Ga naar inhoud

Rooieborrels

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    66

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Rooieborrels

  1. Rooieborrels
    Alvast heel erg bedankt!
  2. Rooieborrels
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:02:53, on 14-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10774 bytes Heb trouwens wederom iets vreemds ontdekt. Als ik een e-mail wil beantwoorden in Outlook Express en klik op beantwoorden dan wordt er direct een antwoord verstuurd zonder dat ik ook maar iets kan beantwoorden. Ik krijd de "verzenden" button niet eens te zien. Heb ook even wat dingen met de muis geprobeerd maar daar ligt het zeker niet aan. Gr. Dennis
  3. Rooieborrels
    Hallo, Sinds enkele dagen verloopt de navigatie via windows op mijn pc zeer vreemd. Ik ervaar o.a. de volgende problemen: - Het aanklikken met de cursor gaat vreemd. Dubbel klikken op icoontjes of mappen werkt vaak niet. In plaats daarvan opent het icoontje zich direct bij 1 keer aanklikken. - Als ik icoontjes of mappen aanklik moet ik soms wel 5 tot 6 keer klikken voordat deze zich openen. - In bijv. word kan ik heel moeilijk navigeren en een doel aanklikken. Soms selecteerd de cursor hierbij ongevraagd bepaalde velden. - Als ik een pagina via het kruisje wegklik, verdwijnen soms alle geopende pagina's c.q. programma's. - Scrollen over pagina's werkt ook vaak niet en gaat erg haperig. Ik wilde een herstelmoment openen om e.a. proberen te herstellen en toen bleek dat herstelmoment uitgeschakeld was en windows dus helemaal geen herstelpunten had aangemaakt de laatste tijd. Ook herstelpunten van enkele maanden geleden zijn ineens verdwenen. Dit heb ikzelf zo echt niet ingesteld. Ik heb meerdere virusscanners etc. een scan laten uitvoeren maar de problemen blijven bestaan. Heeft iemand dezelfde ervaringen en voor mij uiteraard belangrijker....heeft iemand een oplossing voor deze problemen? Bij voorbaat dank! Gr. Dennis
  4. Rooieborrels
    Alle problemen zijn verholpen en de browsers werken weer prima. Heel erg bedankt voor jullie hulp! Zonder jullie was het mij zeker niet gelukt. Hebben jullie nog tips m.b.t het voorkomen van dit soort problemen? Ik gebruik nu bijv. Avira maar is AVG misschien beter?
  5. Rooieborrels
    Dit is alles wat ik nog kan vinden. Ad-aware Logfile created: 04-09-2011 15:08:35 Ad-Aware version: 8.2.6 User performing scan: gebruiker *********************** Definitions database information *********************** Lavasoft definition file: 149.874 Genotype definition file version: 2011/07/20 16:00:39 ******************************** Scan results: ********************************* Scan profile name: Vol. scan (ID: full) Objects scanned: 365298 Objects detected: 33 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 3 Folders.........: 0 LSPs............: 0 Cookies.........: 30 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0 Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0 Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0 Description: *boldchat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409211 Family ID: 0 Description: www.new* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409109 Family ID: 0 Description: *hit.gemius* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409369 Family ID: 0 Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0 Description: *adverserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408919 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *webads* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408780 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0 Description: *peel* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408829 Family ID: 0 Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0 Description: *boldchat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409211 Family ID: 0 Description: www.new* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409109 Family ID: 0 Description: *hit.gemius* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409369 Family ID: 0 Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0 Description: *adverserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408919 Family ID: 0 Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0 Quarantined items: Description: c:\program files\mobile partner\addpbk.exe Family Name: Win32.Monitor.Agent/U Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 74b9908552738161123786d1beca4175 Description: c:\system volume information\_restore{81b02f8c-781b-476c-97d3-5a3921875c16}\rp870\a0216675.exe Family Name: Win32.Trojan.Arto Engine: 1 Clean status: Success Item ID: 6230003 Family ID: 5981082 MD5: 437650d9656d2e80c1e48b011ac53e4a Description: c:\system volume information\_restore{81b02f8c-781b-476c-97d3-5a3921875c16}\rp886\a0220647.exe Family Name: Win32.TrojanSpy.SpyEyes Engine: 1 Clean status: Success Item ID: 6288455 Family ID: 2517356 MD5: 63878c5ed9809cb1d62ae738d0dcd5bd Scan and cleaning complete: Finished correctly after 19669 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vol. scan ID: folderstoscan, enabled:1, value: C:\,D:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Thu Mar 18 13:53:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Thu Mar 18 19:53:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Thu Mar 18 01:53:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Thu Mar 18 07:53:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Thu Mar 18 13:53:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: QYHPOKYF1OJJ068 Processor name: Intel® Core2 CPU T5500 @ 1.66GHz Processor identifier: x86 Family 6 Model 15 Stepping 6 Processor speed: ~1662MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 907415552 bytes Physical memory total: 2145497088 bytes Virtual memory available: 1993129984 bytes Virtual memory total: 2147352576 bytes Memory load: 57% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 764 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 812 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 844 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 888 