google crome werkt niet meer

mar

19-10-2010 19:58

.text C:\Windows\System32\svchost.exe ADVAPI32.dll!RegCreateKeyExW 779341F1 5 Bytes JMP 00060F68
.text C:\Windows\System32\svchost.exe ADVAPI32.dll!RegOpenKeyExA 77937C42 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe ADVAPI32.dll!RegOpenKeyW 7793E2B5 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe ADVAPI32.dll!RegOpenKeyExW 77947BA1 5 Bytes JMP 00060FAF
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe kernel32.dll!GetProcAddress 773B903B 5 Bytes JMP 01B8EBE0 C:\Program Files\McAfee\SiteAdvisor\saPlugin.dll
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtCreateFile + 6 77C543DA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtCreateFile + B 77C543DF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtMapViewOfSection + 6 77C54B2A 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtMapViewOfSection + 6 77C54B2A 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtMapViewOfSection + B 77C54B2F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenFile + 6 77C54BBA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenFile + B 77C54BBF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenProcess + 6 77C54C3A 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenProcess + B 77C54C3F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenProcessToken + B 77C54C4F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenProcessTokenEx + 6 77C54C5A 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenProcessTokenEx + B 77C54C5F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenThread + 6 77C54CAA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenThread + B 77C54CAF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenThreadToken + 6 77C54CBA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenThreadToken + B 77C54CBF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtOpenThreadTokenEx + B 77C54CCF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtQueryAttributesFile + 6 77C54D5A 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtQueryAttributesFile + B 77C54D5F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtQueryFullAttributesFile + B 77C54E0F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtSetInformationFile + 6 77C552EA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtSetInformationFile + B 77C552EF 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtSetInformationThread + 6 77C5533A 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtSetInformationThread + B 77C5533F 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtUnmapViewOfSection + 6 77C555DA 1 Byte
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtUnmapViewOfSection + 6 77C555DA 4 Bytes
.text C:\Users\hansenmarjo\AppData\Local\Google\Chrome\Application\chrome.exe ntdll.dll!NtUnmapViewOfSection + B 77C555DF 1 Byte
—- Devices - GMER 1.0.15 —-
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
—- Registry - GMER 1.0.15 —-
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x21 0x0A 0x00 0x00 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA3 0xB9 0x6D …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x17 0x74 0x2D …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 …
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x1A 0x87 0x57 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x21 0x0A 0x00 0x00 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xA3 0xB9 0x6D …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x17 0x74 0x2D …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 …
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x1A 0x87 0x57 …
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@User_Feed_Synchronization-{DC93F4AA-3005-4D9D-8078-F8C80332659F}.job.fp 738710597
—- EOF - GMER 1.0.15 —-
erik-hjt

20-10-2010 06:44

Denk dat je per ongeluk toch een vinkje hebt gezet bij “All filles” miscchien.
Geeft verder niks
Open Kladblok, kopiëer en plak het volgende (vetgedrukte) in een leeg venster:
Rootkit::
c:\windows\system32\dloD562.dll
Registry::
@=“”
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe.
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord
mar

