Ga naar inhoud

park89

Lid
  • Items

    8
  • Registratiedatum

  • Laatst bezocht

park89's prestaties

  1. Hier istie dan.... ComboFix 12-01-10.02 - Mark 11-01-2012 16:53:39.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.521 [GMT 1:00] Gestart vanuit: c:\documents and settings\Mark\Bureaublad\ComboFix.exe AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Ziggo internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mark\WINDOWS c:\windows\alcrmv.exe c:\windows\system32\wl.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))) . . 2012-01-11 11:59 . 2012-01-11 11:59 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes 2012-01-11 11:59 . 2012-01-11 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-11 11:58 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-11 11:58 . 2012-01-11 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-11 11:58 . 2012-01-11 11:58 388096 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-11 11:58 . 2012-01-11 11:58 -------- d-----w- c:\program files\Trend Micro 2012-01-11 10:56 . 2012-01-11 10:56 -------- d-----w- c:\windows\LastGood 2012-01-06 11:02 . 2012-01-06 11:02 -------- d-----w- c:\documents and settings\Demi\Local Settings\Application Data\ACD Systems 2012-01-06 11:02 . 2012-01-06 11:02 -------- d-----w- c:\documents and settings\Demi\Application Data\ACD Systems . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2003-04-08 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 18:53 . 2011-11-21 18:53 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2011-11-21 18:53 . 2011-11-21 18:53 441760 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-11-21 18:53 . 2011-11-21 18:15 129248 ----a-w- c:\windows\system32\drivers\snapman.sys 2011-11-21 18:53 . 2011-11-21 18:53 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys 2011-11-21 17:38 . 2011-07-06 11:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13 . 2003-04-08 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2003-04-08 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2009-03-10 19:50 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2003-04-08 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2003-04-08 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2003-04-08 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2002-09-09 13:17 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2003-04-08 12:00 186880 ----a-w- c:\windows\system32\encdec.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-30 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-30 499712] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672] "SoundMan"="SOUNDMAN.EXE" [2003-12-04 64000] "F-Secure Manager"="c:\program files\Internetbeveiling\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiling\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "QuickTime Task"="c:\windows\system32\qttask.exe" [2009-09-12 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-3-10 589824] WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2004-6-18 142848] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10-3-2009 21:30 42672] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10-3-2009 21:22 82120] R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [10-3-2009 22:04 159616] R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [10-3-2009 22:04 5248] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiling\HIPS\drivers\fshs.sys [10-3-2009 21:21 68064] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11-1-2012 12:59 652872] R2 OS Selector;Acronis OS Selector activeren;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [13-7-2010 15:29 2159224] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiling\Anti-Virus\minifilter\fsgk.sys [10-3-2009 21:21 148632] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiling\ORSP Client\fsorsp.exe [10-3-2009 21:21 61088] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11-1-2012 12:58 20464] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - IPFILTERDRIVER *NewlyCreated* - MBAMPROTECTOR *NewlyCreated* - MBAMSERVICE . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: {{FB5F-1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe LSP: c:\program files\Internetbeveiling\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-11 17:04 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(792) c:\program files\internetbeveiling\hips\fshook32.dll c:\program files\Internetbeveiling\FWES\Program\fsdc32.dll . - - - - - - - > 'lsass.exe'(852) c:\windows\system32\relog_ap.dll c:\program files\Internetbeveiling\FSPS\program\FSLSP.DLL c:\program files\internetbeveiling\hips\fshook32.dll c:\program files\Internetbeveiling\FWES\Program\fsdc32.dll . - - - - - - - > 'csrss.exe'(768) c:\program files\Internetbeveiling\FWES\Program\fsdc32.dll . Voltooingstijd: 2012-01-11 17:08:10 ComboFix-quarantined-files.txt 2012-01-11 16:08 . Pre-Run: 45.703.442.432 bytes beschikbaar Post-Run: 46.133.506.048 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 394C40064F6DAE14F6BCF7D097CE38C5 ik hoor het wel. grtz. Mark
