Volledige versie bekijken : logje , constante doorverwijzing naar blickx en andere pagina
STEENE 3 March 2010, 21:40 hier is een log aangemaakt kan er iemand zeggen hoe het komt dat ik constant bij het openen of zoeken doorverwezen wordt naar blinckx en een andere pagina cppmt en nog iets .
Heb al verschillende programma s laten draaien en met AVAST heb ik een trojan verwijderd en wat spyware alsook met MALWARE bytes maar deze constante verwijzing krijg ik niet weg .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:35, on 2/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/4 (http://g.uk.msn.com/USCON/4)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ (http://www.google.be/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://go.microsoft.com/fwlink/?LinkId=69157)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab (http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_f6ef8056\aestsrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 8917 bytes
Rosty 4 March 2010, 10:36 Kun je de log van MBAM eens posten aub?
STEENE 4 March 2010, 20:13 Malwarebytes' Anti-Malware 1.44
Database versie: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
1/03/2010 23:13:32
mbam-log-2010-03-01 (23-13-31).txt
Scan type: Volledige Scan (C:\|E:\|)
Objecten gescand: 231758
Verstreken tijd: 1 hour(s), 9 minute(s), 22 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Aub Rosty
mvg bjorn
Rosty 4 March 2010, 21:50 Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.Post dit logje in je volgende antwoord.
STEENE 5 March 2010, 20:53 hey rosty hier de file , halfweg staat er nog een die ineens tevoorschijn kwam handelend over javascript en dergelijke .
Alvast bedankt bjorn
ComboFix 10-03-04.03 - steenestoned 05/03/2010 9:08.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2010.879 [GMT 1:00]
Gestart vanuit: c:\users\steenestoned\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3616753639-3630536834-2588164822-500
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\oko6.sys
c:\windows\system32\drivers\wrocff.sys
c:\windows\system32\oem6.inf
c:\windows\system32\oko6.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OKO6
-------\Service_oko6
-------\Service_okosrv
-------\Service_wayisi
(((((((((((((((((((( Bestanden Gemaakt van 2010-02-05 to 2010-03-05 ))))))))))))))))))))))))))))))
.
2010-03-05 08:22 . 2010-03-05 09:19 -------- d-----w- c:\users\steenestoned\AppData\Local\temp
2010-03-05 08:22 . 2010-03-05 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 18:13 . 2010-03-02 18:13 -------- d-----w- c:\program files\Trend Micro
2010-02-21 19:29 . 2010-02-21 19:29 -------- d-----w- c:\users\steenestoned\AppData\Roaming\Malwarebytes
2010-02-21 19:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 19:29 . 2010-02-21 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 19:29 . 2010-02-21 19:29 -------- d-----w- c:\programdata\Malwarebytes
2010-02-21 19:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 04:06 . 2010-02-21 04:24 -------- d-----w- c:\users\steenestoned\AppData\Local\Adobe
2010-02-20 23:29 . 2010-02-20 23:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-20 23:28 . 2010-02-21 19:45 -------- d-----w- c:\users\steenestoned\AppData\Roaming\SUPERAntiSpy ware.com
2010-02-20 23:28 . 2010-02-21 19:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-20 23:01 . 2010-02-20 23:01 -------- d-----w- c:\users\steenestoned\AppData\Local\Threat Expert
2010-02-20 22:30 . 2010-02-21 03:42 -------- d-----w- c:\program files\Spyware Doctor
2010-02-20 22:18 . 2010-02-20 22:18 -------- d-----w- c:\users\steenestoned\AppData\Roaming\AVG8
2010-02-17 19:56 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-17 19:56 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-17 19:56 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-17 19:56 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-17 19:56 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-17 19:56 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-17 19:56 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-17 19:55 . 2010-02-17 19:55 -------- d-----w- c:\programdata\Alwil Software