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 900 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1072 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1140 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY PID: 1180 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1268 name: C:\WINDOWS\System32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY PID: 1424 name: C:\WINDOWS\System32\svchost.exe owner: Lokale service domain: NT AUTHORITY PID: 152 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 240 name: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 260 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe owner: SYSTEM domain: NT AUTHORITY PID: 316 name: C:\WINDOWS\System32\svchost.exe owner: Lokale service domain: NT AUTHORITY PID: 528 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 604 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY PID: 668 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 2636 name: C:\WINDOWS\Explorer.EXE owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 3416 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY PID: 2052 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2076 name: C:\WINDOWS\system32\LVCOMSX.EXE owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2300 name: C:\Program Files\Acer\OrbiCam\CameraAssistant.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 956 name: C:\WINDOWS\system32\ElkCtrl.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2808 name: C:\WINDOWS\RTHDCPL.EXE owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2984 name: C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 3132 name: C:\PROGRA~1\DAP\DAP.EXE owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2812 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 3308 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 1748 name: C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 3432 name: C:\WINDOWS\system32\rundll32.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 480 name: C:\WINDOWS\system32\ctfmon.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 924 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 1348 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2592 name: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 1560 name: C:\WINDOWS\system32\wuauclt.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 180 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 1200 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 4256 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 4380 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 4424 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 692 name: c:\program files\avira\antivir personaledition classic\avcenter.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 2888 name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe owner: SYSTEM domain: NT AUTHORITY PID: 4548 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: gebruiker domain: QYHPOKYF1OJJ068 PID: 4664 name: C:\Program Files\Lavasoft\Ad-Aware\autolaunch.exe owner: gebruiker domain: QYHPOKYF1OJJ068 Startup items: Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Name: NvMediaCenter imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit Name: LVCOMSX imagepath: C:\WINDOWS\system32\LVCOMSX.EXE Name: LogitechCameraAssistant imagepath: C:\Program Files\Acer\OrbiCam\CameraAssistant.exe Name: LogitechVideo[inspector] imagepath: C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect Name: LogitechCameraService(E) imagepath: C:\WINDOWS\system32\ElkCtrl.exe /automation Name: RTHDCPL imagepath: RTHDCPL.EXE Name: Alcmtr imagepath: ALCMTR.EXE Name: OpwareSE2 imagepath: "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" Name: OPSE reminder imagepath: "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" Name: DownloadAccelerator imagepath: C:\PROGRA~1\DAP\DAP.EXE /STARTUP Name: avgnt imagepath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min Name: ISUSPM Startup imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup Name: ISUSScheduler imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start Name: NeroCheck imagepath: C:\WINDOWS\system32\NeroCheck.exe Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: KernelFaultCheck imagepath: %systemroot%\system32\dumprep 0 -k Name: nwiz imagepath: nwiz.exe /install Name: crlregistrationf imagepath: C:\Program Files\Corel\Corel Graphics 12\Languages\NL\Programs\registration.exe /title="crlregistration" /date=111610 Name: Anti-phishing Domain Advisor imagepath: "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" Name: TrojanScanner imagepath: C:\Program Files\Trojan Remover\Trjscan.exe /boot Name: CTFMON.EXE imagepath: C:\WINDOWS\System32\CTFMON.EXE Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Preloader van browseui Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Cache-daemon voor onderdeelcategorieën Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Name: imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini Name: location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk imagepath: C:\Program Files\Microsoft Office\Office10\OSA.EXE Name: imagepath: C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: ALG displayname: Application Layer Gateway-service Name: AntiVirScheduler displayname: Avira AntiVir Personal - Free Antivirus Scheduler Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Intelligente achtergrondsoverdrachtservice Name: CryptSvc displayname: Services voor cryptografie Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Service voor het rapporteren van fouten Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+-gebeurtenissysteem Name: FastUserSwitchingCompatibility displayname: Compatibiliteit voor Snelle gebruikerswisseling Name: helpsvc displayname: Help en ondersteuning Name: HidServ displayname: HID Input Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: LVPrcSrv displayname: Logitech Process Monitor Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: NVSvc displayname: NVIDIA Display Driver Service Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC-services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Verbindingsbeheer