  2. nu heb ik hetzelfde probleem met mijn laptoppie. Wil ik toch even nakijken. Heb ik hier mun log van hijackthis. Kunnen jullie hier wat mee? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:00:37, on 11-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Internetbeveiling\Anti-Virus\fsgk32st.exe C:\Program Files\Internetbeveiling\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internetbeveiling\Common\FSHDLL32.EXE C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe C:\Program Files\Internetbeveiling\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Internetbeveiling\Common\FSM32.EXE C:\WINDOWS\system32\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe C:\Program Files\Internetbeveiling\Anti-Virus\FSGK32.EXE C:\Program Files\Internetbeveiling\Anti-Virus\fssm32.exe C:\Program Files\Internetbeveiling\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiling\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiling\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F-1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F-1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236758866687 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiling\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiling\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internetbeveiling\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiling\ORSP Client\fsorsp.exe O23 - Service: Acronis OS Selector activeren (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 8704 bytes ik zal meteen het malware logfile voegen..... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:00:37, on 11-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Internetbeveiling\Anti-Virus\fsgk32st.exe C:\Program Files\Internetbeveiling\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internetbeveiling\Common\FSHDLL32.EXE C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe C:\Program Files\Internetbeveiling\FWES\Program\fsdfwd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Internetbeveiling\Common\FSM32.EXE C:\WINDOWS\system32\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe C:\Program Files\Internetbeveiling\Anti-Virus\FSGK32.EXE C:\Program Files\Internetbeveiling\Anti-Virus\fssm32.exe C:\Program Files\Internetbeveiling\Anti-Virus\fsav32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiling\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiling\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\system32\qttask.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F-1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F-1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236758866687 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiling\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiling\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internetbeveiling\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiling\ORSP Client\fsorsp.exe O23 - Service: Acronis OS Selector activeren (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 8704 bytes kunnen jullie mij wederom van uitstekend advies dienen? grtz. Mark
  3. Hallo ik heb nog even een kleine aanvulling gemaakt op mijn vorige berichtje, zie boven jou bericht. Enneh ontzettend bedankt voor de je hulp. Ik hoop dat ik je hulp om deze redenen nooit meer hoeft te gebruiken omdat mijn pc dan mooi schoon blijft zonder problemen. Mocht ik onverhoopt wel iets tegenkomen waar ik zelf niet uitkom, zal ik niet schromen om jullie hulp in te roepen. Het programma combofix is dat gewoon te gebruiken om hardnekkige virussen e.d. te verwijderen die er met je reguliere spamfilter, virusscanner niet wordt gedetecteerd? grtz. Mark