20-10-2010 09:24

Hoi
Bedankt nogmaals
Het ging vandaag wel moeizaam met de pc.
Eerst na afsluitn gaf het een blauw scherm met vanalles er op bij de 2de poging sluiten het niet af, maar ik hoop dat het nu goed is.
ComboFix 10-10-19.02 - hansenmarjo 20-10-2010 8:54.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1183
Gestart vanuit: c:\users\hansenmarjo\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\hansenmarjo\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
—- Voorgaande Run ——-
.
c:\users\HANSEN~1\AppData\Local\Temp\ppcrlui_300_2
c:\users\hansenmarjo\AppData\Local\temp\ppcrlui_300_2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_jpcrvjjt
——-\Service_jpcrvjjt
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-20 to 2010-10-20 ))))))))))))))))))))))))))))))
.
2010-10-20 07:05 . 2010-10-20 07:05 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-10-18 14:05 . 2010-10-18 14:05 ——– d-sh–w- c:\windows\system32\%APPDATA%
2010-10-18 14:00 . 2010-10-20 07:14 ——– d—–w- c:\users\hansenmarjo\AppData\Local\temp
2010-10-13 05:21 . 2010-09-13 13:56 8147456 —-a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:21 . 2010-09-13 13:56 168960 —-a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:21 . 2010-09-06 16:20 125952 —-a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:21 . 2010-09-06 13:45 304128 —-a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:21 . 2010-09-06 13:45 145408 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:21 . 2010-09-06 13:45 102400 —-a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:21 . 2010-09-06 16:19 17920 —-a-w- c:\windows\system32\netevent.dll
2010-10-13 05:21 . 2010-08-10 15:53 274944 —-a-w- c:\windows\system32\schannel.dll
2010-10-13 05:21 . 2010-06-28 17:00 1316864 —-a-w- c:\windows\system32\ole32.dll
2010-10-13 05:21 . 2010-06-28 14:54 339968 —-a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:21 . 2010-08-26 16:37 157184 —-a-w- c:\windows\system32\t2embed.dll
2010-10-11 18:34 . 2010-10-20 07:13 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Dropbox
2010-10-11 16:17 . 2010-10-15 11:36 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\QuickScan
2010-10-10 17:30 . 2010-10-10 17:31 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\PeaceCraft2
2010-10-03 16:57 . 2010-10-03 16:57 ——– d—–w- c:\programdata\HPSSUPPLY
2010-10-03 11:23 . 2010-10-03 11:24 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\ThreeDays2
2010-10-03 09:38 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-10-03 09:37 . 2010-10-03 09:37 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-03 09:35 . 2008-06-17 14:13 74520 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DSETUP.dll
2010-10-03 09:35 . 2008-06-17 14:13 484632 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DXSETUP.exe
2010-10-03 09:35 . 2008-06-17 14:13 1670936 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\dsetup32.dll
2010-10-03 09:22 . 2009-04-20 10:23 315904 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-03 09:17 . 2010-10-03 09:17 ——– d—–w- c:\programdata\HP Product Assistant
2010-10-03 09:10 . 2009-02-10 13:03 966656 —-a-w- c:\windows\system32\hpost_p02e.dll
2010-10-03 09:10 . 2009-02-10 13:03 315392 —-a-w- c:\windows\system32\hposc_p02a.dll
2010-10-03 09:10 . 2009-02-10 13:03 712704 —-a-w- c:\windows\system32\hposwia_p02e.dll
2010-10-03 09:10 . 2008-10-28 03:27 372736 —-a-w- c:\windows\system32\hppldcoi.dll
2010-10-03 09:10 . 2008-10-28 03:27 309760 —-a-w- c:\windows\system32\difxapi.dll
2010-10-03 09:10 . 2010-10-03 09:10 ——– d—–w- c:\users\hansenmarjo\{44d77c09-f5ba-441a-be33-08291b71fad0}
2010-10-03 09:10 . 2009-04-15 14:53 452408 —-a-w- c:\windows\system32\hpzids01.dll
2010-10-03 09:10 . 2009-04-20 10:23 123904 —-a-w- c:\windows\system32\hpf3l70w.dll
2010-09-29 05:09 . 2010-06-22 13:30 2048 —-a-w- c:\windows\system32\tzres.dll
2010-09-29 05:08 . 2010-08-26 04:23 13312 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 09:00 . 2010-09-27 09:00 ——– d—–w- c:\users\hansenmarjo\.jordan
2010-09-23 11:04 . 2010-09-23 11:04 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Silverback Productions
2010-09-22 17:55 . 2010-09-22 17:55 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Enlightenus2_BFG
2010-09-22 16:10 . 2010-09-22 16:10 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Floodlight Games
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\programdata\Floodlight Games
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
2008-01-19 05:49 729600 —-a-w- c:\windows\System32\dlod562.dll
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{E08C1620-4257-4C84-923B-6F6715EF278F}”
2008-01-19 05:49 729600 —-a-w- c:\windows\System32\dlod562.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
c:\users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
@=“”
@=“”
@=“Service”
“Google Update”=“c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe” /c
“Adobe Reader Speed Launcher”=“e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“DisableMonitoring”=dword:00000001
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7000v8\jswpsapi.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
jpcrvjjt
.
Inhoud van de ‘Gedeelde Taken’ map
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000Core.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000UA.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-10-20 c:\windows\Tasks\User_Feed_Synchronization-{DC93F4AA-3005-4D9D-8078-F8C80332659F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\hansenmarjo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
“ImagePath”=“System32\DRIVERS\rasacd.sy@”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(812)
c:\windows\system32\dlod562.dll
- - - - - - - > ‘Explorer.exe’(5564)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-10-20 09:18:59 - machine werd herstart
ComboFix-quarantined-files.txt 2010-10-20 07:18
ComboFix2.txt 2010-10-19 11:46
ComboFix3.txt 2010-10-19 07:44
ComboFix4.txt 2010-10-18 14:08
Pre-Run: 54.758.150.144 bytes beschikbaar
Post-Run: 54.313.431.040 bytes beschikbaar
- - End Of File - - A8A8F4D4CC779F0CC86FF4895DAA68FE
erik-hjt

