Ga naar inhoud

aartje

Lid
  • Items

    10
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door aartje

  1. Vanaf het "welkom" tot het buroblad 35 seconden! Dan zie ik links onderin beeld Soluto die het buroblad een beetje omvouwt en vertelt wat er nog allemaal opgestart wordt en hoelang dat nog duurt. Totale opstarttijd was nu: 1:25 seconden!​ ---------- Post toegevoegd om 09:05 ---------- Vorige post was om 09:02 ---------- 1:25 staat voor 1 min en 25 seconden :
  2. Ik krijg steeds de volgende berichten: Ik probeer de vorige test nog een keer. Combolog: ComboFix 12-01-09.03 - Henk 19-01-2012 8:13:08.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2840 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Henk\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: C:\Documents and Settings\Henk\Bureaublad\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} - VERMINDERDE FUNCTIONALITEIT MODUS - (((((((((((((((((((( Bestanden Gemaakt van 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))) 2012-01-18 15:18:12 . 2012-01-18 15:18:12 -------- d-----w- C:\WINDOWS\system32\drivers\NSS 2012-01-18 15:18:12 . 2012-01-18 15:18:12 -------- d-----w- C:\Program Files\Norton Security Scan 2012-01-18 15:18:08 . 2012-01-18 15:18:08 -------- d-----w- C:\Program Files\NortonInstaller 2012-01-18 14:00:51 . 2012-01-18 14:00:51 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\iolo 2012-01-18 13:18:12 . 2012-01-18 13:18:12 -------- d-----w- C:\WINDOWS\system32\Adobe 2012-01-18 10:28:50 . 2008-04-14 16:35:51 53504 ----a-w- C:\WINDOWS\system32\drivers\i8042prt.sys 2012-01-18 07:52:16 . 2012-01-18 07:52:16 -------- d-----w- C:\Documents and Settings\Henk\Application Data\Malwarebytes 2012-01-18 07:51:49 . 2012-01-18 07:51:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-01-18 07:51:46 . 2012-01-18 07:51:53 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2012-01-18 07:51:46 . 2011-12-10 14:24:06 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2012-01-17 14:30:11 . 2012-01-17 14:30:11 388096 ----a-r- C:\Documents and Settings\Henk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-17 13:51:28 . 2012-01-02 16:15:26 51144 ----a-w- C:\WINDOWS\system32\drivers\Soluto.sys 2012-01-17 13:51:20 . 2012-01-17 13:51:33 -------- d-----w- C:\Program Files\Soluto 2012-01-17 13:50:52 . 2012-01-17 14:02:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Soluto 2012-01-16 07:57:29 . 2012-01-19 07:10:47 -------- d--h--r- C:\Documents and Settings\Henk\Onlangs geopend 2012-01-16 07:55:21 . 2012-01-16 07:55:22 -------- d-----w- C:\Program Files\CCleaner 2012-01-10 09:02:34 . 2012-01-10 09:02:34 -------- d-----w- C:\Program Files\Common Files\Java 2012-01-09 09:56:31 . 2012-01-09 09:56:33 -------- d-----w- C:\Documents and Settings\Henk\Local Settings\Application Data\Thunderbird 2012-01-09 09:56:31 . 2012-01-09 09:56:33 -------- d-----w- C:\Documents and Settings\Henk\Application Data\Thunderbird 2012-01-09 09:56:15 . 2012-01-09 09:56:24 -------- d-----w- C:\Program Files\Mozilla Thunderbird . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-11-25 21:57:58 . 2004-09-13 19:09:46 293888 ----a-w- C:\WINDOWS\system32\winsrv.dll 2011-11-23 14:40:48 . 2011-09-15 12:41:06 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys 2011-11-20 06:12:53 . 2004-09-13 19:01:47 60928 ----a-w- C:\WINDOWS\system32\packager.exe 2011-11-16 14:22:18 . 2011-09-15 12:41:06 152064 ----a-w- C:\WINDOWS\system32\schannel.dll 2011-11-16 14:22:18 . 2004-09-13 19:09:36 354816 ----a-w- C:\WINDOWS\system32\winhttp.dll 2011-11-10 04:54:13 . 2010-10-25 13:42:57 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-11-10 02:27:10 . 2011-02-09 07:51:43 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2011-11-08 10:39:08 . 2011-11-04 07:22:24 2078208 ----a-w- C:\WINDOWS\system32\Incinerator32.dll 2011-11-08 10:11:10 . 2011-10-31 07:25:13 29696 ----a-w- C:\WINDOWS\system32\iolobtdfg.exe 2011-11-08 10:11:02 . 2011-10-31 07:25:13 11776 ----a-w- C:\WINDOWS\system32\smrgdf.exe 2011-11-04 19:13:23 . 2004-09-13 19:09:36 916992 ----a-w- C:\WINDOWS\system32\wininet.dll 2011-11-04 19:13:22 . 2004-09-13 18:57:27 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll 2011-11-04 19:13:22 . 2004-09-13 18:55:59 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl 2011-11-04 11:25:39 . 2004-09-13 18:55:35 385024 ----a-w- C:\WINDOWS\system32\html.iec 2011-11-03 15:29:18 . 2004-09-13 19:02:40 1296384 ----a-w- C:\WINDOWS\system32\quartz.dll 2011-11-03 15:29:18 . 2004-09-13 19:02:36 386560 ----a-w- C:\WINDOWS\system32\qdvd.dll 2011-11-01 16:07:16 . 2004-09-13 19:01:36 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll 2011-10-31 07:22:46 . 2011-10-31 07:22:46 74703 ----a-w- C:\WINDOWS\system32\mfc45.dll 2011-10-28 05:32:20 . 2011-09-15 12:41:07 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll 2011-10-26 10:50:01 . 2011-09-15 12:41:01 2153472 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe 2011-10-26 10:50:01 . 