voor RAS Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore-service Name: SSDPSRV displayname: SSDP Discovery-service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Thema's Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatische updates Name: WZCSVC displayname: Wireless Zero Configuration-service Super Anti Spyware SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 09/05/2011 at 03:46 PM Application Version : 4.56.1000 Core Rules Database Version : 7645 Trace Rules Database Version: 5457 Scan type : Quick Scan Total Scan Time : 00:45:05 Memory items scanned : 343 Memory threats detected : 0 Registry items scanned : 2392 Registry threats detected : 0 File items scanned : 9327 File threats detected : 10 Adware.Tracking Cookie C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt.combing[2].txt C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[4].txt C:\Documents and Settings\gebruiker\Cookies\gebruiker@ad.yieldmanager[4].txt C:\Documents and Settings\gebruiker\Cookies\8Z0KTU29.txt C:\Documents and Settings\gebruiker\Cookies\GU6VW36W.txt C:\Documents and Settings\gebruiker\Cookies\1MFTNPYL.txt C:\Documents and Settings\gebruiker\Cookies\FDSROIN7.txt C:\Documents and Settings\gebruiker\Cookies\gebruiker@openx.motomedia[4].txt C:\Documents and Settings\gebruiker\Cookies\gebruiker@atdmt[3].txt C:\Documents and Settings\gebruiker\Cookies\gebruiker@mediabrandsww[1].txt Avira Avira AntiVir Personal Report file date: zondag 4 september 2011 15:06 Scanning for 3329868 virus strains and unwanted programs. Licensed to: Avira AntiVir Personal - Free Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: QYHPOKYF1OJJ068 Version information: BUILD.DAT : 8.2.0.354 17048 Bytes 23-10-2009 13:15:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18-11-2008 08:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26-5-2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12-6-2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26-5-2008 07:58:52 ANTIVIR0.VDF : 7.10.0.0 19875328 Bytes 6-11-2009 11:14:21 ANTIVIR1.VDF : 7.11.13.66 27840368 Bytes 16-8-2011 08:46:32 ANTIVIR2.VDF : 7.11.14.88 1301408 Bytes 2-9-2011 22:00:32 ANTIVIR3.VDF : 7.11.14.90 2048 Bytes 2-9-2011 22:00:33 Engineversion : 8.2.6.54 AEVDF.DLL : 8.1.2.1 106868 Bytes 11-8-2010 11:02:44 AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27-8-2011 10:12:55 AESCN.DLL : 8.1.7.2 127349 Bytes 23-11-2010 11:14:08 AESBX.DLL : 8.2.1.34 323957 Bytes 9-6-2011 09:34:36 AERDL.DLL : 8.1.9.13 639349 Bytes 15-7-2011 13:14:04 AEPACK.DLL : 8.2.10.10 684407 Bytes 4-9-2011 13:01:45 AEOFFICE.DLL : 8.1.2.13 201083 Bytes 28-7-2011 20:32:28 AEHEUR.DLL : 8.1.2.164 3654007 Bytes 4-9-2011 13:01:44 AEHELP.DLL : 8.1.17.7 254327 Bytes 28-7-2011 20:32:24 AEGEN.DLL : 8.1.5.9 401780 Bytes 27-8-2011 10:12:45 AEEMU.DLL : 8.1.3.0 393589 Bytes 23-11-2010 11:14:03 AECORE.DLL : 8.1.23.0 196983 Bytes 27-8-2011 10:12:42 AEBB.DLL : 8.1.1.0 53618 Bytes 24-4-2010 10:09:52 AVWINLL.DLL : 1.0.0.12 15105 Bytes 9-7-2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16-5-2008 09:28:01 AVREP.DLL : 10.0.0.9 174120 Bytes 1-3-2011 09:48:14 AVREG.DLL : 8.0.0.1 33537 Bytes 9-5-2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12-2-2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12-6-2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22-1-2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12-6-2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25-1-2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12-6-2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27-6-2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: zondag 4 september 2011 15:06 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'AAWService.exe' - '1' Module(s) have been scanned Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'agent.exe' - '1' Module(s) have been scanned Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'visicom_antiphishing.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'DAP.exe' - '1' Module(s) have been scanned Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '64' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\12\61bc2d0c-2791f66d [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\16\167f43d0-507c3af2 [0] Archive type: ZIP --> buildService/BuildClass.class [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit [NOTE] The file was deleted! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\21\37e03655-44a86929 [0] Archive type: ZIP --> buildService/BuildClass.class [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AJ exploit [NOTE] The file was deleted! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\23\5ab40f57-38cb7602 [DETECTION] Contains recognition pattern of the JAVA/Dldr.Tharra.G Java virus [NOTE] The file was deleted! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\24\4581ec18-1e692c52 [0] Archive type: ZIP --> buildService/BuildClass.class [DETECTION] Contains recognition pattern of the EXP/2010-0840.AC exploit --> buildService/TableClasses.class [DETECTION] Contains recognition pattern of the JAVA/Exdoer.FF Java virus [NOTE] The file was moved to '4e9b7ae3.qua'! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\25\175893d9-2db16465 [0] Archive type: ZIP --> buildService/BuildClass.class [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit [NOTE] The file was moved to '4e987b09.qua'! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\30\12f8bf9e-1901d220 [DETECTION] Is the TR/Buterat-CB.A Trojan [NOTE] The file was moved to '4ec97b54.qua'! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\32\58d04ba0-6237ba14 [DETECTION] Contains recognition pattern of the WORM/Autorun.abo.5 worm [NOTE] The file was moved to '4ec77b69.qua'! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\35\4ab99663-1a11788d [0] Archive type: ZIP --> buildService/BuildClass.class [DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.AG exploit [NOTE] The file was moved to '4ec57c0b.qua'! C:\Documents and Settings\gebruiker\Application Data\Sun\Java\Deployment\cache\6.0\55\44f23ab7-1a7aab24 [DETECTION] Is the TR/Kazy.34853.2 Trojan [NOTE] The file was moved to '4ec97c30.qua'! C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP869\A0213590.exe [DETECTION] Contains recognition pattern of the ADWARE/WinPump.adc virus [NOTE] The file was moved to '4e95ea3d.qua'! C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP871\A0217550.exe [DETECTION] Contains recognition pattern of the ADWARE/WinPump.adc virus [NOTE] The file was moved to '4e95eab5.qua'! C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP881\A0219684.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.abo.5 worm [NOTE] The file was moved to '4e95ecab.qua'! C:\System Volume Information\_restore{81B02F8C-781B-476C-97D3-5A3921875C16}\RP886\A0220648.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4e95f132.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <ACERDATA> End of the scan: maandag 5 september 2011 00:49 Used time: 9:43:19 Hour(s) The scan has been done completely. 10557 Scanning directories 544767 Files were scanned 15 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 4 files were deleted 0 files were repaired 10 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 544750 Files not concerned 1679 Archives were scanned 2 Warnings 14 Notes MBAM Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7649 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 04-09-2011 18:48:09 mbam-log-2011-09-04 (18-48-09).txt Scantype: Snelle scan Objecten gescand: 271134 Verstreken tijd: 3 uur/uren, 17 minuut/minuten, 13 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\Recycle.Bin\32b3e7f50954887 (Trojan.Spyeyes) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7538 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23-08-2011 0:33:50 mbam-log-2011-08-23 (00-33-50).txt Scantype: Snelle scan Objecten gescand: 102704 Verstreken tijd: 1 uur/uren, 36 minuut/minuten, 59 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 2 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9019A174 (Spyware.Passwords.XGen) -> Value: 9019A174 -> Delete on reboot. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\documents and settings\gebruiker\application data\9019A174\9019A174.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\gebruiker\local settings\temp\jar_cache7931372123814204295.tmp (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7339 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 31-07-2011 17:44:38 mbam-log-2011-07-31 (17-44-38).txt Scantype: Snelle scan Objecten gescand: 257840 Verstreken tijd: 43 minuut/minuten, 29 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{91F8556B-7E74-B213-F82B-435581C2E15A} (Trojan.ZbotR.Gen) -> Value: {91F8556B-7E74-B213-F82B-435581C2E15A} -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\documents and settings\gebruiker\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Misschien heb je er nog iets aan?
  6. Rooieborrels
    2011/09/09 16:15:33.0015 5948 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34 2011/09/09 16:15:33.0140 5948 ================================================================================ 2011/09/09 16:15:33.0140 5948 SystemInfo: 2011/09/09 16:15:33.0140 5948 2011/09/09 16:15:33.0140 5948 OS Version: 5.1.2600 ServicePack: 3.0 2011/09/09 16:15:33.0140 5948 Product type: Workstation 2011/09/09 16:15:33.0140 5948 ComputerName: QYHPOKYF1OJJ068 2011/09/09 16:15:33.0140 5948 UserName: gebruiker 2011/09/09 16:15:33.0140 5948 Windows directory: C:\WINDOWS 2011/09/09 16:15:33.0140 5948 System windows directory: C:\WINDOWS 2011/09/09 16:15:33.0140 5948 Processor architecture: Intel x86 2011/09/09 16:15:33.0140 5948 Number of processors: 2 2011/09/09 16:15:33.0140 5948 Page size: 0x1000 2011/09/09 16:15:33.0140 5948 Boot type: Normal boot 2011/09/09 16:15:33.0140 5948 ================================================================================ 2011/09/09 16:15:34.0781 5948 Initialize success 2011/09/09 16:16:32.0843 4332 ================================================================================ 2011/09/09 16:16:32.0843 4332 Scan started 2011/09/09 16:16:32.0843 4332 Mode: Manual; 2011/09/09 16:16:32.0843 4332 ================================================================================ 2011/09/09 16:16:33.0703 4332 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/09/09 16:16:33.0734 4332 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/09/09 16:16:33.0796 4332 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/09/09 16:16:33.0875 4332 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/09/09 16:16:34.0140 4332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/09/09 16:16:34.0281 4332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/09/09 16:16:34.0328 4332 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/09/09 16:16:34.0406 4332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/09/09 16:16:34.0531 4332 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 2011/09/09 16:16:34.0562 4332 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 2011/09/09 16:16:34.0703 4332 avipbb (bdb37b3b217f5181a5bc129c50844f98) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/09/09 16:16:34.0750 4332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/09/09 16:16:35.0000 4332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/09/09 16:16:35.0328 4332 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/09/09 16:16:35.0562 4332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/09/09 16:16:35.0593 4332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/09/09 16:16:35.0625 4332 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/09/09 16:16:35.0671 4332 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys 2011/09/09 16:16:35.0828 4332 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/09/09 16:16:35.0890 4332 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/09/09 16:16:36.0000 4332 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/09/09 16:16:36.0062 4332 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 2011/09/09 16:16:36.0218 4332 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 2011/09/09 16:16:36.0265 