.
Groetjes Roosje
ComboFix 10-05-26.01 - Adrie 26-05-2010 19:36:21.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2301.1096
Gestart vanuit: c:\users\Adrie\Documents\Download\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Adrie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
FILE ::
“c:\windows\System32\1DECE3A496.sys”
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\1DECE3A496.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-04-26 to 2010-05-26 ))))))))))))))))))))))))))))))
.
2010-05-22 10:35 . 2010-05-22 10:35 ——– d—–w- c:\windows\Sun
2010-05-21 11:53 . 2010-05-21 11:53 388096 —-a-r- c:\users\Adrie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-21 11:23 . 2010-04-12 15:29 411368 —-a-w- c:\windows\system32\deployJava1.dll
2010-05-21 11:12 . 2010-05-21 11:12 ——– d—–w- c:\program files\Trend Micro
2010-05-20 16:22 . 2010-05-20 16:22 ——– d—–w- c:\program files\CCleaner
2010-05-20 16:14 . 2010-05-20 16:14 ——– d—–w- c:\users\Adrie\AppData\Roaming\FIXIO PC Utilities
2010-05-20 16:13 . 2010-05-20 16:13 ——– d—–w- c:\program files\FIXIO PC Utilities
2010-05-20 15:46 . 2010-05-20 15:46 ——– d—–w- c:\users\Adrie\AppData\Roaming\Uniblue
2010-05-20 15:46 . 2010-05-20 15:46 ——– d—–w- c:\program files\Uniblue
2010-05-20 11:37 . 2010-05-20 11:37 ——– d—–w- c:\users\Adrie\AppData\Roaming\InstallShield
2010-05-20 10:47 . 2010-05-23 14:58 ——– d—–w- c:\program files\McAfee Security Scan
2010-05-19 15:30 . 2010-05-19 15:30 ——– d—–w- C:\found.000
2010-05-19 14:42 . 2010-05-19 14:42 ——– d—–w- c:\users\Adrie\AppData\Roaming\20225F387A0315444B46175BFDF15919
2010-05-19 11:21 . 2010-05-19 11:21 8463808 —-a-w- c:\users\Adrie\AppData\Roaming\Azureus\tmp\AZU20482.tmp\Vuze_4.4.0.4_win32.exe
2010-05-17 11:24 . 2010-05-17 11:24 ——– d—–w- C:\EasyActivatorTemp
2010-05-17 10:59 . 2010-05-17 10:59 ——– d—–w- c:\users\Adrie\AppData\Roaming\TomTom
2010-05-17 10:59 . 2010-05-17 10:59 ——– d—–w- c:\users\Adrie\AppData\Local\TomTom
2010-05-17 10:59 . 2010-05-17 10:59 ——– d—–w- c:\program files\TomTom International B.V
2010-05-17 10:58 . 2010-05-17 10:58 ——– d—–w- c:\program files\TomTom HOME 2
2010-05-12 05:10 . 2010-01-29 15:40 738816 —-a-w- c:\windows\system32\inetcomm.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 17:32 . 2008-10-23 16:18 667352 —-a-w- c:\windows\system32\perfh013.dat
2010-05-26 17:32 . 2008-10-23 16:18 126854 —-a-w- c:\windows\system32\perfc013.dat
2010-05-26 16:37 . 2010-05-25 12:39 ——– d—–w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\Azureus
2010-05-24 19:48 . 2008-10-24 06:06 ——– d—–w- c:\program files\Common Files\Adobe
2010-05-21 21:40 . 2010-03-12 23:08 ——– d—–w- c:\program files\Vuze_Remote
2010-05-21 11:26 . 2008-10-24 06:22 ——– d—–w- c:\program files\Common Files\Java
2010-05-21 11:23 . 2008-10-24 06:22 ——– d—–w- c:\program files\Java
2010-05-19 16:36 . 2010-04-04 13:26 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 15:21 . 2010-02-12 13:40 ——– d—–w- c:\users\Adrie\AppData\Roaming\Azureus
2010-05-13 05:24 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2010-04-29 13:39 . 2010-04-04 13:26 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-04-04 13:26 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 16:10 2048 —-a-w- c:\windows\system32\tzres.dll
2010-04-17 06:10 . 2010-04-17 06:10 ——– d—–w- c:\program files\Windows Portable Devices
2010-04-17 06:10 . 2006-11-02 10:25 665600 —-a-w- c:\windows\inf\drvindex.dat
2010-04-17 06:10 . 2010-04-17 06:10 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-04-17 06:10 . 2010-04-17 06:10 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-16 20:59 . 2010-04-16 20:59 ——– d—–w- c:\program files\TomTom DesktopSuite
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Calendar
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Journal
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Collaboration
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Photo Gallery
2010-04-15 18:59 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Defender
2010-04-08 16:47 . 2010-02-11 16:34 ——– d—–w- c:\program files\McAfee
2010-04-08 12:13 . 2010-04-08 12:12 ——– d—–w- c:\program files\Common Files\McAfee
2010-04-08 12:13 . 2010-04-08 12:12 ——– d—–w- c:\program files\McAfee.com
2010-04-05 05:22 . 2010-02-07 06:23 ——– d—–w- c:\users\Adrie\AppData\Roaming\HP
2010-04-04 13:26 . 2010-04-04 13:26 ——– d—–w- c:\users\Adrie\AppData\Roaming\Malwarebytes
2010-04-02 16:00 . 2010-03-17 17:04 ——– d—–w- c:\program files\Common Files\Symantec Shared
2010-03-12 06:53 . 2010-02-14 11:53 1356 —-a-w- c:\users\Adrie\AppData\Local\d3d9caps.dat