  4. moggeh, er waren geen specifieke merkbare problemen met de pc, alleen wat spam mail van casino's e.d. waar ik nooit iets mee heb gehad. Die heb ik nu even niet meer maar dat geeft geen garantie voor de toekomst haha. Opstarten lijkt wel iets sneller dus mogelijk heb ik er toch mijn voordeel mee gedaan. het bstand .jordan waar het allemaal om begon staat er nog steeds onder c:/documents and settings/eigenaar/.jordan Waar dit bestand vandaan komt heb ik geen idee van. Jullie misschien wel? Moet ik verder nog wat programmaatjes verwijderen? HIJjackthis? MBAM Malware? ofCombofix? die heeft een map Qoobox aangemaakt met diverse submapjes zoals quarantine. met deze inhoud: 2012-01-04 21:10:55 . 2011-10-30 19:21:13 24,576 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Eigenaar\LOCALS~1\Temp\IadHide4.dll.vir 2012-01-04 21:04:21 . 2012-01-04 21:04:21 6,989 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-01-04 20:57:36 . 2012-01-04 20:57:36 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2011-10-08 13:48:47 . 2011-10-30 20:00:51 81,920 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\bwUnin-6.1.4.68-8876480L.exe.vir 2006-11-02 20:53:24 . 2011-10-30 20:49:50 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET94.tmp.vir 2006-10-18 19:47:22 . 2011-10-30 20:49:50 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4C.tmp.vir 2006-10-18 19:47:20 . 2011-10-30 20:49:50 157,184 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET44.tmp.vir 2006-10-18 19:47:18 . 2011-10-30 20:49:49 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET40.tmp.vir grtz. Mark
  5. here it is...... ComboFix 12-01-04.03 - Eigenaar 04-01-2012 22:01:51.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3327.2450 [GMT 1:00] Gestart vanuit: e:\hijack this programma\ComboFix.exe AV: Ziggo internetbeveiliging 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Ziggo internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Eigenaar\LOCALS~1\Temp\IadHide4.dll c:\documents and settings\Eigenaar\Local Settings\Temp\IadHide4.dll c:\documents and settings\Eigenaar\WINDOWS c:\windows\bwUnin-6.1.4.68-8876480L.exe c:\windows\system32\SET40.tmp c:\windows\system32\SET44.tmp c:\windows\system32\SET4C.tmp c:\windows\system32\SET94.tmp . c:\windows\system32\drivers\i8042prt.sys was verdwenen Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\i8042prt.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))) . . 2012-01-04 21:05 . 2011-10-30 20:05 53504 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-01-04 21:05 . 2011-10-30 20:05 53504 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-01-04 19:56 . 2012-01-04 19:56 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-01-04 19:56 . 2012-01-04 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-04 19:56 . 2012-01-04 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-04 19:56 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-04 19:42 . 2012-01-04 19:42 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-04 19:42 . 2012-01-04 19:42 -------- d-----w- c:\program files\Trend Micro 2012-01-04 07:13 . 2012-01-04 07:13 -------- d-----w- c:\documents and settings\Demi\Application Data\Garmin 2011-12-24 13:29 . 2011-12-24 13:29 -------- d-----w- c:\program files\Garmin GPS Plugin 2011-12-24 13:28 . 2011-12-24 13:28 -------- d-----w- c:\program files\DIFX 2011-12-12 16:51 . 2011-12-12 16:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft 2011-12-11 20:47 . 2011-12-24 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Garmin 2011-12-11 20:47 . 2011-12-24 13:29 -------- d-----w- c:\program files\Garmin 2011-12-11 20:43 . 2011-12-11 20:43 -------- d-----w- c:\program files\Microsoft.NET 2011-12-11 20:41 . 2011-12-24 13:32 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-29 16:26 . 2011-10-10 18:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 20:13 . 2011-11-23 19:40 69632 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe 2011-11-23 20:13 . 2011-11-23 19:40 65536 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe 2011-11-23 20:13 . 2011-11-23 19:40 49152 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe 2011-11-23 20:13 . 2011-11-23 19:40 45056 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe 2011-11-23 20:13 . 2011-11-23 19:40 434176 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe 2011-11-23 20:13 . 2011-11-23 19:40 40960 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe 2011-11-23 20:13 . 2011-11-23 19:40 69632 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe 2011-11-23 14:40 . 