4332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/09/09 16:16:36.0296 4332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/09/09 16:16:36.0375 4332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/09/09 16:16:36.0421 4332 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/09/09 16:16:36.0453 4332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/09/09 16:16:36.0484 4332 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 2011/09/09 16:16:36.0625 4332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/09/09 16:16:36.0671 4332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/09/09 16:16:36.0703 4332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/09/09 16:16:36.0718 4332 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/09/09 16:16:36.0750 4332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/09/09 16:16:36.0796 4332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/09/09 16:16:36.0843 4332 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/09/09 16:16:36.0937 4332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/09/09 16:16:37.0109 4332 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2011/09/09 16:16:37.0187 4332 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys 2011/09/09 16:16:37.0250 4332 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/09/09 16:16:37.0312 4332 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/09/09 16:16:37.0375 4332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/09/09 16:16:37.0734 4332 IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/09/09 16:16:38.0125 4332 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/09/09 16:16:38.0156 4332 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/09/09 16:16:38.0234 4332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/09/09 16:16:38.0281 4332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/09/09 16:16:38.0328 4332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/09/09 16:16:38.0484 4332 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/09/09 16:16:38.0531 4332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/09/09 16:16:38.0593 4332 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/09/09 16:16:38.0625 4332 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/09/09 16:16:38.0656 4332 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/09/09 16:16:38.0687 4332 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/09/09 16:16:38.0843 4332 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/09/09 16:16:38.0921 4332 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/09/09 16:16:38.0968 4332 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys 2011/09/09 16:16:39.0265 4332 lv321av (9919e66d8e7b0c77b07a0852e1b38834) C:\WINDOWS\system32\DRIVERS\lv321av.sys 2011/09/09 16:16:39.0546 4332 lvmvdrv (fa974ad25cd6c1fc94380d7dc5271b0d) C:\WINDOWS\system32\drivers\lvmvdrv.sys 2011/09/09 16:16:39.0781 4332 LVPrcMon (b750d805a1e024e42096970ad01434cf) C:\WINDOWS\system32\drivers\LVPrcMon.sys 2011/09/09 16:16:39.0843 4332 LVUSBSta (dcc4677c583fb9563e31b565fc28eaa2) C:\WINDOWS\system32\drivers\lvusbsta.sys 2011/09/09 16:16:39.0906 4332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/09/09 16:16:39.0968 4332 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 2011/09/09 16:16:40.0109 4332 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/09/09 16:16:40.0156 4332 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/09/09 16:16:40.0187 4332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/09/09 16:16:40.0234 4332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/09/09 16:16:40.0296 4332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/09/09 16:16:40.0453 4332 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/09/09 16:16:40.0484 4332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/09/09 16:16:40.0515 4332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/09/09 16:16:40.0546 4332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/09/09 16:16:40.0609 4332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/09/09 16:16:40.0843 4332 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/09/09 16:16:40.0937 4332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/09/09 16:16:40.0968 4332 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/09/09 16:16:41.0015 4332 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/09/09 16:16:41.0125 4332 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/09/09 16:16:41.0203 4332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/09/09 16:16:41.0265 4332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/09/09 16:16:41.0296 4332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/09/09 16:16:41.0375 4332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/09/09 16:16:41.0484 4332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/09/09 16:16:41.0546 4332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/09/09 16:16:41.0625 4332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/09/09 16:16:41.0687 4332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/09/09 16:16:41.0828 4332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/09/09 16:16:42.0046 4332 nv (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/09/09 16:16:42.0390 4332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/09/09 16:16:42.0437 4332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/09/09 16:16:42.0500 4332 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 2011/09/09 16:16:42.0546 4332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/09/09 16:16:42.0609 4332 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/09/09 16:16:42.0734 4332 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/09/09 16:16:42.0796 4332 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/09/09 16:16:42.0828 4332 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/09/09 16:16:43.0031 4332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/09/09 16:16:43.0062 4332 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/09/09 16:16:43.0203 4332 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/09/09 