Ga naar inhoud

rsca1973

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    113

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door rsca1973

  1. rsca1973
    Ik zit met een groot probleem. Ik kan nl. mijn pc niet meer opstarten. Hij start op tot ik het logo van windows XP te zien krijg. Daarna krijg ik vlug een blauw scherm en start hij terug opnieuw op. En zo gaat het dus telkens weer opnieuw. Opstarten in veilige modus lukt ook niet en naar de laatst werkende configuratie gaan doet hij ook al niet. Ik heb ondertussen wel de foutboodschap kunnen noteren. Deze is: ***STOP: 0X000000ED (0X89C084B0, 0XC0000006, 0X00000000, 0X00000000). Het enige dat ik kan zeggen dat mijn jonger broertje zitten surfen heeft deze namiddag en toen ik hem daarnet wou opzetten ik geconfronteerd werd met vorig vermeld probleem. Ik heb vorige week wel een nieuwe videokaart geïnstalleerd met daarbij de nodige drivers. Zou dit eventueel het probleem kunnen veroorzaken? Zou mij aub iemand willen helpen aub want het is de enige pc die ik bezit (dit bericht heb ik kunnen verzenden door hulp van mijn buurman).
  2. rsca1973
    Sorry dat ik zo laat reageer maar heb weinig tijd had de laatste dagen. Alles werkt nu terug naar behoren. Volgens mij was het gewoon vuil die de zaak veroorzaakte. Heb de pc nog eens uitgeblazen en sindsdien heb ik geen problemen meer. Alles start gewoon op en werkt terug zoals voordien. Bedankt toch voor de reactie!
  3. rsca1973
    Model: PC MT6 Typ: MED MT 316 MED S/N: 11184010100271 Voor de rest zie ik daar niets speciaal op staan. Of moet ik de pc daarvoor open doen? In ieder geval is hij niet meer in garantie. Is zeker al een jaar of 4-5 oud.
  4. rsca1973
    Kan geen ander scherm aansluiten op mijn pc. Maar ik denk eerlijk gezegd dat het niet aan het scherm ligt. Heb zo'n vaag vermoeden dat het wel eens mijn videokaard zou kunnen zijn. Heb nu ook gezien dat de ventilator het heeft begeven, dus dat zal wel de reden zijn vrees ik. Dat zal dus een nieuwe videokaard worden Mijn pc is een Medion. Pentium 4 CPU 3.40 GHz. Kloksnelheid: 3.39 GHz, 1,50 GB Ik weet niet of je daar voldoende info mee hebt.
  5. rsca1973
    Na een paar keer proberen start hij soms wel op. Dat is het rare aan de ganse zaak!
  6. rsca1973
    Sedert een aantal dagen heb ik een probleem bij het opstarten van mijn pc. Hij draait naar mijn mening normaal maar ik krijg geen signaal op mijn beeldscherm. Alle kabels zijn correct aangesloten. Het rare is dat het soms na een aantal keren proberen plotseling wel gaat. Is het nu puur toeval, maar als ik met de muis zit te bewegen, start hij soms wel op. Heb mijn vaste pc al opgengemaakt en nagekeken of er geen draden los zitten, maar ik kan niet direkt iets vinden. Heb hem ook al eens uitgeblazen om het stof te verwijderen, maar niet onmiddellijk resultaat. Ik vraag me nu af of het aan de hardware ligt of er al dan niet een virus of iets dergelijks op mijn computer zit. Ben nu in ieder geval mijn pc aan het laten scannen door malwarebytes. AVG heeft zaterdag in ieder geval niets gevonden en toen waren er al problemen. Zal misschien voor alle zekerheid al een logje plaatsen van HijackThis, wie weet zien jullie hieraan al iets: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:34:53, on 31/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - http://www3.snapfish.be/SnapfishActivia3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12642 bytes Al bedankt op voorhand!
  7. rsca1973
    Alles is gedaan zoals je gevraagd hebt en het resultaat is schitterend. Geen waarschuwingen meer van AVG en mijn pc is duidelijk terug sneller geworden. Mag ik je bedanken voor de schitterende support! Mooi dat er nog mensen bestaan op deze aardbol die ook eens iets willen doen voor een sukkelende medemens!!!!!
