google crome werkt niet meer

mar

15-10-2010 08:56

goedenmorgen
Hier is het log
Mijn probleem is verholpen google crome doet het weer
ComboFix 10-10-12.03 - hansenmarjo 15-10-2010 8:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1341
Gestart vanuit: c:\users\hansenmarjo\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Defending
c:\users\HANSEN~1\FAVORI~1\Videos.url
c:\users\hansenmarjo\AppData\Roaming\inst.exe
c:\users\hansenmarjo\AppData\Roaming\TMInc
c:\users\hansenmarjo\AppData\Roaming\TMInc\game.cfg
c:\users\hansenmarjo\AppData\Roaming\TMInc\user1.sav
c:\users\hansenmarjo\Favorites\Videos.url
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))
.
2010-10-15 06:47 . 2010-10-15 06:47 ——– d—–w- c:\users\hansenmarjo\AppData\Local\temp
2010-10-15 06:47 . 2010-10-15 06:47 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-10-13 05:21 . 2010-09-13 13:56 8147456 —-a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:21 . 2010-09-13 13:56 168960 —-a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:21 . 2010-09-06 16:20 125952 —-a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:21 . 2010-09-06 13:45 304128 —-a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:21 . 2010-09-06 13:45 145408 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:21 . 2010-09-06 13:45 102400 —-a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:21 . 2010-09-06 16:19 17920 —-a-w- c:\windows\system32\netevent.dll
2010-10-13 05:21 . 2010-08-10 15:53 274944 —-a-w- c:\windows\system32\schannel.dll
2010-10-13 05:21 . 2010-06-28 17:00 1316864 —-a-w- c:\windows\system32\ole32.dll
2010-10-13 05:21 . 2010-06-28 14:54 339968 —-a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:21 . 2010-08-26 16:37 157184 —-a-w- c:\windows\system32\t2embed.dll
2010-10-11 18:34 . 2010-10-15 06:06 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Dropbox
2010-10-11 16:17 . 2010-10-11 16:17 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\QuickScan
2010-10-11 14:54 . 2010-10-11 14:54 729600 —-a-w- c:\windows\system32\dloD562.dll
2010-10-11 14:54 . 2010-10-11 14:54 0 —-a-w- c:\windows\system32\dloD562.tmp
2010-10-10 17:30 . 2010-10-10 17:31 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\PeaceCraft2
2010-10-03 16:57 . 2010-10-03 16:57 ——– d—–w- c:\programdata\HPSSUPPLY
2010-10-03 11:23 . 2010-10-03 11:24 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\ThreeDays2
2010-10-03 09:38 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-10-03 09:37 . 2010-10-03 09:37 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-03 09:35 . 2008-06-17 14:13 74520 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DSETUP.dll
2010-10-03 09:35 . 2008-06-17 14:13 484632 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DXSETUP.exe
2010-10-03 09:35 . 2008-06-17 14:13 1670936 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\dsetup32.dll
2010-10-03 09:22 . 2009-04-20 10:23 315904 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-03 09:17 . 2010-10-03 09:17 ——– d—–w- c:\programdata\HP Product Assistant
2010-10-03 09:10 . 2009-02-10 13:03 966656 —-a-w- c:\windows\system32\hpost_p02e.dll
2010-10-03 09:10 . 2009-02-10 13:03 315392 —-a-w- c:\windows\system32\hposc_p02a.dll
2010-10-03 09:10 . 2009-02-10 13:03 712704 —-a-w- c:\windows\system32\hposwia_p02e.dll
2010-10-03 09:10 . 2008-10-28 03:27 372736 —-a-w- c:\windows\system32\hppldcoi.dll
2010-10-03 09:10 . 2008-10-28 03:27 309760 —-a-w- c:\windows\system32\difxapi.dll
2010-10-03 09:10 . 2010-10-03 09:10 ——– d—–w- c:\users\hansenmarjo\{44d77c09-f5ba-441a-be33-08291b71fad0}
2010-10-03 09:10 . 2009-04-15 14:53 452408 —-a-w- c:\windows\system32\hpzids01.dll
2010-10-03 09:10 . 2009-04-20 10:23 123904 —-a-w- c:\windows\system32\hpf3l70w.dll
2010-09-29 05:09 . 2010-06-22 13:30 2048 —-a-w- c:\windows\system32\tzres.dll
2010-09-29 05:08 . 2010-08-26 04:23 13312 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 09:00 . 2010-09-27 09:00 ——– d—–w- c:\users\hansenmarjo\.jordan
2010-09-23 11:04 . 2010-09-23 11:04 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Silverback Productions
2010-09-22 17:55 . 2010-09-22 17:55 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Enlightenus2_BFG
2010-09-22 16:10 . 2010-09-22 16:10 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Floodlight Games
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\programdata\Floodlight Games
2010-09-19 09:43 . 2010-09-19 09:43 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Princess Isabella CE
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:54:24, on 15-10-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E586A961-08E6-4D33-A6E6-16AE14441595} - c:\windows\system32\dlod562.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey
O4 - HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dropbox.lnk = hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-NL/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7000v8\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
–
End of file - 7070 bytes
Bedankt alvast
Mar
fazantje