16:16:43.0250 4332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/09/09 16:16:43.0390 4332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/09/09 16:16:43.0531 4332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/09/09 16:16:43.0578 4332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/09/09 16:16:43.0625 4332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/09/09 16:16:43.0671 4332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/09/09 16:16:43.0703 4332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/09/09 16:16:43.0765 4332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/09/09 16:16:43.0921 4332 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/09/09 16:16:43.0984 4332 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/09/09 16:16:44.0171 4332 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/09/09 16:16:44.0265 4332 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/09/09 16:16:44.0406 4332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/09/09 16:16:44.0484 4332 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 2011/09/09 16:16:44.0546 4332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/09/09 16:16:44.0609 4332 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/09/09 16:16:44.0671 4332 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/09/09 16:16:44.0843 4332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/09/09 16:16:44.0937 4332 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys 2011/09/09 16:16:44.0937 4332 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd 2011/09/09 16:16:44.0953 4332 sptd - detected LockedFile.Multi.Generic (1) 2011/09/09 16:16:45.0109 4332 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/09/09 16:16:45.0218 4332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/09/09 16:16:45.0265 4332 ssmdrv (3d2829fde1c52fc64da5413889ce4dee) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/09/09 16:16:45.0328 4332 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/09/09 16:16:45.0468 4332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/09/09 16:16:45.0515 4332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/09/09 16:16:45.0671 4332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/09/09 16:16:45.0765 4332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/09/09 16:16:45.0859 4332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/09/09 16:16:45.0984 4332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/09/09 16:16:46.0031 4332 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/09/09 16:16:46.0125 4332 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys 2011/09/09 16:16:46.0203 4332 tmcomm (08bac71557df8a9b1381c8c165f64520) C:\WINDOWS\system32\drivers\tmcomm.sys 2011/09/09 16:16:46.0421 4332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/09/09 16:16:46.0500 4332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/09/09 16:16:46.0546 4332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/09/09 16:16:46.0578 4332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/09/09 16:16:46.0625 4332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/09/09 16:16:46.0656 4332 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/09/09 16:16:46.0812 4332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/09/09 16:16:46.0843 4332 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/09/09 16:16:46.0875 4332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/09/09 16:16:46.0906 4332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/09/09 16:16:46.0968 4332 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/09/09 16:16:47.0093 4332 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/09/09 16:16:47.0296 4332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/09/09 16:16:47.0375 4332 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/09/09 16:16:47.0453 4332 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/09/09 16:16:47.0531 4332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/09/09 16:16:47.0593 4332 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/09/09 16:16:47.0734 4332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/09/09 16:16:47.0781 4332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/09/09 16:16:47.0906 4332 MBR (0x1B8) (25fdd3b61791a226676b12dc5bddef71) \Device\Harddisk0\DR0 2011/09/09 16:16:47.0906 4332 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0) 2011/09/09 16:16:47.0937 4332 Boot (0x1200) (445b65a7b7ddb2263294061c960dfded) \Device\Harddisk0\DR0\Partition0 2011/09/09 16:16:47.0968 4332 Boot (0x1200) (e3b31b8747f048b88c4e192220ddfc9a) \Device\Harddisk0\DR0\Partition1 2011/09/09 16:16:47.0968 4332 ================================================================================ 2011/09/09 16:16:47.0968 4332 Scan finished 2011/09/09 16:16:47.0968 4332 ================================================================================ 2011/09/09 16:16:48.0015 5980 Detected object count: 2 2011/09/09 16:16:48.0015 5980 Actual detected object count: 2 2011/09/09 16:17:52.0625 5980 LockedFile.Multi.Generic(sptd) - User select action: Skip 2011/09/09 16:17:52.0625 5980 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot 2011/09/09 16:17:52.0625 5980 \Device\Harddisk0\DR0 - ok 2011/09/09 16:17:52.0625 5980 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure Ik weet niet of ik de gegevens nog heb van alle vorige scans maar ik zal kijken. Als ik nog iets heb zal ik dat ook posten.
  7. Rooieborrels
    Heb even met Firefox gewerkt en leek in beginsel goed te gaan maar is nu al net zo traag als Explorer. Ik begrijp er helemaal niets van. Ik heb ook de internetverbinding getest via de pc van mijn vriendin maar daar is helemaal niets mis mee. Bij haar is internet supersnel en werkt Explorer ook prima. Kunnen de virussen die op mijn pc aanwezig waren, iets op dieper niveau hebben aangetast misschien?
  8. Rooieborrels
    Explorer is nog altijd een drama. Firefox lijkt wel redelijk normaal te werken. Normaalgesproken werk ik altijd met Explorer.
  9. Rooieborrels
    Nog altijd hetzelfde helaas. Zijn er nog andere opties?
