Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ben
Wist niet dat niet duidelijk genoeg was??
Ben:S
Zoals gevraagd:
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:40:04, on 7-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Guus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM\..\Run: C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\P4P\P4P.exe”
O4 - HKLM\..\Run: C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “D:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “D:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = C:\Users\Guus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} (Album Upload Software Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://beemster.nl.photo-online.com/ImageUploader4.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - d:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9f0153a4dc68) (gupdate1c9f0153a4dc68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
–
End of file - 10270 bytes
lwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 5475
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
7-1-2011 14:38:41
mbam-log-2011-01-07 (14-38-41).txt
Scantype: Volledige scan (C:\|D:\|F:\|)
Objecten gescand: 319154
Verstreken tijd: 1 uur/uren, 9 minuut/minuten, 57 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Hoi LG,
Start HijackThis en klik op “Do a scan only” en vink de volgende regels aan:
R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
Sluit alle vensters, behalve HijackThis en klik op fix checked.
Download Combofix naar je Bureaublad.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe.
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post samen met een nieuw HijackThis log.
Succes,
Huib;)
Zoals gevraagd:
logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:14, on 8-1-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Guus\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnederland.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\Power2Go” UpdateWithCreateOnce “SOFTWARE\CyberLink\Power2Go\6.0”
O4 - HKLM\..\Run: C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\P4P\P4P.exe”
O4 - HKLM\..\Run: C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM\..\Run: “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “D:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
O4 - HKLM\..\Run: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe” -launchedbylogin
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: “D:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - Startup: Dropbox.lnk = C:\Users\Guus\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} (Album Upload Software Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://beemster.nl.photo-online.com/ImageUploader4.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - d:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate1c9f0153a4dc68) (gupdate1c9f0153a4dc68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
–
End of file - 8934 bytes
ComboFix 11-01-07.01 - Guus 08-01-2011 11:10:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3036.1685
Gestart vanuit: c:\users\Guus\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Aanwezig AV is actief
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-12-08 to 2011-01-08 ))))))))))))))))))))))))))))))
.
2011-01-08 10:19 . 2011-01-08 10:19 ——– d—–w- c:\users\Guus\AppData\Local\temp
2011-01-08 10:19 . 2011-01-08 10:19 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-01-07 12:12 . 2010-11-10 04:33 6273872 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{317F3DAA-4EBD-4949-A4D8-C91EB14981D2}\mpengine.dll
2011-01-06 17:01 . 2011-01-06 17:01 388096 —-a-r- c:\users\Guus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-06 17:01 . 2011-01-06 17:01 ——– d—–w- c:\program files\Trend Micro
2010-12-30 15:01 . 2010-12-30 15:01 ——– d—–w- c:\programdata\Astroburn Pro
2010-12-30 15:01 . 2010-12-30 15:01 ——– d—–w- c:\users\Guus\AppData\Roaming\Astroburn Pro
2010-12-22 10:34 . 2010-12-22 10:34 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-12-22 10:33 . 2010-12-22 10:41 ——– d—–w- c:\users\Guus\AppData\Roaming\DAEMON Tools Lite
2010-12-22 10:33 . 2010-12-22 10:33 ——– d—–w- c:\programdata\DAEMON Tools Lite
2010-12-22 10:13 . 2010-12-22 10:17 ——– d—–w- c:\users\Guus\AppData\Roaming\VMware
2010-12-22 10:02 . 2010-12-22 10:26 ——– d—–w- c:\programdata\VMware
2010-12-21 14:31 . 2010-12-21 14:31 ——– d—–w- c:\users\Guus\AppData\Local\MetaGeek,_LLC
2010-12-14 11:22 . 2011-01-08 10:04 ——– d—–w- c:\users\Guus\AppData\Roaming\Dropbox
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 09:15 . 2008-10-12 05:08 45056 —-a-w- c:\windows\system32\acovcnt.exe
2010-12-20 17:09 . 2009-06-11 13:28 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-06-11 13:28 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 13:45 . 2003-03-19 10:05 106496 —-a-w- c:\windows\system32\ATL71.DLL