20-10-2010 10:32

Hoi,
We raken maar niet verlost van dat ene bestand
Misschien dat McAfee in de weg zit.
Kan je McAfee tijdelijk uitschakelen.
Afhankelijk van de versie die je hebt doe je het volgende:
Klik met de rechtermuisknop op het icoontje van McAfee in de taakbalk en kies voor uitschaklen.
of
Rechterklik met de muis op het pictogram van McAfee in de taakbalk rechtsonderin beeld
Druk op “Instellingen wijzigen”
Het McAfee Security Center opent nu. Druk linksboven onder het kopje “Configureren” op “Computer en bestanden”
Schakel alles uit door op het selectierondje voor “Uit” te klikken
Open Kladblok, kopiëer en plak het volgende (vetgedrukte) in een leeg venster:
Rootkit::
c:\windows\system32\dloD562.dll
Registry::
@=-
Netsvc::
jpcrvjjt
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe.
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord
mar

20-10-2010 13:20

Hoi
Ik hoop dat het gelukt is
gr
ComboFix 10-10-19.02 - hansenmarjo 20-10-2010 13:00:17.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1308
Gestart vanuit: c:\users\hansenmarjo\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\hansenmarjo\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_jpcrvjjt
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-20 to 2010-10-20 ))))))))))))))))))))))))))))))
.
2010-10-20 11:09 . 2010-10-20 11:09 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-10-18 14:05 . 2010-10-18 14:05 ——– d-sh–w- c:\windows\system32\%APPDATA%
2010-10-18 14:00 . 2010-10-20 11:12 ——– d—–w- c:\users\hansenmarjo\AppData\Local\temp
2010-10-13 05:21 . 2010-09-13 13:56 8147456 —-a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:21 . 2010-09-13 13:56 168960 —-a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:21 . 2010-09-06 16:20 125952 —-a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:21 . 2010-09-06 13:45 304128 —-a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:21 . 2010-09-06 13:45 145408 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:21 . 2010-09-06 13:45 102400 —-a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:21 . 2010-09-06 16:19 17920 —-a-w- c:\windows\system32\netevent.dll
2010-10-13 05:21 . 2010-08-10 15:53 274944 —-a-w- c:\windows\system32\schannel.dll
2010-10-13 05:21 . 2010-06-28 17:00 1316864 —-a-w- c:\windows\system32\ole32.dll
2010-10-13 05:21 . 2010-06-28 14:54 339968 —-a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:21 . 2010-08-26 16:37 157184 —-a-w- c:\windows\system32\t2embed.dll
2010-10-11 18:34 . 2010-10-20 10:33 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Dropbox
2010-10-11 16:17 . 2010-10-15 11:36 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\QuickScan
2010-10-10 17:30 . 2010-10-10 17:31 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\PeaceCraft2
2010-10-03 16:57 . 2010-10-03 16:57 ——– d—–w- c:\programdata\HPSSUPPLY
2010-10-03 11:23 . 2010-10-03 11:24 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\ThreeDays2
2010-10-03 09:38 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-10-03 09:37 . 2010-10-03 09:37 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-03 09:35 . 2008-06-17 14:13 74520 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DSETUP.dll
2010-10-03 09:35 . 2008-06-17 14:13 484632 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DXSETUP.exe
2010-10-03 09:35 . 2008-06-17 14:13 1670936 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\dsetup32.dll