  10. Rooieborrels
    ComboFix 11-09-09.03 - gebruiker 09-09-2011 11:28:56.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1424 [GMT 2:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt.txt AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))) . . 2011-09-09 09:14 . 2011-09-09 09:14 -------- d-----w- c:\windows\LastGood 2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG 2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files 2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr 2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum 2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt 2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie8 2011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten 2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll 2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-09-08_21.07.11 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-08 21:44 . 2011-09-08 21:44 16384 c:\windows\Temp\Perflib_Perfdata_264.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728] R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480] S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] . Inhoud van de 'Gedeelde Taken' map . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-09 11:37 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(5156) c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-09-09 11:39:34 ComboFix-quarantined-files.txt 2011-09-09 09:39 ComboFix2.txt 2011-09-08 21:17 ComboFix3.txt 2011-09-08 21:09 ComboFix4.txt 2011-09-08 14:55 . Pre-Run: 5.415.772.160 bytes beschikbaar Post-Run: 5.399.859.200 bytes beschikbaar . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 42CFD6E1D60060F66FB2D34666CD34A9
  11. Rooieborrels
    ComboFix 11-09-08.03 - gebruiker 08-09-2011 23:12:15.3.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1439 [GMT 2:00]Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exegebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt.txtAV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\gebruiker\Application Data\3846B8F6c:\documents and settings\gebruiker\Application Data\3846B8F6\3846B8F6.DATc:\documents and settings\gebruiker\Application Data\3846B8F6\3846B8F6.DAT.DATc:\documents and settings\gebruiker\Application Data\9019A174c:\documents and settings\gebruiker\Application Data\BabylonToolbar..(((((((((((((((((((( Bestanden Gemaakt van 2011-08-08 to 2011-09-08 ))))))))))))))))))))))))))))))..2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie82011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"nwiz"="nwiz.exe" [2006-07-20 1519616].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\DAP\\DAP.exe"="c:\\Program Files\\ABC\\abc.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"="c:\\Program Files\\Call of Duty\\CoDMP.exe"="d:\\Battle for middle earth\\game.dat"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:Remote Desktop"65533:TCP"= 65533:TCP:Services"52344:TCP"= 52344:TCP:Services.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288]R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024]R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728]R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968]S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480]S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?]S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?].Inhoud van de 'Gedeelde Taken' map.2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53].2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05].2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]..------- Bijkomende Scan -------.uStart Page = hxxp://www.google.com/IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htmIE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlTCP: DhcpNameServer = 212.54.35.25 212.54.40.25Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllDPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-09-08 23:15Windows 5.1.2600 Service Pack 3 NTFS.scannen van verborgen processen ... .scannen van verborgen autostart items ... .scannen van verborgen bestanden ... .Scan succesvol afgerondverborgen bestanden: 0.**************************************************************************.--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL".--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'winlogon.exe'(856)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Voltooingstijd: 2011-09-08 23:17:29ComboFix-quarantined-files.txt 2011-09-08 21:17ComboFix2.txt 2011-09-08 21:09ComboFix3.txt 2011-09-08 14:55.Pre-Run: 5.475.745.792 bytes beschikbaarPost-Run: 5.458.182.144 bytes beschikbaar.Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4- - End Of File - - 25010A43D0F51112C5E2A6A8C4A04CA6
  12. Rooieborrels
    Hierbij de logs HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:03:38, on 08-09-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10896 bytes Combofix ComboFix 11-09-08.03 - gebruiker 08-09-2011 16:17:13.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1492 [GMT 2:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Microsoft\MSOFFICE\TEMP\doc~1.dat c:\documents and settings\gebruiker\Application Data\Diuh c:\documents and settings\gebruiker\Application Data\Diuh\baitc.loo c:\documents and settings\gebruiker\Application Data\MiniDm c:\documents and settings\gebruiker\Application Data\MiniDm\conf.ini c:\documents and settings\gebruiker\Favorieten\Thumbs.db c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\gebruiker\WINDOWS c:\windows\IsUn0413.exe c:\windows\system32\comct332.ocx c:\windows\system32\drivers\npf.sys c:\windows\system32\FAST2001.ocx c:\windows\system32\FAST2003.ocx c:\windows\system32\libmysql41.dll c:\windows\system32\logs c:\windows\system32\oledb32.dll c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll D:\resycled . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Service_RkHit . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))) . . 2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG 2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-06 19:37 . 2011-09-06 19:37 -------- d-----w- c:\documents and settings\gebruiker\Application Data\BabylonToolbar 2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files 2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr 2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum 2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt 2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie8 2011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-22 19:00 . 2011-08-22 21:40 -------- d-sh--w- c:\documents and settings\gebruiker\Application Data\9019A174 2011-08-22 19:00 . 2011-08-22 21:17 -------- d-sh--w- c:\documents and settings\gebruiker\Application Data\3846B8F6 2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten 2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll 2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728] R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480] S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] . Inhoud van de 'Gedeelde Taken' map . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=a85f19820000000000000018ded78fa4 FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&affID=18474&mntrId=a85f19820000000000000018ded78fa4&q= FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) . - - - - ORPHANS VERWIJDERD - - - - . ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0413.EXE AddRemove-Adobe SVG Viewer - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-08 16:47 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(9472) c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\msiexec.exe c:\windows\system32\rundll32.exe c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Voltooingstijd: 2011-09-08 16:55:26 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-08 14:55 . Pre-Run: 3.776.557.056 bytes beschikbaar Post-Run: 5.481.848.832 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 3B05446B139EDA28634FD1C32B1ACADB Helaas nog altijd dezelfde problemen: browsers extreem langzaam, lange laadtijden, diverse programma's die traag reageren etc. Misschien nog belangrijk om te melden: Diverse websites geven aan dat ik de website niet kan bekijken omdat ik een verouderde versie namelijk 6.0 of ouder van Explorer zou hebben. Dit terwijl versie 8.0 op mijn pc geinstalleerd is. Misschien zegt dit jullie nog iets? Zijn er nog andere mogelijkheden om de problemen te verhelpen zonder een nieuwe installatie van Windows? Zou het kunnen dat een onderdeel in de pc kapot is? ---------- Post toegevoegd om 17:11 ---------- Vorige post was om 17:09 ---------- Hierbij de logs HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:03:38, on 08-09-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 10896 bytes Combofix ComboFix 11-09-08.03 - gebruiker 08-09-2011 16:17:13.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1492 [GMT 2:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Microsoft\MSOFFICE\TEMP\doc~1.dat c:\documents and settings\gebruiker\Application Data\Diuh c:\documents and settings\gebruiker\Application Data\Diuh\baitc.loo c:\documents and settings\gebruiker\Application Data\MiniDm c:\documents and settings\gebruiker\Application Data\MiniDm\conf.ini c:\documents and settings\gebruiker\Favorieten\Thumbs.db c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse c:\documents and settings\gebruiker\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini c:\documents and settings\gebruiker\WINDOWS c:\windows\IsUn0413.exe c:\windows\system32\comct332.ocx c:\windows\system32\drivers\npf.sys c:\windows\system32\FAST2001.ocx c:\windows\system32\FAST2003.ocx c:\windows\system32\libmysql41.dll c:\windows\system32\logs c:\windows\system32\oledb32.dll c:\windows\system32\Packet.dll c:\windows\system32\wpcap.dll D:\resycled . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Service_RkHit . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))) . . 2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG 2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository 2011-09-06 19:37 . 2011-09-06 19:37 -------- d-----w- c:\documents and settings\gebruiker\Application Data\BabylonToolbar 2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files 2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr 2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum 2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt 2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum 2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie8 2011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-22 19:00 . 2011-08-22 21:40 -------- d-sh--w- c:\documents and settings\gebruiker\Application Data\9019A174 2011-08-22 19:00 . 2011-08-22 21:17 -------- d-sh--w- c:\documents and settings\gebruiker\Application Data\3846B8F6 2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten 2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend 2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll 2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728] R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480] S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] . Inhoud van de 'Gedeelde Taken' map . 2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&affID=18474&mntrId=a85f19820000000000000018ded78fa4 FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&affID=18474&mntrId=a85f19820000000000000018ded78fa4&q= FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) . - - - - ORPHANS VERWIJDERD - - - - . ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0413.EXE AddRemove-Adobe SVG Viewer - c:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-09-08 16:47 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(9472) c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\msiexec.exe c:\windows\system32\rundll32.exe c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Voltooingstijd: 2011-09-08 16:55:26 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-08 14:55 . Pre-Run: 3.776.557.056 bytes beschikbaar Post-Run: 5.481.848.832 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 3B05446B139EDA28634FD1C32B1ACADB Helaas nog altijd dezelfde problemen: browsers extreem langzaam, lange laadtijden, diverse programma's die traag reageren etc. Misschien nog belangrijk om te melden: Diverse websites geven aan dat ik de website niet kan bekijken omdat ik een verouderde versie namelijk 6.0 of ouder van Explorer zou hebben. Dit terwijl versie 8.0 op mijn pc geinstalleerd is. Misschien zegt dit jullie nog iets? Zijn er nog andere mogelijkheden om de problemen te verhelpen zonder een nieuwe installatie van Windows? Zou het kunnen dat een onderdeel in de pc kapot is?
  13. Rooieborrels
    Hierbij de logs van MBAM en HijackThis. MBAM Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7671 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07-09-2011 17:47:44 mbam-log-2011-09-07 (17-47-44).txt Scantype: Snelle scan Objecten gescand: 256473 Verstreken tijd: 55 minuut/minuten, 47 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:04:17, on 07-09-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [puwimelate] Rundll32.exe "C:\WINDOWS\system32\kinewego.dll",s (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11529 bytes Ik heb Avira behouden als scanner. De rest heb ik allemaal verwijderd. Tot nu toe blijven de problemen bestaan.
  14. Rooieborrels
    Super bedankt voor de snelle reactie!
  15. Rooieborrels
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:48:38, on 07-09-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file) O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: (no name) - {abc56a79-070c-4dbd-b046-a3e247b8fa5b} - (no file) O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file) O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [puwimelate] Rundll32.exe "C:\WINDOWS\system32\kinewego.dll",s (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 14458 bytes
  16. Rooieborrels
    Hallo mensen, Sinds enkele dagen zijn mijn browsers en internet in het algemeen erg traag. Ook krijg ik diverse foutmeldingen of sluiten de browsers onverwacht af en is het onmogelijk iets normaal te typen. Ik vermoed dan ook een virus. Ik heb diverse antivirus en antispyware programma's geinstalleerd zoals Superantispyware, AVG, Spybot S&D e.d. Deze hebben diverse problemen gevonden en gerepareerd maar het probleem blijft bestaan. Via Google ben ik op dit forum beland waar ik in een post las over de programma's Combofix en Hijackthis. Ik heb echter te weinig verstand van deze materie en hoop dat iemand mij kan helpen. Welk programma kan ik het beste gebruiken en wie kan mij hierbij behulpzaam zijn? Ik heb al wel begrepen dat ik, na het runnen van deze programma's, eerst een logje moet posten zodat de "experts" onder jullie kunnen adviseren over de te nemen maatregelen. Alvast heel erg bedankt voor jullie hulp! Gr. Dennis
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.