2010-03-11 06:27 . 2010-02-03 12:57 112696 —-a-w- c:\users\Adrie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 16:25 . 2010-03-31 18:56 78336 —-a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42 . 2010-03-31 18:56 834048 —-a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33 . 2010-04-14 05:10 430080 —-a-w- c:\windows\system32\vbscript.dll
2008-12-03 04:36 . 2008-12-03 04:36 2828 –sha-w- c:\windows\System32\KGyGaAvL.sys
2008-08-13 11:05 . 2008-08-13 11:05 8192 –sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-05-24_20.07.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-26 16:10 . 2010-04-23 14:23 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzupd.exe
+ 2010-03-10 20:29 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzupd.exe
+ 2010-05-26 16:10 . 2010-04-23 14:02 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzupd.exe
+ 2010-03-10 20:29 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzupd.exe
+ 2008-01-21 01:58 . 2010-05-26 17:29 57602 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-26 17:29 70338 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-03 12:52 . 2010-05-24 20:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-03 12:52 . 2010-05-26 17:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-03 12:52 . 2010-05-24 20:07 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-03 12:52 . 2010-05-26 17:38 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-03 12:52 . 2010-05-24 20:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-03 12:52 . 2010-05-26 17:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-26 16:10 . 2010-04-23 14:23 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22391_none_17571fa5201e0c64\tzres.dll
+ 2010-05-26 16:10 . 2010-04-23 14:13 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzres.dll
+ 2010-05-26 16:10 . 2010-04-23 14:02 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22677_none_158c4f5122e21768\tzres.dll
+ 2010-05-26 16:10 . 2010-04-23 13:55 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzres.dll
+ 2010-02-03 12:58 . 2010-05-26 17:29 9452 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1862308218-3603097403-1258085078-1000_UserData.bin
- 2010-05-24 18:01 . 2010-05-24 18:01 5464 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\Data.dat
+ 2010-05-26 15:43 . 2010-05-26 15:43 5464 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\Data.dat
- 2010-05-24 18:01 . 2010-05-24 18:01 4814 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\AADAE66A3FB7A6FD68E3AA9B91B8A236706D4ED1\Data.dat
+ 2010-05-26 15:43 . 2010-05-26 15:43 4814 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\AADAE66A3FB7A6FD68E3AA9B91B8A236706D4ED1\Data.dat
- 2010-05-24 18:02 . 2010-05-24 18:02 5480 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\5E043F682876630268F88E397A9ABB7C2E2AE2D6\Data.dat
+ 2010-05-26 15:43 . 2010-05-26 15:43 5480 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\5E043F682876630268F88E397A9ABB7C2E2AE2D6\Data.dat
+ 2010-05-26 15:43 . 2010-05-26 15:43 6154 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\38FE591960A06F0240F26C4F9409AAFA397B5E42\Data.dat
- 2010-05-24 19:41 . 2010-05-24 19:41 6154 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\DB5315A781647BA87DA7A3BD48930C3ED71A2B16\38FE591960A06F0240F26C4F9409AAFA397B5E42\Data.dat
+ 2010-05-26 16:28 . 2010-05-26 16:28 5338 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\968E354ABD973D8CA5FDE5481523F61FF9C69AA1\968E354ABD973D8CA5FDE5481523F61FF9C69AA1\Data.dat
+ 2010-05-26 16:28 . 2010-05-26 16:28 4700 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\968E354ABD973D8CA5FDE5481523F61FF9C69AA1\45C9BA48BBB88D40D9CEC05F48353B47FEF72B66\Data.dat
+ 2010-05-26 15:47 . 2010-05-26 15:51 2124 c:\windows\SoftwareDistribution\EventCache\{AC05E64B-CD88-40AE-B60C-DFA2E4CCE99A}.bin
- 2010-05-24 19:53 . 2010-05-24 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-26 17:26 . 2010-05-26 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-24 19:53 . 2010-05-24 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-26 17:26 . 2010-05-26 17:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-05-26 17:32 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-24 20:01 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-24 20:01 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-26 17:32 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2010-05-26 17:20 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-05-13 21:12 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-02-09 05:57 . 2010-05-26 16:48 167707651 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“WindowsWelcomeCenter”=“oobefldr.dll”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
“TomTomHOME.exe”=“c:\program files\TomTom HOME 2\TomTomHOMERunner.exe”
“ISUSPM”=“c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“UpdatePDRShortCut”=“c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe”