2011-10-30 20:50 1859712 ------w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2011-10-30 20:50 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2011-10-08 12:37 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2011-10-30 20:49 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-30 21:10 . 2011-10-30 21:10 1882904 ------w- c:\windows\system32\AutoPartNt.exe 2011-10-30 20:51 . 2002-09-11 12:00 707 ----a-w- c:\windows\_default.pif 2011-10-30 20:51 . 2002-09-11 12:00 287232 ----a-w- c:\windows\winhlp32.exe 2011-10-30 20:51 . 2002-09-11 12:00 257072 ----a-w- c:\windows\winhelp.exe 2011-10-30 20:51 . 2011-10-08 14:47 290816 ----a-w- c:\windows\vncutil.exe 2011-10-30 20:51 . 2002-09-11 12:00 18944 ----a-w- c:\windows\vmmreg32.dll 2011-10-30 20:51 . 2011-10-08 12:21 299008 ----a-w- c:\windows\uninst.exe 2011-10-30 20:51 . 2002-09-11 12:00 50688 ----a-w- c:\windows\twain_32.dll 2011-10-30 20:51 . 2002-09-11 12:00 49680 ----a-w- c:\windows\twunk_16.exe 2011-10-30 20:51 . 2002-09-11 12:00 25600 ----a-w- c:\windows\twunk_32.exe 2011-10-30 20:51 . 2002-09-11 12:00 94784 ----a-w- c:\windows\twain.dll 2011-10-30 20:50 . 2011-10-10 20:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-10-30 20:50 . 2011-10-08 14:05 15872 ----a-w- c:\windows\TASKMAN.EXE 2011-10-30 20:50 . 2002-09-11 12:00 340992 ------w- c:\windows\system32\zipfldr.dll 2011-10-30 20:50 . 2011-10-30 20:50 2962432 ------w- c:\windows\system32\xpsp2res.dll 2011-10-30 20:50 . 2011-10-10 20:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-10-30 20:50 . 2011-10-08 12:37 437248 ------w- c:\windows\system32\xpob2res.dll 2011-10-30 20:50 . 2011-10-08 12:37 50176 ------w- c:\windows\system32\xmlprovi.dll 2011-10-30 20:50 . 2011-10-08 12:37 129024 ------w- c:\windows\system32\xmlprov.dll 2011-10-30 20:50 . 2011-10-08 12:09 11776 ------w- c:\windows\system32\xolehlp.dll 2011-10-30 20:50 . 2008-05-05 05:25 5632 ------w- c:\windows\system32\xpsp4res.dll 2011-10-30 20:50 . 2002-09-11 12:00 196096 ------w- c:\windows\system32\xpsp1res.dll 2011-10-30 20:50 . 2011-10-30 20:50 52736 ------w- c:\windows\system32\wzcsapi.dll 2011-10-30 20:50 . 2011-10-30 20:50 483840 ------w- c:\windows\system32\wzcsvc.dll 2011-10-30 20:50 . 2011-10-30 20:50 44768 ------w- c:\windows\system32\wups2.dll 2011-10-30 20:50 . 2011-10-30 20:50 384000 ------w- c:\windows\system32\wzcdlg.dll 2011-10-30 20:50 . 2011-10-08 12:37 35552 ------w- c:\windows\system32\wups.dll 2011-10-30 20:50 . 2011-10-08 12:37 209632 ------w- c:\windows\system32\wuweb.dll 2011-10-30 20:50 . 2006-09-28 16:56 316416 ------w- c:\windows\system32\WUDFx.dll 2011-10-30 20:50 . 2002-09-11 12:00 91648 ------w- c:\windows\system32\xactsrv.dll 2011-10-30 20:50 . 2002-09-11 12:00 32256 ------w- c:\windows\system32\wupdmgr.exe 2011-10-30 20:50 . 2002-09-11 12:00 30720 ------w- c:\windows\system32\xcopy.exe 2011-10-30 20:50 . 2002-09-11 12:00 175736 ------w- c:\windows\system32\xenroll.dll 2011-10-30 20:50 . 2011-10-30 20:50 6656 ------w- c:\windows\system32\wuauserv.dll 2011-10-30 20:50 . 2011-10-30 20:50 1929952 ------w- c:\windows\system32\wuaueng.dll 2011-10-30 20:50 . 2011-10-08 12:37 327896 ------w- c:\windows\system32\wucltui.dll 2011-10-30 20:50 . 2011-10-08 12:37 217816 ------w- c:\windows\system32\wuaucpl.cpl 2011-10-30 20:50 . 2011-10-08 12:37 183808 ------w- c:\windows\system32\wuaueng1.dll 2011-10-30 20:50 . 2009-08-06 17:24 18144 ------w- c:\windows\system32\wuaueng.dll.mui 2011-10-30 20:50 . 2009-08-06 17:23 15584 ------w- c:\windows\system32\wuaucpl.cpl.mui 2011-10-30 20:50 . 2009-08-06 17:23 23776 ------w- c:\windows\system32\wucltui.dll.mui 2011-10-30 20:50 . 2006-09-28 18:13 95344 ------w- c:\windows\system32\WUDFCoinstaller.dll 2011-10-30 20:50 . 2006-09-28 16:56 146432 ------w- c:\windows\system32\WudfHost.exe 2011-10-30 20:50 . 2006-09-28 16:56 165376 ------w- c:\windows\system32\WudfPlatform.dll 2011-10-30 20:50 . 2006-09-28 16:56 55808 ------w- c:\windows\system32\WudfSvc.dll 2011-10-30 20:50 . 2011-10-30 20:50 41984 ------w- c:\windows\system32\wsnmp32.dll 2011-10-30 20:50 . 2011-10-30 20:50 24576 ------w- c:\windows\system32\wsock32.dll 2011-10-30 20:50 . 2011-10-30 20:50 19456 ------w- c:\windows\system32\wshtcpip.dll 2011-10-30 20:50 . 2011-10-30 20:50 18432 ------w- c:\windows\system32\wtsapi32.dll 2011-10-30 20:50 . 2011-10-08 12:37 575704 ------w- c:\windows\system32\wuapi.dll 2011-10-30 20:50 . 2011-10-08 12:37 167936 ------w- c:\windows\system32\wuauclt1.exe 2011-10-30 20:50 . 2011-10-08 12:08 53472 ------w- c:\windows\system32\wuauclt.exe 2011-10-30 20:50 . 