15-10-2010 09:22

Hoi Marjo,
Mooi dat google chrome het weer doet, maar ik zou wel graag het volledige logje van Combofix willen zien.
Groetjes Huib;)
mar

15-10-2010 11:22

Hoi
ComboFix 10-10-12.03 - hansenmarjo 15-10-2010 8:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1341
Gestart vanuit: c:\users\hansenmarjo\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Defending
c:\users\HANSEN~1\FAVORI~1\Videos.url
c:\users\hansenmarjo\AppData\Roaming\inst.exe
c:\users\hansenmarjo\AppData\Roaming\TMInc
c:\users\hansenmarjo\AppData\Roaming\TMInc\game.cfg
c:\users\hansenmarjo\AppData\Roaming\TMInc\user1.sav
c:\users\hansenmarjo\Favorites\Videos.url
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))
.
2010-10-15 06:47 . 2010-10-15 06:47 ——– d—–w- c:\users\hansenmarjo\AppData\Local\temp
2010-10-15 06:47 . 2010-10-15 06:47 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-10-13 05:21 . 2010-09-13 13:56 8147456 —-a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:21 . 2010-09-13 13:56 168960 —-a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:21 . 2010-09-06 16:20 125952 —-a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:21 . 2010-09-06 13:45 304128 —-a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:21 . 2010-09-06 13:45 145408 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:21 . 2010-09-06 13:45 102400 —-a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:21 . 2010-09-06 16:19 17920 —-a-w- c:\windows\system32\netevent.dll
2010-10-13 05:21 . 2010-08-10 15:53 274944 —-a-w- c:\windows\system32\schannel.dll
2010-10-13 05:21 . 2010-06-28 17:00 1316864 —-a-w- c:\windows\system32\ole32.dll
2010-10-13 05:21 . 2010-06-28 14:54 339968 —-a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:21 . 2010-08-26 16:37 157184 —-a-w- c:\windows\system32\t2embed.dll
2010-10-11 18:34 . 2010-10-15 06:06 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Dropbox
2010-10-11 16:17 . 2010-10-11 16:17 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\QuickScan
2010-10-11 14:54 . 2010-10-11 14:54 729600 —-a-w- c:\windows\system32\dloD562.dll
2010-10-11 14:54 . 2010-10-11 14:54 0 —-a-w- c:\windows\system32\dloD562.tmp
2010-10-10 17:30 . 2010-10-10 17:31 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\PeaceCraft2
2010-10-03 16:57 . 2010-10-03 16:57 ——– d—–w- c:\programdata\HPSSUPPLY
2010-10-03 11:23 . 2010-10-03 11:24 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\ThreeDays2
2010-10-03 09:38 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-10-03 09:37 . 2010-10-03 09:37 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-03 09:35 . 2008-06-17 14:13 74520 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DSETUP.dll
2010-10-03 09:35 . 2008-06-17 14:13 484632 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DXSETUP.exe
2010-10-03 09:35 . 2008-06-17 14:13 1670936 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\dsetup32.dll
2010-10-03 09:22 . 2009-04-20 10:23 315904 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-03 09:17 . 2010-10-03 09:17 ——– d—–w- c:\programdata\HP Product Assistant
2010-10-03 09:10 . 2009-02-10 13:03 966656 —-a-w- c:\windows\system32\hpost_p02e.dll
2010-10-03 09:10 . 2009-02-10 13:03 315392 —-a-w- c:\windows\system32\hposc_p02a.dll
2010-10-03 09:10 . 2009-02-10 13:03 712704 —-a-w- c:\windows\system32\hposwia_p02e.dll
2010-10-03 09:10 . 2008-10-28 03:27 372736 —-a-w- c:\windows\system32\hppldcoi.dll
2010-10-03 09:10 . 2008-10-28 03:27 309760 —-a-w- c:\windows\system32\difxapi.dll
2010-10-03 09:10 . 2010-10-03 09:10 ——– d—–w- c:\users\hansenmarjo\{44d77c09-f5ba-441a-be33-08291b71fad0}
2010-10-03 09:10 . 2009-04-15 14:53 452408 —-a-w- c:\windows\system32\hpzids01.dll
2010-10-03 09:10 . 2009-04-20 10:23 123904 —-a-w- c:\windows\system32\hpf3l70w.dll
2010-09-29 05:09 . 2010-06-22 13:30 2048 —-a-w- c:\windows\system32\tzres.dll
2010-09-29 05:08 . 2010-08-26 04:23 13312 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 09:00 . 2010-09-27 09:00 ——– d—–w- c:\users\hansenmarjo\.jordan
2010-09-23 11:04 . 2010-09-23 11:04 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Silverback Productions
2010-09-22 17:55 . 2010-09-22 17:55 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Enlightenus2_BFG
2010-09-22 16:10 . 2010-09-22 16:10 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Floodlight Games
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\programdata\Floodlight Games
2010-09-19 09:43 . 2010-09-19 09:43 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Princess Isabella CE
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
2010-10-11 14:54 729600 —-a-w- c:\windows\System32\dloD562.dll
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{E586A961-08E6-4D33-A6E6-16AE14441595}”
2010-10-11 14:54 729600 —-a-w- c:\windows\System32\dloD562.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
c:\users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
@=“”
@=“”
@=“Service”
“Google Update”=“c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe” /c
“Adobe Reader Speed Launcher”=“e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“DisableMonitoring”=dword:00000001
2;2 jpcrvjjt;AMD K8 Processor Monitor;c:\windows\System32\svchost.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7000v8\jswpsapi.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jpcrvjjt
.
Inhoud van de ‘Gedeelde Taken’ map
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000Core.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000UA.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-10-15 c:\windows\Tasks\User_Feed_Synchronization-{DC93F4AA-3005-4D9D-8078-F8C80332659F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\hansenmarjo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-WgaLogon - (no file)
“ImagePath”=“System32\DRIVERS\rasacd.sy@”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2010-10-15 08:49:29
ComboFix-quarantined-files.txt 2010-10-15 06:49
ComboFix2.txt 2008-08-05 20:27
ComboFix3.txt 2008-08-05 20:16
Pre-Run: 56.138.399.744 bytes beschikbaar
Post-Run: 56.117.350.400 bytes beschikbaar
- - End Of File - - 5F0FFA692877F5468A0163B857CE2F67
Ik zag dat het de verkeerde was bij deze het logje
gr mar
fazantje