  8. rsca1973
    Ik dacht dat we er al waren want de pc is opnieuw veel sneller en ik kreeg (nadat ik AVG opnieuw had geïnstalleerd) geen waarschuwingen meer. Maar heb dus AVG opnieuw verwijderd en heb alles gedaan wat je hierboven hebt beschreven. Hier het logje van combofix: ComboFix 11-04-24.04 - Andy 25/04/2011 9:06.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1534.1093 [GMT 2:00] Gestart vanuit: c:\documents and settings\Andy\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Andy\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\TEMP\ympp\setup.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AMSERVICE -------\Service_AMService -------\Service_NOD32FiXTemDono -------\Service_rseb . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-25 to 2011-04-25 )))))))))))))))))))))))))))))) . . 2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2011-04-22 19:21 . 2011-04-22 19:21 1163104 ----a-w- C:\avg_remover_stf_x86_2011_1322.exe 2011-04-21 08:32 . 2011-04-21 08:32 388096 ----a-r- c:\documents and settings\Andy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-21 08:32 . 2011-04-21 08:32 -------- d-----w- c:\program files\Trend Micro 2011-04-21 08:30 . 2011-04-21 08:30 1402880 ----a-w- C:\HijackThis.msi 2011-04-20 14:55 . 2011-04-20 14:55 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-04-12 19:18 . 2011-04-12 19:18 -------- d-----w- C:\$AVG 2011-04-11 16:43 . 2011-04-11 19:48 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2011-04-11 16:35 . 2011-04-11 16:35 -------- d-----w- c:\documents and settings\Andy\Application Data\AVG10 2011-04-11 16:33 . 2011-04-11 16:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-04-11 16:28 . 2011-04-11 16:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-04-11 16:26 . 2011-04-22 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-04-11 16:18 . 2011-04-11 16:18 5497592 ----a-w- C:\avg_free_stb_all_2011_1321_cnet.exe 2011-04-11 13:17 . 2011-04-11 13:17 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-04-11 12:58 . 2011-04-11 13:05 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2011-04-09 09:15 . 2011-04-09 09:15 734160 ----a-w- C:\VobSub_2.23.exe 2011-04-06 16:04 . 2011-04-25 06:57 -------- d--h--r- c:\documents and settings\Andy\Onlangs geopend 2011-03-31 16:56 . 2011-03-31 16:56 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Aiseesoft Studio 2011-03-31 16:53 . 2011-03-31 16:53 -------- d-----w- c:\program files\Aiseesoft Studio 2011-03-31 16:53 . 2011-03-31 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Aiseesoft Total Video Converter 2011-03-31 16:43 . 2011-03-31 16:43 8538960 ----a-w- C:\MovieMaker2.exe 2011-03-31 04:52 . 2011-03-02 05:19 14742507 ----a-w- C:\total-video-converter.exe 2011-03-30 16:14 . 2011-03-30 16:14 -------- d-----w- c:\documents and settings\Andy\Application Data\NCH Swift Sound 2011-03-30 16:14 . 2011-03-30 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2011-03-30 16:13 . 2011-03-30 16:13 669784 ----a-w- C:\wpsetup.exe 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\program files\MediaJoin 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30} 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\documents and settings\Andy\Application Data\Seven Zip 2011-03-29 16:04 . 2011-03-29 16:04 4247600 ----a-w- C:\setup_mj.exe 2011-03-29 15:52 . 2011-03-30 15:10 -------- d-----w- C:\101PNV01 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-13 16:06 . 2011-03-13 16:06 1029000 ----a-w- C:\SkypeSetup.exe 2011-03-07 05:33 . 2004-10-05 21:31 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-10-06 06:22 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-10-06 06:22 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 18:43 . 2011-03-02 18:43 8543671 ----a-w- C:\SwSaniNet_11(2).exe 2011-03-02 18:43 . 2011-03-02 18:43 8543671 ----a-w- C:\SwSaniNet_11.exe 2011-02-22 23:07 . 2004-10-06 06:22 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:07 . 2004-10-06 06:21 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:07 . 2004-10-06 06:21 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:43 . 2004-10-06 06:21 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-10-06 06:21 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-10-06 06:22 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-10-06 06:21 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-11 14:44 . 2004-10-06 00:42 236544 ----a-w- c:\windows\system32\fxscover.exe 2011-02-09 13:54 . 2004-10-06 06:22 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-10-06 06:21 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-10-06 06:21 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-10-06 06:21 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 20:40 . 2010-08-31 18:10 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2008-04-01 15:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2004-10-05 21:30 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-10-05 21:30 677888 ----a-w- c:\windows\system32\mstsc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "System"="explorer.exe" [2008-04-14 1037312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-06 233936] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-29 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Andy^Menu Start^Programma's^Opstarten^Dropbox.lnk] path=c:\documents and settings\Andy\Menu Start\Programma's\Opstarten\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Andy^Menu Start^Programma's^Opstarten^Logitech-productregistratie.lnk] path=c:\documents and settings\Andy\Menu Start\Programma's\Opstarten\Logitech-productregistratie.lnk backup=c:\windows\pss\Logitech-productregistratie.