2009-08-06 17:24 15584 ------w- c:\windows\system32\wuapi.dll.mui 2011-10-30 20:50 . 2002-09-11 12:00 57392 ------w- c:\windows\system32\wshnl.dll 2011-10-30 20:50 . 2002-09-11 12:00 51200 ------w- c:\windows\system32\wstdecod.dll 2011-10-30 20:50 . 2002-09-11 12:00 135168 ------w- c:\windows\system32\wshom.ocx 2011-10-30 20:50 . 2002-09-11 12:00 11264 ------w- c:\windows\system32\wshrm.dll 2011-10-30 20:50 . 2011-10-30 20:50 82432 ------w- c:\windows\system32\ws2_32.dll 2011-10-30 20:50 . 2011-10-30 20:50 80896 ------w- c:\windows\system32\wscsvc.dll 2011-10-30 20:50 . 2011-10-30 20:50 19968 ------w- c:\windows\system32\ws2help.dll 2011-10-30 20:50 . 2011-10-08 12:37 148480 ------w- c:\windows\system32\wscui.cpl 2011-10-30 20:50 . 2011-10-08 12:37 13824 ------w- c:\windows\system32\wscntfy.exe 2011-10-30 20:50 . 2011-10-08 12:37 108032 ------w- c:\windows\system32\wshbth.dll 2011-10-30 20:50 . 2011-10-08 12:09 5632 ------w- c:\windows\system32\write.exe 2011-10-30 20:50 . 2006-10-18 19:47 629760 ------w- c:\windows\system32\wpd_ci.dll 2011-10-30 20:50 . 2002-09-11 12:00 9216 ------w- c:\windows\system32\wshatm.dll 2011-10-30 20:50 . 2002-09-11 12:00 90112 ------w- c:\windows\system32\wshext.dll 2011-10-30 20:50 . 2002-09-11 12:00 7168 ------w- c:\windows\system32\wshnetbs.dll 2011-10-30 20:50 . 2002-09-11 12:00 36864 ------w- c:\windows\system32\wshcon.dll 2011-10-30 20:50 . 2002-09-11 12:00 155648 ------w- c:\windows\system32\wscript.exe 2011-10-30 20:50 . 2002-09-11 12:00 14336 ------w- c:\windows\system32\wship6.dll 2011-10-30 20:50 . 2002-09-11 12:00 11776 ------w- c:\windows\system32\wshisn.dll 2011-10-30 20:50 . 2002-09-11 12:00 11776 ------w- c:\windows\system32\wpnpinst.exe 2011-10-30 20:50 . 2011-10-30 20:50 133632 ------w- c:\windows\system32\WPDShServiceObj.dll 2011-10-30 20:50 . 2006-11-02 09:52 42496 ------w- c:\windows\system32\wpdshextres.dll 2011-10-30 20:50 . 2006-10-18 19:47 63488 ------w- c:\windows\system32\wpdmtpus.dll 2011-10-30 20:50 . 2006-10-18 19:47 35840 ------w- c:\windows\system32\wpdconns.dll 2011-10-30 20:50 . 2006-10-18 19:47 356352 ------w- c:\windows\system32\wpdsp.dll 2011-10-30 20:50 . 2006-10-18 19:47 2603008 ------w- c:\windows\system32\WpdShext.dll 2011-10-30 20:50 . 2006-10-18 19:47 154624 ------w- c:\windows\system32\wpdmtp.dll 2011-10-30 20:50 . 2006-10-18 18:00 17408 ------w- c:\windows\system32\wpdshextautoplay.exe 2011-10-30 20:50 . 2011-10-30 20:50 264704 ------w- c:\windows\system32\wow32.dll 2011-10-30 20:50 . 2006-10-18 19:47 767488 ------w- c:\windows\system32\WMVSENCD.dll 2011-10-30 20:50 . 2006-10-18 19:47 656896 ------w- c:\windows\system32\WMVXENCD.dll 2011-10-30 20:50 . 2006-10-18 19:47 1574912 ------w- c:\windows\system32\WMVENCOD.dll 2011-10-30 20:50 . 2006-10-18 19:47 1382912 ------w- c:\windows\system32\WMVSDECD.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2011-10-30 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys [7] 2011-10-30 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys [7] 2011-10-30 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2011-10-30 20:47 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys [7] 2011-10-30 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [7] 2011-10-30 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2011-10-30 196608] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2011-10-30 20480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-30 13892200] "NvMediaCenter"="NvMCTray.dll" [2011-10-30 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-10-30 1632360] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2011-10-30 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2011-10-30 458752] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-30 49208] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2011-10-30 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2011-10-30 2349664] "RTHDCPL"="RTHDCPL.EXE" [2011-10-30 18671104] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2011-10-30 6036992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-10-30 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-10-30 937920] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-10-30 1778064] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-30 2595616] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2011-10-30 909208] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-10-30 140568] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-09 1442152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2011-10-30 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-10-8 450560] MBCameraMonitor.