2010-02-17 19:55 . 2010-02-17 19:55 -------- d-----w- c:\program files\Alwil Software
2010-02-17 19:27 . 2010-02-17 19:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-02-17 19:22 . 2010-02-17 19:22 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-02-17 19:22 . 2010-02-17 19:27 -------- d-----w- c:\programdata\Hitman Pro
2010-02-17 19:22 . 2010-02-17 19:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-02-11 08:37 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-11 08:37 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-11 08:37 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-11 08:37 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-11 08:37 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-11 08:37 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-11 08:37 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-11 08:37 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-11 08:37 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-11 08:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-11 08:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-11 08:36 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-11 08:36 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-11 08:36 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-11 08:36 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-07 07:17 . 2010-02-07 07:17 20299200 ----a-w- c:\users\steenestoned\AppData\Roaming\TomTom\HOME\ Profiles\rc43q86z.default\Updates\v2_7_3_1894_win. exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-03-05 09:21 . 2009-07-07 17:14 -------- d-----w- c:\users\steenestoned\AppData\Roaming\skypePM
2010-03-05 09:20 . 2009-07-07 17:13 -------- d-----w- c:\users\steenestoned\AppData\Roaming\Skype
2010-03-05 08:29 . 2008-01-21 05:45 682746 ----a-w- c:\windows\system32\perfh013.dat
2010-03-05 08:29 . 2008-01-21 05:45 131946 ----a-w- c:\windows\system32\perfc013.dat
2010-02-26 18:43 . 2009-06-27 15:06 4494 ----a-w- c:\users\steenestoned\AppData\Roaming\wklnhst.dat
2010-02-26 08:05 . 2009-08-03 03:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-22 20:10 . 2009-08-28 06:45 0 ----a-w- c:\users\steenestoned\AppData\Roaming\DataSafeDotN et.exe
2010-02-22 20:10 . 2009-08-28 06:45 0 ----a-w- c:\users\steenestoned\AppData\Roaming\DataSafeDotN et.exe
2010-02-17 19:17 . 2010-01-23 09:32 -------- d-----w- c:\program files\ESET
2010-02-13 10:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-23 09:31 . 2009-06-15 17:09 -------- d-----w- c:\programdata\McAfee
2010-01-14 10:12 . 2010-01-23 12:00 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 20:09 . 2009-09-28 13:35 -------- d-----w- c:\programdata\QuickTime
2010-01-02 06:38 . 2010-01-22 16:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 16:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 16:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-15 19:25 . 2009-06-15 19:22 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-28 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
c:\users\steenestoned\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-15 17:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d5,02,d0,ba,8f,49,ca,01
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pk ms [2008-11-04 22904]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-02-11 51792]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
okogrp REG_MULTI_SZ okosrv
.
Inhoud van de 'Gedeelde Taken' map
2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{DD9800DB-2BF3-481B-ADCD-B922119227BA}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS VERWIJDERD - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 10:19
Windows 6.0.6002 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P CD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stw rt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-03-05 10:25:29 - machine werd herstart
ComboFix-quarantined-files.txt 2010-03-05 09:25
Pre-Run: 64.384.700.416 bytes beschikbaar
Post-Run: 64.787.259.392 bytes beschikbaar
- - End Of File - - 85AFA43C196C8003CA6D01D43C2A68E3
Hey rostuy dit heb ik ineens ook tevoorschijn gekregen .