“RemoteControl”=“c:\program files\HomeCinema\PowerDVD\PDVDServ.exe”
“LanguageShortcut”=“c:\program files\HomeCinema\PowerDVD\Language\Language.exe”
“UpdatePPShortCut”=“c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe”
“UCam_Menu”=“c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe”
“Google Desktop Search”=“c:\program files\Google\Google Desktop Search\GoogleDesktop.exe”
“Google EULA Launcher”=“c:\program files\Google\Google EULA\GoogleEULALauncher.exe”
“ArcSoft Connection Service”=“c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe”
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
Remote Control.lnk - c:\program files\Conceptronic Multimedia\CTVDIGRCU V3.0 Device Utilities\AFRCtl.exe
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“AppInit_DLLs”=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
@=“”
@=“”
@=“Service”
“VistaSp2”=hex(b):1b,12,46,f7,ce,dc,ca,01
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTENG32\2PART\uxddrv86.sys
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de ‘Gedeelde Taken’ map
2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-04-08 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-04-08 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://gratis.startpagina.nl/prikbord/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
.
**************************************************************************
scannen van verborgen processen …
0x3335656E
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
Voltooingstijd: 2010-05-26 19:50:34
ComboFix-quarantined-files.txt 2010-05-26 17:50
ComboFix2.txt 2010-05-26 17:07
ComboFix3.txt 2010-05-25 21:29
ComboFix4.txt 2010-05-24 20:09
Pre-Run: 235.695.296.512 bytes beschikbaar
Post-Run: 235.665.321.984 bytes beschikbaar
- - End Of File - - E859B01CBE368E0D98C08A5F441B279C
==================================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:56:45, on 26-5-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Conceptronic Multimedia\CTVDIGRCU V3.0 Device Utilities\AFRCtl.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gratis.startpagina.nl/prikbord/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files\HomeCinema\PowerDirector” UpdateWithCreateOnce “Software\CyberLink\PowerDirector\7.0”
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files\HomeCinema\PowerProducer” update “Software\CyberLink\PowerProducer\5.0”
O4 - HKLM\..\Run: “C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\HomeCinema\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0”
O4 - HKLM\..\Run: “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - HKLM\..\Run: C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
O4 - HKLM\..\Run: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: “C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe”
O4 - HKCU\..\Run: “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler
O4 - HKUS\S-1-5-18\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘SYSTEEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\Program Files\Picasa2\PicasaMediaDetector.exe (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Remote Control.lnk = C:\Program Files\Conceptronic Multimedia\CTVDIGRCU V3.0 Device Utilities\AFRCtl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
–
End of file - 13684 bytes
Hallo Huib
Hierbij het logje van Malware.
Ziet er goed uit, of niet? Is alles zo weer oké?
Is het bestandje van DIVX weer terug op zijn plaats?
Wat moet er nog meer gebeuren?
Groetjes Roosje
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
26-5-2010 21:56:44
mbam-log-2010-05-26 (21-56-44).txt
Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 291443
Verstreken tijd: 1 uur/uren, 30 minuut/minuten, 16 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Hoi Roosje,
Het ziet er weer goed uit;)
Leeg je prullebak nog even.
doe het volgende nog:
ComboFix verwijderen:
Ga naar Start - Uitvoeren en kopïeer het volgende vetgedrukte er in:
Combofix /Uninstall <—- deze tekst
Klik daarna op OK.
Dit zal combofix deïnstalleren.
Nu nog je herstelpunten verwijderen:
klik “deze computer” op je bureaublad
Klik met de rechter muisknop op “deze computer” en ga vervolgens naar eigenschappen.
Klik op het tabblad system restore of systeem herstellen.
Zet een vinkje bij systeem herstellen uitschakelen op alle hardeschijven!!!!
Klik op toepassen en ok en start de pc opnieuw op .
Ga terug naar stap een en zet het vinkje weer uit,
Jou computer maakt weer nieuwe systeem herstelpunt aan.
Als laatste het schoonmaakplan uitvoeren:
http://www.virushelp.nl/onderhoud.htm
Doe dat, dat wat je nog niet hebt gedaan;)
Zoals MBAM en scannen met een virusscanner hoeft niet.
Succes,
Huib:)