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-10-10 541976] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10-10-2011 18:23 160640] R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10-10-2011 18:23 5248] R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [8-10-2011 15:25 42672] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8-10-2011 15:25 82120] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8-10-2011 17:16 697328] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [8-10-2011 15:25 68064] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [30-10-2011 20:17 90112] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [30-10-2011 20:24 2255464] R2 OS Selector;Acronis OS Selector activeren;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [30-10-2011 20:11 2159224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [10-10-2011 19:35 44432] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [8-10-2011 15:24 148632] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [30-10-2011 20:21 61088] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8-10-2011 15:47 1684736] S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7-11-2006 3:32 46976] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2011-06-20 14:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uInternet Settings,ProxyOverride = localhost IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-04 22:11 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1024) c:\program files\internetbeveiliging\hips\fshook32.dll c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll . - - - - - - - > 'lsass.exe'(1080) c:\windows\system32\relog_ap.dll c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL c:\program files\internetbeveiliging\hips\fshook32.dll c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll . - - - - - - - > 'explorer.exe'(2492) c:\program files\internetbeveiliging\hips\fshook32.dll c:\program files\NVIDIA Corporation\nView\nview.dll c:\program files\NVIDIA Corporation\nView\NVWRSNL.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . - - - - - - - > 'csrss.exe'(992) c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files\Internetbeveiliging\Common\FSMA32.EXE c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe c:\windows\system32\wscntfy.exe c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe . ************************************************************************** . Voltooingstijd: 2012-01-04 22:16:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-04 21:16 . Pre-Run: 25.104.134.144 bytes beschikbaar Post-Run: 26.176.270.336 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 551A4ED024CB15085547C2A17B1E4959 grtz. Mark
  6. nog niet maar ik ga meteen aan mun werk! tot zo. grtz:top:
  7. Daar had ik al op gerekend dus hier istie sneller dan snel. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Databaseversie: v2012.01.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Eigenaar :: PCHUISKAMER [administrator] 4-1-2012 20:57:58 mbam-log-2012-01-04 (20-57-58).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 234236 Verstreken tijd: 11 minuut/minuten, 51 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) grtz. Mark
  8. Heb een .jordan bestand gevonden op mijn pc. Heb via via hijackthis geinstalleerd. Maar dit log begrijp ik niet. Wie kan dit lezen en mij adviseren wat to do next? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:13:58, on 4-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE C:\Program Files\Internetbeveiliging\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe C:\Program Files\Internetbeveiliging\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Internetbeveiliging\Common\FSM32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe" -b O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-21-1708537768-1788223648-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1708537768-1788223648-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Demi') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: MBCameraMonitor.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/canvasx.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Acronis OS Selector activeren (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 10287 bytes grtz. Mark:hmmmm:
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.