2010-10-03 09:22 . 2009-04-20 10:23 315904 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-03 09:17 . 2010-10-03 09:17 ——– d—–w- c:\programdata\HP Product Assistant
2010-10-03 09:10 . 2009-02-10 13:03 966656 —-a-w- c:\windows\system32\hpost_p02e.dll
2010-10-03 09:10 . 2009-02-10 13:03 315392 —-a-w- c:\windows\system32\hposc_p02a.dll
2010-10-03 09:10 . 2009-02-10 13:03 712704 —-a-w- c:\windows\system32\hposwia_p02e.dll
2010-10-03 09:10 . 2008-10-28 03:27 372736 —-a-w- c:\windows\system32\hppldcoi.dll
2010-10-03 09:10 . 2008-10-28 03:27 309760 —-a-w- c:\windows\system32\difxapi.dll
2010-10-03 09:10 . 2010-10-03 09:10 ——– d—–w- c:\users\hansenmarjo\{44d77c09-f5ba-441a-be33-08291b71fad0}
2010-10-03 09:10 . 2009-04-15 14:53 452408 —-a-w- c:\windows\system32\hpzids01.dll
2010-10-03 09:10 . 2009-04-20 10:23 123904 —-a-w- c:\windows\system32\hpf3l70w.dll
2010-09-29 05:09 . 2010-06-22 13:30 2048 —-a-w- c:\windows\system32\tzres.dll
2010-09-29 05:08 . 2010-08-26 04:23 13312 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 09:00 . 2010-09-27 09:00 ——– d—–w- c:\users\hansenmarjo\.jordan
2010-09-23 11:04 . 2010-09-23 11:04 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Silverback Productions
2010-09-22 17:55 . 2010-09-22 17:55 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Enlightenus2_BFG
2010-09-22 16:10 . 2010-09-22 16:10 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Floodlight Games
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\programdata\Floodlight Games
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
2008-01-19 05:49 729600 —-a-w- c:\windows\System32\dlod562.dll
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{E08C1620-4257-4C84-923B-6F6715EF278F}”
2008-01-19 05:49 729600 —-a-w- c:\windows\System32\dlod562.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
c:\users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
@=“”
@=“”
@=“Service”
“Google Update”=“c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe” /c
“Adobe Reader Speed Launcher”=“e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“DisableMonitoring”=dword:00000001
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7000v8\jswpsapi.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de ‘Gedeelde Taken’ map
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000Core.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000UA.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-10-20 c:\windows\Tasks\User_Feed_Synchronization-{DC93F4AA-3005-4D9D-8078-F8C80332659F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\hansenmarjo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
“ImagePath”=“System32\DRIVERS\rasacd.sy@”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(760)
c:\windows\system32\dlod562.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
- - - - - - - > ‘Explorer.exe’(5528)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Voltooingstijd: 2010-10-20 13:17:00 - machine werd herstart
ComboFix-quarantined-files.txt 2010-10-20 11:16
ComboFix2.txt 2010-10-20 07:19
ComboFix3.txt 2010-10-19 11:46
ComboFix4.txt 2010-10-19 07:44
ComboFix5.txt 2010-10-20 10:58
Pre-Run: 54.238.773.248 bytes beschikbaar
Post-Run: 54.203.953.152 bytes beschikbaar
- - End Of File - - 0038B3AF23D096B3CED2C293EE02C107
erik-hjt

20-10-2010 14:18

Het is helaas niet gelukt,
Ik zie dat McAfee nog steeds actief was, is het tijdelijk uitschakelen niet gelukt ?
Probeer de voorgaande post anders nog een keer svp :-)
mar