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant] LBTWIZ.EXE -silent [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2004-02-20 14:00 88363 ----a-w- c:\windows\AGRSMMSG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2009-06-04 15:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] 2004-02-24 12:05 508416 ----a-w- c:\windows\mHotkey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] 2004-02-03 15:15 5794816 ----a-w- c:\windows\CNYHKey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-08-17 02:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-08-17 02:03 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-08-12 21:40 1657376 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2004-03-17 14:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2004-10-08 17:02 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 11:03 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-03-01 05:10 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "CA_LIC_SRVR"=3 (0x3) "CA_LIC_CLNT"=3 (0x3) "BlueSoleil Hid Service"=2 (0x2) "ose"=3 (0x3) "NOD32FiXTemDono"=2 (0x2) "Nero BackItUp Scheduler 4.0"=2 (0x2) "iPod Service"=3 (0x3) ".EsetTrialReset"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "d:\\Documenten\\Mijn ontvangen bestanden\\utorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Andy\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/01/2009 19:51 697328] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/05 20:37];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 12:58 87536] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [19/09/2002 20:29 53248] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/01/2011 19:01 363344] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [18/02/2010 14:01 462632] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6/10/2004 1:38 1272000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/01/2011 19:01 20952] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [13/03/2011 18:14 152576] R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6/10/2004 2:27 19928] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2010 18:12 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31/07/2006 14:44 580992] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23/10/2004 14:49 24704] S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24/10/2004 12:28 11672] S4 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?] S4 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [19/09/2002 20:27 77824] S4 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [19/09/2002 20:41 77824] . Inhoud van de 'Gedeelde Taken' map . 2011-04-25 c:\windows\Tasks\Andy Local Autobackup 5 4.job - c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-02-22 14:17] . 2010-10-05 c:\windows\Tasks\Andy NBAgent 5 4.job - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22 14:17] . 2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-04-25 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . 2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 16:11] . 2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 16:11] . 2011-04-14 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-04-25 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-04-02 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-03-30 16:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.be/SnapfishActivia3.cab FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\tcath2ai.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nieuwsblad.be/index.html?ref=0911 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Dictionnaire français «Classique»: fr-classique@dictionaries.addons.mozilla.org - %profile%\extensions\fr-classique@dictionaries.addons.mozilla.org . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-25 09:17 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c6,fc,cd,82,96,6f,45,80,50,f5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c6,fc,cd,82,96,6f,45,80,50,f5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(512) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\gpkcsp.dll c:\windows\system32\gpkrsrc.dll . - - - - - - - > 'explorer.exe'(3312) c:\program files\Logitech\SetPoint\lgscroll.dll c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Logitech\Bluetooth\LBTServ.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Voltooingstijd: 2011-04-25 09:21:14 - machine werd herstart ComboFix-quarantined-files.txt 2011-04-25 07:21 ComboFix2.txt 2011-04-22 20:02 . Pre-Run: 49.944.629.248 bytes beschikbaar Post-Run: 49.979.265.024 bytes beschikbaar . Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 6E68E4DA496AC4EE0AD0424A6AEA32BD Hierna het logje van hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:30:43, on 25/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunServices: [system] explorer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} (Snapfish Activia3) - http://www3.snapfish.be/SnapfishActivia3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11699 bytes