2011-09-15 12:41:01 2031616 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 07:15:42 1461080] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit," [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Controller.LNK] backup=C:\WINDOWS\pss\Controller.LNKCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] backup=C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] backup=C:\WINDOWS\pss\Snelstart HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TMMonitor.lnk] backup=C:\WINDOWS\pss\TMMonitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Henk^Menu Start^Programma's^Opstarten^Webshots.lnk] backup=C:\WINDOWS\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37:53 843712 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09:06 63712 -c--a-w- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47:04 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-07-07 15:54:00 399312 ----a-w- C:\Program Files\Ask.com\Updater\Updater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 17:03:20 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17:32 49152 -c--a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IR_SERVER] 2007-04-16 10:45:48 139264 -c--a-w- C:\Program Files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2009-05-05 14:06:06 222496 ----a-w- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2008-06-06 14:08:40 198184 -c--a-w- C:\Program Files\KPN\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater] 2011-05-20 06:50:30 1979776 ----a-w- C:\Program Files\KPN\KPN Update\KPNAssistentUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03:07 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12:58 3872080 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2008-06-17 14:00:34 1249280 -c--a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2009-04-17 12:33:34 54576 -c--a-w- C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2008-08-11 06:31:54 1124352 ----a-w- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18:00 443968 -c--a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage] 2009-10-19 08:32:36 5592352 ----a-w- C:\Program Files\Nuance\OmniPage17\OmniPage17.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-15 17:50:12 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 16:20:44 339968 -c--a-w- C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 13:15:04 13351304 ----a-r- C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48:33 479232 ----a-w- C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\KPN\\agent\\bin\\bcont.exe"= "C:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "C:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "C:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "C:\\Documents and Settings\\Henk\\Mijn documenten\\Downloads\\solutoinstaller-Wm56Jed9YG.exe"= "C:\\Program Files\\Soluto\\Soluto.exe"= "C:\\Program Files\\Soluto\\SolutoService.exe"= "C:\\Program Files\\Soluto\\SolutoConsole.exe"= "C:\\Program Files\\Soluto\\SolutoUpdateService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 Soluto;Soluto;C:\WINDOWS\system32\drivers\Soluto.sys [17-1-2012 14:51:28 51144] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [7-10-2009 8:18:36 35168] R2 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 17:21:52 249648] R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16:50 472280] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [31-10-2011 8:26:15 722616] R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2-1-2012 17:30:20 515104] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;C:\WINDOWS\system32\drivers\aabed2.sys [20-3-2008 3:34:52 21888] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37:50 4640000] S2 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 15:23:42 196176] S2 gupdate;Google Updateservice (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28:17 135664] S3 cpuz135;cpuz135;\??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys --> C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [?] S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28:17 135664] S3 NmPar;PCI Parallel Port;C:\WINDOWS\system32\drivers\NmPar.sys [24-12-2008 5:40:12 80256] S3 nmserial;PCI Serial Port;C:\WINDOWS\system32\drivers\NmSerial.sys [16-12-2008 6:10:34 70016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [8-9-2010 8:38:10 137344] S3 RTL2831UBDA;REALTEK 2831U BDA Driver;C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [6-1-2009 8:33:42 62720] S3 RTL2831UUSB;REALTEK 2831U USB Driver;C:\WINDOWS\system32\drivers\RTL2831UUSB.sys [6-1-2009 8:33:42 24064] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\system32\drivers\ssadbus.sys [12-8-2011 8:28:53 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\system32\drivers\ssadmdfl.sys [12-8-2011 8:28:56 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\system32\drivers\ssadmdm.sys [12-8-2011 8:28:56 136808] S4 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido anti-malware\guard.sys [22-11-2004 15:15:15 3072] S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);C:\Program Files\KPN\bin\sprtsvc.exe [6-6-2008 15:08:56 202016] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - BBSVC [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d7b70-bd50-11de-bd4c-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6701bc-683d-11dd-bc0e-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbae58d-c48a-11df-be3c-00123f77e8e0}] \Shell\AutoRun\command - I:\SanDiskMediaManager.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33e902c-ba27-11de-bd4a-00123f77e8e0}] \Shell\AutoRun\command - I:\laucher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1356e4-9306-11df-be0d-00123f77e8e0}] \Shell\AutoRun\command - I:\Install_Nokia_Ovi_Suite.exe Inhoud van de 'Gedeelde Taken' map 2012-01-19 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28:17 . 2011-12-02 14:28:07] 2012-01-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28:17 . 2011-12-02 14:28:07] 2012-01-18 C:\WINDOWS\Tasks\Norton Security Scan for Henk.job - C:\PROGRA~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-01-18 15:18:13 . 2011-11-04 07:02:38] 2011-11-18 C:\WINDOWS\Tasks\OGALogon.job - C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 13:07:42 . 