20-10-2010 17:03

Hoi
Ik hoop dat het nu gelukt is
bedankt nogmaals
ComboFix 10-10-19.02 - hansenmarjo 20-10-2010 16:44:09.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1085
Gestart vanuit: c:\users\hansenmarjo\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\hansenmarjo\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Service_jpcrvjjt
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-20 to 2010-10-20 ))))))))))))))))))))))))))))))
.
2010-10-20 14:51 . 2010-10-20 14:51 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-10-18 14:05 . 2010-10-18 14:05 ——– d-sh–w- c:\windows\system32\%APPDATA%
2010-10-18 14:00 . 2010-10-20 14:53 ——– d—–w- c:\users\hansenmarjo\AppData\Local\temp
2010-10-13 05:21 . 2010-09-13 13:56 8147456 —-a-w- c:\windows\system32\wmploc.DLL
2010-10-13 05:21 . 2010-09-13 13:56 168960 —-a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:21 . 2010-09-06 16:20 125952 —-a-w- c:\windows\system32\srvsvc.dll
2010-10-13 05:21 . 2010-09-06 13:45 304128 —-a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 05:21 . 2010-09-06 13:45 145408 —-a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 05:21 . 2010-09-06 13:45 102400 —-a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 05:21 . 2010-09-06 16:19 17920 —-a-w- c:\windows\system32\netevent.dll
2010-10-13 05:21 . 2010-08-10 15:53 274944 —-a-w- c:\windows\system32\schannel.dll
2010-10-13 05:21 . 2010-06-28 17:00 1316864 —-a-w- c:\windows\system32\ole32.dll
2010-10-13 05:21 . 2010-06-28 14:54 339968 —-a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 05:21 . 2010-08-26 16:37 157184 —-a-w- c:\windows\system32\t2embed.dll
2010-10-11 18:34 . 2010-10-20 14:53 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Dropbox
2010-10-11 16:17 . 2010-10-15 11:36 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\QuickScan
2010-10-10 17:30 . 2010-10-10 17:31 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\PeaceCraft2
2010-10-03 16:57 . 2010-10-03 16:57 ——– d—–w- c:\programdata\HPSSUPPLY
2010-10-03 11:23 . 2010-10-03 11:24 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\ThreeDays2
2010-10-03 09:38 . 2006-11-29 11:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-10-03 09:37 . 2010-10-03 09:37 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-03 09:35 . 2008-06-17 14:13 74520 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DSETUP.dll
2010-10-03 09:35 . 2008-06-17 14:13 484632 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\DXSETUP.exe
2010-10-03 09:35 . 2008-06-17 14:13 1670936 —-a-w- c:\program files\Common Files\Windows Live\.cache\4ec487b51cb62de\dsetup32.dll
2010-10-03 09:22 . 2009-04-20 10:23 315904 —-a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70w.dll
2010-10-03 09:17 . 2010-10-03 09:17 ——– d—–w- c:\programdata\HP Product Assistant
2010-10-03 09:10 . 2009-02-10 13:03 966656 —-a-w- c:\windows\system32\hpost_p02e.dll
2010-10-03 09:10 . 2009-02-10 13:03 315392 —-a-w- c:\windows\system32\hposc_p02a.dll
2010-10-03 09:10 . 2009-02-10 13:03 712704 —-a-w- c:\windows\system32\hposwia_p02e.dll
2010-10-03 09:10 . 2008-10-28 03:27 372736 —-a-w- c:\windows\system32\hppldcoi.dll
2010-10-03 09:10 . 2008-10-28 03:27 309760 —-a-w- c:\windows\system32\difxapi.dll
2010-10-03 09:10 . 2010-10-03 09:10 ——– d—–w- c:\users\hansenmarjo\{44d77c09-f5ba-441a-be33-08291b71fad0}
2010-10-03 09:10 . 2009-04-15 14:53 452408 —-a-w- c:\windows\system32\hpzids01.dll
2010-10-03 09:10 . 2009-04-20 10:23 123904 —-a-w- c:\windows\system32\hpf3l70w.dll
2010-09-29 05:09 . 2010-06-22 13:30 2048 —-a-w- c:\windows\system32\tzres.dll
2010-09-29 05:08 . 2010-08-26 04:23 13312 —-a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-27 09:00 . 2010-09-27 09:00 ——– d—–w- c:\users\hansenmarjo\.jordan
2010-09-23 11:04 . 2010-09-23 11:04 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Silverback Productions
2010-09-22 17:55 . 2010-09-22 17:55 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Enlightenus2_BFG
2010-09-22 16:10 . 2010-09-22 16:10 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\users\hansenmarjo\AppData\Roaming\Floodlight Games
2010-09-21 14:47 . 2010-09-21 14:47 ——– d—–w- c:\programdata\Floodlight Games
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe”
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe”
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe”
c:\users\hansenmarjo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
@=“”
@=“”
@=“Service”
“Google Update”=“c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe” /c
“Adobe Reader Speed Launcher”=“e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“HP Software Update”=c:\program files\HP\HP Software Update\HPWuSchd2.exe
“DisableMonitoring”=dword:00000001
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Belkin\F5D7000v8\jswpsapi.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de ‘Gedeelde Taken’ map
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000Core.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071820252-2080101743-2187659691-1000UA.job
- c:\users\hansenmarjo\AppData\Local\Google\Update\GoogleUpdate.exe
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-02-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe
2010-10-20 c:\windows\Tasks\User_Feed_Synchronization-{DC93F4AA-3005-4D9D-8078-F8C80332659F}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL -
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\hansenmarjo\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\hansenmarjo\AppData\Roaming\Mozilla\Firefox\Profiles\58qnie63.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: e:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgbaam7a8h”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.IDN.whitelist.xn–mgberp4a5d4ar”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“dom.ipc.plugins.enabled”, false);
.
“ImagePath”=“System32\DRIVERS\rasacd.sy@”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘Explorer.exe’(3696)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\hansenmarjo\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\conime.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
.
**************************************************************************
.
Voltooingstijd: 2010-10-20 16:57:49 - machine werd herstart
ComboFix-quarantined-files.txt 2010-10-20 14:57
ComboFix2.txt 2010-10-20 11:17
ComboFix3.txt 2010-10-20 07:19
ComboFix4.txt 2010-10-19 11:46
ComboFix5.txt 2010-10-20 14:37
Pre-Run: 54.271.188.992 bytes beschikbaar
Post-Run: 54.130.753.536 bytes beschikbaar
- - End Of File - - 450F81285A3E5187D41EEF170954296C
erik-hjt