  9. rsca1973
    Ziehier het logje van combofix: ComboFix 11-04-22.01 - Andy 22/04/2011 21:42:50.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1534.1146 [GMT 2:00] Gestart vanuit: c:\documents and settings\Andy\Bureaublad\ComboFix.exe . ADS - WINDOWS: deleted 48 bytes in 1 streams. . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\desktop.ini c:\documents and settings\Andy\Application Data\Desktopicon c:\documents and settings\Andy\Application Data\inst.exe c:\documents and settings\Andy\Local Settings\Application Data\boot.dat c:\documents and settings\NetworkService\Local Settings\Application Data\gmecoss.dll C:\IE8-WI~1.EXE C:\index.htm c:\program files\Internet Explorer\SET190.tmp c:\program files\Internet Explorer\SET191.tmp c:\program files\Internet Explorer\SET192.tmp c:\program files\Internet Explorer\SET1C.tmp c:\program files\Internet Explorer\SET1D.tmp c:\program files\Internet Explorer\SET1E.tmp c:\program files\Internet Explorer\SET257.tmp c:\program files\Internet Explorer\SET258.tmp c:\program files\Internet Explorer\SET259.tmp c:\program files\Internet Explorer\SET2A0.tmp c:\program files\Internet Explorer\SET2A1.tmp c:\program files\Internet Explorer\SET2A2.tmp c:\program files\Internet Explorer\SET38.tmp c:\program files\Internet Explorer\SET39.tmp c:\program files\Internet Explorer\SET3A.tmp c:\program files\Internet Explorer\SET5.tmp c:\program files\Internet Explorer\SET5CD.tmp c:\program files\Internet Explorer\SET5CE.tmp c:\program files\Internet Explorer\SET5CF.tmp c:\program files\Internet Explorer\SET6.tmp c:\program files\Internet Explorer\SET6B3.tmp c:\program files\Internet Explorer\SET6B4.tmp c:\program files\Internet Explorer\SET6B5.tmp c:\program files\Internet Explorer\SET7.tmp c:\program files\Internet Explorer\SET8.tmp c:\program files\Internet Explorer\SET9.tmp c:\program files\Internet Explorer\SETA.tmp c:\program files\Internet Explorer\SETC2.tmp c:\program files\Internet Explorer\SETC3.tmp c:\program files\Internet Explorer\SETC4.tmp c:\program files\Internet Explorer\SETD.tmp c:\program files\Internet Explorer\SETE.tmp c:\program files\Internet Explorer\SETF.tmp c:\program files\Uninstall.exe c:\program files\Uninstall.ini c:\restoration\Restoration.exe c:\subtitleworkshop251\subtitleworkshop251.exe C:\Thumbs.db c:\windows\fix.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS -------\Service_usnjsvc . . (((((((((((((((((((( Bestanden Gemaakt van 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))) . . 2071-07-25 08:13 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe 2011-04-22 19:21 . 2011-04-22 19:21 1163104 ----a-w- C:\avg_remover_stf_x86_2011_1322.exe 2011-04-21 08:32 . 2011-04-21 08:32 388096 ----a-r- c:\documents and settings\Andy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-21 08:32 . 2011-04-21 08:32 -------- d-----w- c:\program files\Trend Micro 2011-04-21 08:30 . 2011-04-21 08:30 1402880 ----a-w- C:\HijackThis.msi 2011-04-20 14:55 . 2011-04-20 14:55 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2011-04-12 19:18 . 2011-04-12 19:18 -------- d-----w- C:\$AVG 2011-04-11 16:43 . 2011-04-11 19:48 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2011-04-11 16:35 . 2011-04-11 16:35 -------- d-----w- c:\documents and settings\Andy\Application Data\AVG10 2011-04-11 16:33 . 2011-04-11 16:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2011-04-11 16:28 . 2011-04-11 16:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2011-04-11 16:26 . 2011-04-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-04-11 16:18 . 2011-04-11 16:18 5497592 ----a-w- C:\avg_free_stb_all_2011_1321_cnet.exe 2011-04-11 13:17 . 2011-04-11 13:17 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2011-04-11 12:58 . 2011-04-11 13:05 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2011-04-09 09:15 . 2011-04-09 09:15 734160 ----a-w- C:\VobSub_2.23.exe 2011-04-06 16:04 . 2011-04-22 06:38 -------- d--h--r- c:\documents and settings\Andy\Onlangs geopend 2011-03-31 16:56 . 2011-03-31 16:56 -------- d-----w- c:\documents and settings\Andy\Local Settings\Application Data\Aiseesoft Studio 2011-03-31 16:53 . 2011-03-31 16:53 -------- d-----w- c:\program files\Aiseesoft Studio 2011-03-31 16:53 . 2011-03-31 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Aiseesoft Total Video Converter 2011-03-31 16:43 . 2011-03-31 16:43 8538960 ----a-w- C:\MovieMaker2.exe 2011-03-31 04:52 . 2011-03-02 05:19 14742507 ----a-w- C:\total-video-converter.exe 2011-03-30 16:14 . 2011-03-30 16:14 -------- d-----w- c:\documents and settings\Andy\Application Data\NCH Swift Sound 2011-03-30 16:14 . 2011-03-30 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound 2011-03-30 16:13 . 2011-03-30 16:13 669784 ----a-w- C:\wpsetup.exe 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\program files\MediaJoin 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30} 2011-03-29 16:04 . 2011-03-29 16:04 -------- d-----w- c:\documents and settings\Andy\Application Data\Seven Zip 2011-03-29 16:04 . 2011-03-29 16:04 4247600 ----a-w- C:\setup_mj.exe 2011-03-29 15:52 . 2011-03-30 15:10 -------- d-----w- C:\101PNV01 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-13 16:06 . 