2009-08-03 13:07:42] 2012-01-19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{008C2A0D-DC20-4263-AB42-901853D9E996}.job - C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 02:31:54] ------- Bijkomende Scan ------- uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://nl.msn.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.2.254 DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://192.168.2.250:9250/activex/AMC.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab Hijack probleempje: Hijacklog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:28:44, on 19-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Soluto\soluto.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] "C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" /nosplash O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375 O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7281 bytes
  3. Combo log: ComboFix 12-01-09.03 - Henk 18-01-2012 15:11:51.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2889 [GMT 1:00] Gestart vanuit: c:\documents and settings\Henk\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Henk\Bureaublad\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . - VERMINDERDE FUNCTIONALITEIT MODUS - . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Henk\Menu Start\Internet Explorer.lnk C:\Thumbs.db c:\windows\struct~.ini c:\windows\system32\muzapp.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))) . . 2012-01-18 14:00 . 2012-01-18 14:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo 2012-01-18 13:18 . 2012-01-18 13:18 -------- d-----w- c:\windows\system32\Adobe 2012-01-18 10:28 . 2008-04-14 16:35 53504 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-01-18 07:52 . 2012-01-18 07:52 -------- d-----w- c:\documents and settings\Henk\Application Data\Malwarebytes 2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-18 07:51 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-17 14:30 . 2012-01-17 14:30 388096 ----a-r- c:\documents and settings\Henk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-17 13:51 . 2012-01-02 16:15 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-01-17 13:51 . 2012-01-17 13:51 -------- d-----w- c:\program files\Soluto 2012-01-17 13:50 . 2012-01-17 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto 2012-01-16 07:57 . 2012-01-18 13:37 -------- d--h--r- c:\documents and settings\Henk\Onlangs geopend 2012-01-16 07:55 . 2012-01-16 07:55 -------- d-----w- c:\program files\CCleaner 2012-01-10 09:02 . 2012-01-10 09:02 -------- d-----w- c:\program files\Common Files\Java 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Local Settings\Application Data\Thunderbird 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Application Data\Thunderbird 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\program files\Mozilla Thunderbird . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-09-13 19:09 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2011-09-15 12:41 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-09-13 19:01 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-10 04:54 . 2010-10-25 13:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2011-02-09 07:51 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-08 10:39 . 2011-11-04 07:22 2078208 ----a-w- c:\windows\system32\Incinerator32.dll 2011-11-08 10:11 . 2011-10-31 07:25 29696 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-11-08 10:11 . 2011-10-31 07:25 11776 ----a-w- c:\windows\system32\smrgdf.exe 2011-11-04 19:13 . 2004-09-13 19:09 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-09-13 18:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-09-13 18:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-09-13 18:55 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2004-09-13 19:02 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-03 15:29 . 2004-09-13 19:02 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-01 16:07 . 2004-09-13 19:01 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 07:22 . 2011-10-31 07:22 74703 ----a-w- c:\windows\system32\mfc45.dll 2011-10-28 05:32 . 2011-09-15 12:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2011-09-15 12:41 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2011-09-15 12:41 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SymInstallStub"="c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe" [2012-01-18 294328] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit," . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Controller.LNK] backup=c:\windows\pss\Controller.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TMMonitor.lnk] backup=c:\windows\pss\TMMonitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Henk^Menu Start^Programma's^Opstarten^Webshots.lnk] backup=c:\windows\pss\Webshots.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-07-07 15:54 399312 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IR_SERVER] 2007-04-16 10:45 139264 -c--a-w- c:\program files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2009-05-05 14:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2008-06-06 14:08 198184 -c--a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater] 2011-05-20 06:50 1979776 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2008-06-17 14:00 1249280 -c--a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2009-04-17 12:33 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2008-08-11 06:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage] 2009-10-19 08:32 5592352 ----a-w- c:\program files\Nuance\OmniPage17\OmniPage17.