20-10-2010 18:05

Zo te zien is het gelukt :-)
Ga naar Start - Uitvoeren
Geef hier het volgende in: Combofix /Uninstall (vergeet niet de spatie tussen combofix en /uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Verwijder het programma G-mer door het volgende bestand te verwijderen: kzr7pqci.exe
Zet McAfee weer terug op actief.
Start MBAM en update het eerst.
Doe daarna een volledige systeem scan en post dat logje hier nog svp.
Laat even weten hoe de situatie nu is.
mar

20-10-2010 20:21

Hoi
Ik hoop dat het u en mij gelukt is
Ik heb de bestanden al verwijders
gr mar
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4893
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
20-10-2010 20:14:10
mbam-log-2010-10-20 (20-14-10).txt
Scantype: Volledige scan (C:\|D:\|E:\|)
Objecten gescand: 503999
Verstreken tijd: 1 uur/uren, 51 minuut/minuten, 16 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Users\hansenmarjo\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000df5 (RogueSecurityIS) -> No action taken.
E:\downloads marjo\OGAoffice-crck-ByHunter\KeyChanger.Office.2.0.0\keygen.exe (RiskWare.Tool.CK) -> No action taken.
Jos H

20-10-2010 20:29

De bedoeling zal zijn dat de gevonden zaken na de scan aangevinkt worden voor verwijdering.?

google crome werkt niet meer

mar

erik-hjt

mar

erik-hjt

mar

erik-hjt

mar

erik-hjt

mar

Jos H