2011-03-13 16:06 1029000 ----a-w- C:\SkypeSetup.exe 2011-03-02 18:43 . 2011-03-02 18:43 8543671 ----a-w- C:\SwSaniNet_11(2).exe 2011-03-02 18:43 . 2011-03-02 18:43 8543671 ----a-w- C:\SwSaniNet_11.exe 2011-02-09 13:54 . 2004-10-06 06:22 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:54 . 2004-10-06 06:21 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 20:40 . 2010-08-31 18:10 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 18:19 . 2008-04-01 15:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2004-10-05 21:30 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-10-05 21:30 677888 ----a-w- c:\windows\system32\mstsc.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "System"="explorer.exe" [2008-04-14 1037312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-06 233936] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-29 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Andy^Menu Start^Programma's^Opstarten^Dropbox.lnk] path=c:\documents and settings\Andy\Menu Start\Programma's\Opstarten\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Andy^Menu Start^Programma's^Opstarten^Logitech-productregistratie.lnk] path=c:\documents and settings\Andy\Menu Start\Programma's\Opstarten\Logitech-productregistratie.lnk backup=c:\windows\pss\Logitech-productregistratie.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant] LBTWIZ.EXE -silent [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2004-02-20 14:00 88363 ----a-w- c:\windows\AGRSMMSG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2009-06-04 15:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] 2004-02-24 12:05 508416 ----a-w- c:\windows\mHotkey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] 2004-02-03 15:15 5794816 ----a-w- c:\windows\CNYHKey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-08-17 02:03 13877248 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-08-17 02:03 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-08-12 21:40 1657376 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2004-03-17 14:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2004-10-08 17:02 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector] 2003-11-19 11:03 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-03-01 05:10 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 21:53 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "CA_LIC_SRVR"=3 (0x3) "CA_LIC_CLNT"=3 (0x3) "BlueSoleil Hid Service"=2 (0x2) "ose"=3 (0x3) "NOD32FiXTemDono"=2 (0x2) "Nero BackItUp Scheduler 4.0"=2 (0x2) "iPod Service"=3 (0x3) ".EsetTrialReset"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "d:\\Documenten\\Mijn ontvangen bestanden\\utorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Documents and Settings\\Andy\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/01/2009 19:51 697328] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/05 20:37];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [13/03/2010 12:58 87536] R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [19/09/2002 20:29 53248] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/01/2011 19:01 363344] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [18/02/2010 14:01 462632] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 20:19 50704] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [6/10/2004 1:38 1272000] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/01/2011 19:01 20952] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [13/03/2011 18:14 152576] R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [6/10/2004 2:27 19928] S0 rseb;rseb; [x] S2 AMService;AMService;c:\windows\TEMP\ympp\setup.exe run --> c:\windows\TEMP\ympp\setup.exe run [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2010 18:12 136176] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31/07/2006 14:44 580992] S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23/10/2004 14:49 24704] S3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24/10/2004 12:28 11672] S4 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?] S4 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [19/09/2002 20:27 77824] S4 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [19/09/2002 20:41 77824] S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [6/10/2004 8:22 3584] . Inhoud van de 'Gedeelde Taken' map . 2011-04-22 c:\windows\Tasks\Andy Local Autobackup 5 4.job - c:\program files\Nero\Nero 10\Nero BackItUp\NBCore.exe [2010-02-22 14:17] . 2010-10-05 c:\windows\Tasks\Andy NBAgent 5 4.job - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22 14:17] . 2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2011-04-22 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . 2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 16:11] . 2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 16:11] . 2011-04-14 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-04-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . 2011-04-02 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-03-30 16:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www3.snapfish.be/SnapfishActivia3.cab FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\tcath2ai.