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x255a255a, pid=8504, tid=8672
#
# Java VM: Java HotSpot(TM) Client VM (11.0-b16 mixed mode windows-x86)
# Problematic frame:
# C 0x255a255a
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x0c0f6000): JavaThread "thread applet-AppletX-2" [_thread_in_native, id=8672, stack(0x0c330000,0x0c380000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x255a255a
Registers:
EAX=0x00000000, EBX=0x088ad6e0, ECX=0x00d562e8, EDX=0x00000000
ESP=0x0c37fadc, EBP=0x255a255a, ESI=0x088ad6e0, EDI=0x0c0f6000
EIP=0x255a255a, EFLAGS=0x00210246
Top of Stack: (sp=0x0c37fadc)
0x0c37fadc: 00d66c84 00d66c6c 00d66c6c 00d66c84
0x0c37faec: 0c37faec 088ad6e0 0c37fb20 088adda8
0x0c37fafc: 00000000 088ad6e0 00000000 0c37fb1c
0x0c37fb0c: 0c37fb48 02032e83 00000000 02038189
0x0c37fb1c: 04230d58 0423cf98 0423cf98 0c37fb28
0x0c37fb2c: 088ad63f 0c37fb58 088adda8 00000000
0x0c37fb3c: 088ad660 0c37fb1c 0c37fb54 0c37fb7c
0x0c37fb4c: 02032da1 0423e4c0 04230d58 0423cf98
Instructions: (pc=0x255a255a)
0x255a254a:
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]
Stack: [0x0c330000,0x0c380000], sp=0x0c37fadc, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x255a255a
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResour ce(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize( Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j AppletX.init()V+147
j sun.plugin2.applet.Plugin2Manager$AppletExecutionR unnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x0c0f5800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=10236, stack(0x0cde0000,0x0ce30000)]
0x0c0f6400 JavaThread "thread applet-myf.y.AppletX.class-1" [_thread_blocked, id=7480, stack(0x0ce30000,0x0ce80000)]
=>0x0c0f6000 JavaThread "thread applet-AppletX-2" [_thread_in_native, id=8672, stack(0x0c330000,0x0c380000)]
0x0c0f5000 JavaThread "AWT-EventQueue-3" [_thread_blocked, id=8712, stack(0x0cd40000,0x0cd90000)]
0x0c0f5400 JavaThread "Applet 2 LiveConnect Worker Thread" [_thread_blocked, id=6628, stack(0x0cd90000,0x0cde0000)]
0x0c0f4800 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=8936, stack(0x0ccf0000,0x0cd40000)]
0x0c0f4400 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=8848, stack(0x0c6f0000,0x0c740000)]
0x0c0f3c00 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3824, stack(0x0cca0000,0x0ccf0000)]
0x0c0f3800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=9600, stack(0x0c9c0000,0x0ca10000)]
0x0c0f3000 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=8844, stack(0x0c970000,0x0c9c0000)]
0x0c0e2000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=10020, stack(0x0c920000,0x0c970000)]
0x0c0e1400 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4788, stack(0x0c8d0000,0x0c920000)]
0x0c0e1000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=8924, stack(0x0c880000,0x0c8d0000)]
0x0c0d3c00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=8180, stack(0x0c6a0000,0x0c6f0000)]
0x0c0d3800 JavaThread "AWT-Shutdown" [_thread_blocked, id=3916, stack(0x0c650000,0x0c6a0000)]
0x0c0d3000 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=9488, stack(0x0c600000,0x0c650000)]
0x00dbc800 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" [_thread_in_native, id=5908, stack(0x0c430000,0x0c480000)]
0x00d77000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=8384, stack(0x01fc0000,0x02010000)]
0x00d74800 JavaThread "Timer-0" [_thread_blocked, id=9492, stack(0x01f70000,0x01fc0000)]
0x00d72000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=7696, stack(0x01ed0000,0x01f20000)]
0x00d6dc00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5192, stack(0x01e80000,0x01ed0000)]
0x00d6b400 JavaThread "Attach Listener" daemon [_thread_blocked, id=8716, stack(0x01e30000,0x01e80000)]
0x00d60c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=9028, stack(0x00e10000,0x00e60000)]
0x00d51000 JavaThread "Finalizer" daemon [_thread_blocked, id=7196, stack(0x00dc0000,0x00e10000)]
0x00d4c800 JavaThread "Reference Handler" daemon [_thread_blocked, id=4808, stack(0x00ac0000,0x00b10000)]
0x00b29800 JavaThread "main" [_thread_blocked, id=8348, stack(0x00340000,0x00390000)]
Other Threads:
0x00d47400 VMThread [stack: 0x00a70000,0x00ac0000] [id=9712]
0x00d73400 WatcherThread [stack: 0x01f20000,0x01f70000] [id=8408]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 4544K, used 2107K [0x04030000, 0x04510000, 0x04510000)
eden space 4096K, 51% used [0x04030000, 0x0423ed10, 0x04430000)
from space 448K, 0% used [0x04430000, 0x04430120, 0x044a0000)
to space 448K, 0% used [0x044a0000, 0x044a0000, 0x04510000)
tenured generation total 60544K, used 49770K [0x04510000, 0x08030000, 0x08030000)
the space 60544K, 82% used [0x04510000, 0x075aabc0, 0x075aac00, 0x08030000)
compacting perm gen total 12288K, used 8787K [0x08030000, 0x08c30000, 0x0c030000)
the space 12288K, 71% used [0x08030000, 0x088c4ed8, 0x088c5000, 0x08c30000)
No shared spaces configured.
Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x76f20000 - 0x77047000 C:\Windows\system32\ntdll.dll
0x75c40000 - 0x75d1c000 C:\Windows\system32\kernel32.dll
0x756c0000 - 0x75786000 C:\Windows\system32\ADVAPI32.dll
0x755c0000 - 0x75683000 C:\Windows\system32\RPCRT4.dll
0x6b6b0000 - 0x6b6ce000 C:\Windows\system32\ShimEng.dll
0x75400000 - 0x7542c000 C:\Windows\system32\apphelp.dll
0x6b4f0000 - 0x6b578000 C:\Windows\AppPatch\AcLayers.DLL
0x75d20000 - 0x75dbd000 C:\Windows\system32\USER32.dll
0x77130000 - 0x7717b000 C:\Windows\system32\GDI32.dll
0x76220000 - 0x76d30000 C:\Windows\system32\SHELL32.dll
0x76170000 - 0x7621a000 C:\Windows\system32\msvcrt.dll
0x75810000 - 0x75869000 C:\Windows\system32\SHLWAPI.dll
0x75dc0000 - 0x75f05000 C:\Windows\system32\ole32.dll
0x75870000 - 0x758fd000 C:\Windows\system32\OLEAUT32.dll
0x75480000 - 0x7549e000 C:\Windows\system32\USERENV.dll
0x75460000 - 0x75474000 C:\Windows\system32\Secur32.dll
0x70b90000 - 0x70bd2000 C:\Windows\system32\WINSPOOL.DRV
0x75000000 - 0x75014000 C:\Windows\system32\MPR.dll
0x77070000 - 0x7708e000 C:\Windows\system32\IMM32.DLL
0x760a0000 - 0x76168000 C:\Windows\system32\MSCTF.dll
0x770c0000 - 0x770c9000 C:\Windows\system32\LPK.DLL
0x75790000 - 0x7580d000 C:\Windows\system32\USP10.dll
0x74320000 - 0x744be000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x740b0000 - 0x740e2000 C:\Windows\system32\WINMM.dll
0x74070000 - 0x740ad000 C:\Windows\system32\OLEACC.dll
0x6d280000 - 0x6d288000 C:\Program Files\Java\jre6\bin\hpi.dll
0x77050000 - 0x77057000 C:\Windows\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1c0000 - 0x6d1d3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x74f00000 - 0x74ff2000 C:\Windows\system32\CRYPT32.dll
0x75060000 - 0x75072000 C:\Windows\system32\MSASN1.dll
0x75ad0000 - 0x75bb6000 C:\Windows\system32\WININET.dll
0x77120000 - 0x77123000 C:\Windows\system32\Normaliz.dll
0x75990000 - 0x75ac2000 C:\Windows\system32\urlmon.dll
0x76d30000 - 0x76f18000 C:\Windows\system32\iertutil.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x74c90000 - 0x74c98000 C:\Windows\system32\VERSION.dll
0x6e530000 - 0x6e757000 C:\Windows\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x77090000 - 0x770bd000 C:\Windows\system32\WS2_32.dll
0x77060000 - 0x77066000 C:\Windows\system32\NSI.dll
0x74bd0000 - 0x74c0b000 C:\Windows\system32\mswsock.dll
0x74c80000 - 0x74c85000 C:\Windows\System32\wship6.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d138000 C:\Program Files\Java\jre6\bin\awt.dll
0x72840000 - 0x7284c000 C:\Windows\system32\DWMAPI.DLL
0x74620000 - 0x7465f000 C:\Windows\system32\uxtheme.dll
0x6d220000 - 0x6d274000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x748b0000 - 0x748b5000 C:\Windows\System32\wshtcpip.dll
0x74050000 - 0x7405f000 C:\Windows\system32\NLAapi.dll
0x74e60000 - 0x74e79000 C:\Windows\system32\IPHLPAPI.DLL
0x74e20000 - 0x74e55000 C:\Windows\system32\dhcpcsvc.DLL
0x750a0000 - 0x750cc000 C:\Windows\system32\DNSAPI.dll
0x74e10000 - 0x74e17000 C:\Windows\system32\WINNSI.DLL
0x74de0000 - 0x74e02000 C:\Windows\system32\dhcpcsvc6.DLL
0x71df0000 - 0x71dff000 C:\Windows\system32\napinsp.dll
0x71db0000 - 0x71dc2000 C:\Windows\system32\pnrpnsp.dll