15-10-2010 13:44

Hoi Marjo,
Zo te zien ziet het er goed uit;)
Alleen 1 regel vind ik vreemd omdat ik hierover helemaal niets kan vinden op het net:(
O2 - BHO: (no name) - {E586A961-08E6-4D33-A6E6-16AE14441595} - c:\windows\system32\dlod562.dll
Misschien dat andere helpers hier iets meer over weten.
Om combo te verwijderen, doe het volgende:
Ga naar Start - Uitvoeren en kopïeer het volgende er in:
Combofix /Uninstall
Klik daarna op OK.
Voer ook het schoonmaakplan eens uit:
http://www.virushelp.nl/onderhoud.htm
Punt 3-4 en 8 mag je overslaan;)
Succes,
Huib;)
mar

15-10-2010 13:55

Goedenmiddag
Ik heb gedaan wat u schreef maar het kan het bestand niet vinden. Kan het er al af zijn.
alvast bedankt voor het mee denken
gr mar
mar

16-10-2010 23:57

Goedenavond
Bij de vorige bericht is het verkeerd gegaan denk ik verstuurd zonder tekst
Maar de combofix was er al af denk ik want bij uitvoeren kon het bestand niet gevonden worden
Alvast bedankt voor het meedenken
gr mar
Argus

17-10-2010 00:16

Download TFC en sla deze op je Bureaublad op.
Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten. Hoe lang het programma nodig heeft, kan verschillen.
Dit kan kan slechts een paar seconden zijn, maar ook 5 minuten.
Laat het programma ongestoord zijn werk doen totdat het klaar is.
Als het programma klaar is, dan zal het je computer opnieuw opstarten. Als dit niet gebeurt, start dan je computer handmatig opnieuw op.
Plaats nogmaals een log van HijackThus
mar

17-10-2010 00:49

Goedenavond
Waarom moet ik dit programma downloaden.
Ik ben maar een leek hier in
Alvast bedankt voor het meedenken
gr mar
Argus

17-10-2010 01:29

TFC verwijderd de Temp files die op de PC staan
erik-hjt

17-10-2010 17:47

TFC gaat je hierbij niet helpen :-(
Is Lucas hier nog actief, laat die er eens naar kijken ><
Het volgende bestand is geen tijdelijke bestand maar onderdeel van de TDL rootkit
2010-10-11 14:54 . 2010-10-11 14:54 0 —-a-w- c:\windows\system32\dloD562.tmp
Dit is de naam van een bij de rootkit behorende service:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jpcrvjjt
Dit zijn de opstart locaties:
2010-10-11 14:54 729600 —-a-w- c:\windows\System32\dloD562.dll
2010-10-11 14:54 729600 —-a-w- c:\windows\System32\dloD562.dll
Groeten Erik (AKA Fakemail)

google crome werkt niet meer

mar

fazantje

mar

fazantje

mar

mar

Argus

mar

Argus

erik-hjt