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nieuwsblad.be/index.html?ref=0911 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Dictionnaire français «Classique»: fr-classique@dictionaries.addons.mozilla.org - %profile%\extensions\fr-classique@dictionaries.addons.mozilla.org . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Cmaudio - cmicnfg.cpl MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe MSConfigStartUp-RestartNeroSetup - f:\installation\Setupx.exe AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner AddRemove-UnderCoverXP_is1 - j:\undercoverxp\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-04-22 21:56 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c6,fc,cd,82,96,6f,45,80,50,f5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,c6,fc,cd,82,96,6f,45,80,50,f5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(516) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\gpkcsp.dll c:\windows\system32\gpkrsrc.dll . - - - - - - - > 'explorer.exe'(312) c:\program files\Logitech\SetPoint\lgscroll.dll c:\documents and settings\Andy\Application Data\Dropbox\bin\DropboxExt.13.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Logitech\Bluetooth\LBTServ.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Voltooingstijd: 2011-04-22 22:02:06 - machine werd herstart ComboFix-quarantined-files.txt 2011-04-22 20:02 . Pre-Run: 51.151.138.816 bytes beschikbaar Post-Run: 51.226.710.016 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - DCC2A45702F4BC7A2FA64F42EA4FC41F Mag ik nu terug AVG installeren want ik vind dit toch maar riskant om zonder anti-virus op het net te surfen. Ik wil jullie ook bedanken voor de snelle reacties!!!!
  10. rsca1973
    Die 4 bestanden heb ik zelfs niet teruggevonden, laat staan dat ik ze kunnen verwijderen heb. Na mijn bericht van gisteren zijn er trouwens wel nog meer van die "detecties" gevonden (allemaal wel met een andere naam). Ik heb dus gedaan wat je me hiervoor gevraagd hebt. Hieronder dus de nieuwe log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:38:35, on 22/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunServices: [system] explorer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunServices: [system] explorer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} (Snapfish Activia3) - http://www3.snapfish.be/SnapfishActivia3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12723 bytes
  11. rsca1973
    Het logbestand van MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Databaseversie: 6417 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22/04/2011 7:48:49 mbam-log-2011-04-22 (07-48-49).txt Scantype: Snelle scan Objecten gescand: 179242 Verstreken tijd: 6 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\RECYCLER\s-1-5-21-1109923195-152108676-1447638511-500\Dc313\110412184859250-000105.rsc_tmp (Worm.Rebhip) -> Quarantined and deleted successfully. De log van Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:14:58, on 22/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunServices: [system] explorer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunServices: [system] explorer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} (Snapfish Activia3) - http://www3.snapfish.be/SnapfishActivia3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GMECOSS - C:\Documents and Settings\NetworkService\Local Settings\Application Data\gmecoss.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12842 bytes
  12. rsca1973
    Hierna mijn logje met Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:33:45, on 21/04/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunServices: [system] explorer.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADkAMgA5ADkAMwA3ADYALQBCADEALQBGAEwAKwA5AC0AWABPADMANgArADEA"&"prod=90"&"ver=9.0.894 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunServices: [system] explorer.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.3/GarminAxControl.CAB O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} (Uploader Control) - http://ua.foto.com/ImageUploader6.cab O16 - DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} (Snapfish Activia3) - http://www3.snapfish.be/SnapfishActivia3.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GMECOSS - C:\Documents and Settings\NetworkService\Local Settings\Application Data\gmecoss.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\dpqf\setup.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 13787 bytes
  13. rsca1973
    Sedert een aantal dagen is mijn pc ongelooflijk traag. Vooral het opstarten en het afsluiten (lukt soms zelfs niet) is enorm traag. Ik krijg ook van AVG de ene na de andere "detectie" te verwerken. Het gaat oa over volgende zaken: c:\WINDOWS\Temp\tylw\setup.exe c:\WINDOWS\Temp\orfs\setup.exe c:\WINDOWS\Temp\lhdy\setup.exe c:\WINDOWS\Temp\erbh\setup.exe Als ik deze wil naar quarantaine verplaatsen krijg ik de melding "Actie is mislukt. Er is al een andere actie uitgevoerd op het object". Als infectie geeft hij "Trojaans paard Downloader.Generic11.SKK". Ik heb ook al geprobeerd om in veilige modus de volledige pc te scannen maar als ik opnieuw normaal opstart krijg ik nog steeds die vervelende meldingen en blijft mijn pc traag. Kan mij iemand helpen? Ik ben wel een leek dus weet niet goed wat/hoe ik dit moet doen.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.