0x71de0000 - 0x71de8000 C:\Windows\System32\winrnr.dll
0x770d0000 - 0x77119000 C:\Windows\system32\WLDAP32.dll
0x71dd0000 - 0x71dd6000 C:\Windows\system32\rasadhlp.dll
0x74950000 - 0x7498b000 C:\Windows\system32\rsaenh.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73b40000 - 0x73bb0000 C:\Windows\system32\DSOUND.dll
0x748d0000 - 0x748ea000 C:\Windows\system32\POWRPROF.dll
0x73b10000 - 0x73b3f000 C:\Windows\system32\wdmaud.drv
0x73ad0000 - 0x73ad4000 C:\Windows\system32\ksuser.dll
0x73fe0000 - 0x74008000 C:\Windows\system32\MMDevAPI.DLL
0x74060000 - 0x74067000 C:\Windows\system32\AVRT.dll
0x75f10000 - 0x7609a000 C:\Windows\system32\SETUPAPI.dll
0x74720000 - 0x7474d000 C:\Windows\system32\WINTRUST.dll
0x75690000 - 0x756b9000 C:\Windows\system32\imagehlp.dll
0x73920000 - 0x73941000 C:\Windows\system32\AUDIOSES.DLL
0x73670000 - 0x736d6000 C:\Windows\system32\audioeng.dll
0x73ab0000 - 0x73ab9000 C:\Windows\system32\msacm32.drv
0x73620000 - 0x73634000 C:\Windows\system32\MSACM32.dll
0x738f0000 - 0x738f7000 C:\Windows\system32\midimap.dll
VM Arguments:
jvm_args: -D__jvm_launched=780504620473 -Xbootclasspath/a:C:\\PROGRA~1\\Java\\jre6\\lib\\deploy.jar;C:\\PR OGRA~1\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~1\\ Java\\jre6\\lib\\plugin.jar -Dsun.plugin2.jvm.args=-D__jvm_launched=780504620473 "-Xbootclasspath/a:C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\deploy. jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\javaw s.jar;C:\\\\PROGRA~1\\\\Java\\\\jre6\\\\lib\\\\plu gin.jar" "-Djava.class.path=C:\\\\PROGRA~1\\\\Java\\\\jre6\\\ \classes" --
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid8440_pipe4,read_pipe_name= jpi2_pid8440_pipe3
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Window s\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
USERNAME=steenestoned
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows Vista Build 6002 Service Pack 2
CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3
Memory: 4k page, physical 2057864k(814720k free), swap 4194303k(2255204k free)
vm_info: Java HotSpot(TM) Client VM (11.0-b16) for windows-x86 JRE (1.6.0_11-b03), built on Nov 10 2008 02:15:12 by "java_re" with MS VC++ 7.1
time: Tue Mar 02 19:04:22 2010
elapsed time: 8 seconds
Rosty 6 March 2010, 13:20 Update je MBAM, en doe er een snelle scan mee. Post dan deze log hier voor mij.
Merk je trouwens al verbetering?
STEENE 6 March 2010, 19:13 ja ik heb er blijkbaar geen last meer van super bedankt .
Mvg bjorn
STEENE 6 March 2010, 19:34 Malwarebytes' Anti-Malware 1.44
Database versie: 3829
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
6/03/2010 18:33:04
mbam-log-2010-03-06 (18-33-04).txt
Scan type: Snelle Scan
Objecten gescand: 107588
Verstreken tijd: 8 minute(s), 26 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\okogrp (Worm.KoobFace) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
nu heeft hij een worm gevonden , hopelijk is het dit in ieder geval nog eens super bedankt .
Rosty 6 March 2010, 22:26 Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.
Voorbeeld:
http://home.kpn.nl/stefsmeenk/CFUninstall.PNG
Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg
|
|