2010-12-02 03:35 . 2010-12-02 03:35 4280320 —-a-w- c:\windows\system32\GPhotos.scr
2010-11-23 15:11 . 2010-06-16 13:06 57344 —-a-r- c:\users\Guus\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-11-12 17:53 . 2010-05-07 13:48 472808 —-a-w- c:\windows\system32\deployJava1.dll
2010-10-30 06:09 . 2010-10-30 06:09 675840 —-a-w- c:\windows\yowindow.scr
2010-10-19 09:41 . 2009-10-05 08:57 222080 ——w- c:\windows\system32\MpSigStub.exe
2008-07-02 02:28 . 2008-07-02 02:28 61440 —-a-w- c:\program files\Common Files\CPInstallAction.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{A8D448F4-0431-45AC-9F5E-E1B434AB2249}”
2007-06-02 00:08 143360 —-a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
@=“{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\Guus\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\Guus\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
@=“{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
2009-12-09 01:19 94208 —-a-w- c:\users\Guus\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe”
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“DAEMON Tools Lite”=“d:\program files\DAEMON Tools Lite\DTLite.exe”
“CLMLServer”=“c:\program files\CyberLink\Power2Go\CLMLSvc.exe”
“P2Go_Menu”=“c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe”
“HControlUser”=“c:\program files\ASUS\ATK Hotkey\HControlUser.exe”
“ATKOSD2”=“c:\program files\ASUS\ATKOSD2\ATKOSD2.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“PowerForPhone”=“c:\program files\P4P\P4P.exe”
“ASUS Screen Saver Protector”=“c:\windows\AsScrPro.exe”
“ASUS Camera ScreenSaver”=“c:\windows\AsScrProlog.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
“nod32kui”=“c:\program files\Eset\nod32kui.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“QuickTime Task”=“d:\program files\QuickTime\QTTask.exe”
“Nikon Transfer Monitor”=“c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe”
“AdobeAAMUpdater-1.0”=“c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe”
“SwitchBoard”=“c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe”
“AdobeCS5ServiceManager”=“c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“UpdateReminder”=“c:\program files\Eset\UpdateReminder.exe”
“Corel Photo Downloader”=“c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe”
c:\users\Guus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Guus\AppData\Roaming\Dropbox\bin\Dropbox.exe
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“aux1”=wdmaud.drv
2007-07-14 00:25 741376 —-a-w- c:\program files\ChkMail\ChkMail\ChkMail.exe
2007-08-20 08:42 495616 —-a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
2008-06-24 14:06 1840424 —-a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“DisableMonitoring”=dword:00000001
“AntiVirusOverride”=dword:00000001
“EnableNotificationsRef”=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate1c9f0153a4dc68;Google Updateservice (gupdate1c9f0153a4dc68);c:\program files\Google\Update\GoogleUpdate.exe
R3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
2008-06-09 17:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de ‘Gedeelde Taken’ map
2011-01-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
2011-01-08 c:\windows\Tasks\User_Feed_Synchronization-{0B1673FE-644D-4A82-A266-5A0009A26F15}.job
- c:\windows\system32\msfeedssync.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startnederland.nl/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 11:19
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101”
“Enabled”=dword:00000001
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
@=“{00020424-0000-0000-C000-000000000046}”
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘Explorer.exe’(6060)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Guus\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Voltooingstijd: 2011-01-08 11:22:26
ComboFix-quarantined-files.txt 2011-01-08 10:22
ComboFix2.txt 2011-01-08 09:51
Pre-Run: 65.650.933.760 bytes beschikbaar
Post-Run: 65.417.154.560 bytes beschikbaar
- - End Of File - - 0F5F63FAB84CD17BD9AA1871DE22D017
Hoi LG,
Ziet er allemaal goed uit.
Hoe is het nu met jou probleem:S
Download combofix uninstaller:
http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE
Klik op bestand opslaan.
Plaats hem b.v. op je buroblad.
Dubbel klik en kies uitvoeren.
Laat hem zijn werk doen en klik op done.
Systeemherstel uitschakelen & systeemherstelpunten verwijderen:
Windows Vista.
Ga naar Configuratiescherm, en dan naar Systeem en Onderhoud. Kies nu Systeem.
Klik links op Systeembeveiliging en bevestig de melding die je kijgt van Gebruikersaccountbeheer, door op “Doorgaan” te klikken.
Bij Automatische Systeemherselpunten krijg je een overzicht van alle beschikbare harde schijven.
Haal het vinkje weg bij elke harde schijf waar systeemherstel in ingeschakeld. Bevestig de melding die je krijgt door op ‘Systeemherstel uitschakelen’ te klikken.
Herstart de computer.
Schakel systeemherstel weer opnieuw in!
Groetjes Huib;)