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 16:20 339968 -c--a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\rundll32.exe"= "c:\\Program Files\\KPN\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Documents and Settings\\Henk\\Mijn documenten\\Downloads\\solutoinstaller-Wm56Jed9YG.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [17-1-2012 14:51 51144] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 8:18 35168] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16 472280] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [31-10-2011 8:26 722616] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2-1-2012 17:30 515104] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [20-3-2008 3:34 21888] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664] S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24-12-2008 5:40 80256] S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16-12-2008 6:10 70016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8-9-2010 8:38 137344] S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [6-1-2009 8:33 62720] S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [6-1-2009 8:33 24064] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12-8-2011 8:28 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12-8-2011 8:28 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12-8-2011 8:28 136808] S4 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [22-11-2004 15:15 3072] S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [6-6-2008 15:08 202016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d7b70-bd50-11de-bd4c-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6701bc-683d-11dd-bc0e-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbae58d-c48a-11df-be3c-00123f77e8e0}] \Shell\AutoRun\command - I:\SanDiskMediaManager.EXE . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33e902c-ba27-11de-bd4a-00123f77e8e0}] \Shell\AutoRun\command - I:\laucher.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1356e4-9306-11df-be0d-00123f77e8e0}] \Shell\AutoRun\command - I:\Install_Nokia_Ovi_Suite.exe . Inhoud van de 'Gedeelde Taken' map . 2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28] . 2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28] . 2011-11-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . 2012-01-18 c:\windows\Tasks\SymInstallStub.job - c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe [2012-01-18 13:18] . 2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{008C2A0D-DC20-4263-AB42-901853D9E996}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://nl.msn.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.2.254 DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://192.168.2.250:9250/activex/AMC.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-18 15:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}*] "SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21, 5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,0d,b0,b2, ed,74,50,00,3a,71,36,12,90,07,fb,e8,eb,3d,4f,9b,01,a7,c7,93,02,ae,f2,66,90,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-01-18 15:16:29 ComboFix-quarantined-files.txt 2012-01-18 14:16 ComboFix2.txt 2012-01-18 10:37 . Pre-Run: 113.226.334.208 bytes beschikbaar Post-Run: 113.218.392.064 bytes beschikbaar . - - End Of File - - 5CCE0036E59CCAE150F081BFFA057D5E Hijack log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:17:15, on 18-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Soluto\soluto.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [symInstallStub] C:\WINDOWS\system32\Adobe\Shockwave 11\SymInstallStub.exe /partnerid=adobe /productlist=nss /staging=false /delay=5 /lang=Dutch /desktopshortcut=1 /startmenushortcut=1 /tasktries=1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375 O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7384 bytes
  4. Logfile Combofix: ComboFix 12-01-09.03 - Henk 18-01-2012 11:27:31.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3582.2523 [GMT 1:00] Gestart vanuit: c:\documents and settings\Henk\Bureaublad\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . - VERMINDERDE FUNCTIONALITEIT MODUS - . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . c:\windows\system32\drivers\i8042prt.sys was verdwenen Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\i8042prt.sys . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))) . . 2012-01-18 10:28 . 2008-04-14 16:35 53504 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-01-18 07:52 . 2012-01-18 07:52 -------- d-----w- c:\documents and settings\Henk\Application Data\Malwarebytes 2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-01-18 07:51 . 2012-01-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-01-18 07:51 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-17 14:30 . 2012-01-17 14:30 388096 ----a-r- c:\documents and settings\Henk\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-17 13:51 . 2012-01-02 16:15 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-01-17 13:51 . 2012-01-17 13:51 -------- d-----w- c:\program files\Soluto 2012-01-17 13:50 . 2012-01-17 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto 2012-01-16 07:57 . 2012-01-18 09:53 -------- d--h--r- c:\documents and settings\Henk\Onlangs geopend 2012-01-16 07:55 . 2012-01-16 07:55 -------- d-----w- c:\program files\CCleaner 2012-01-10 09:02 . 2012-01-10 09:02 -------- d-----w- c:\program files\Common Files\Java 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Local Settings\Application Data\Thunderbird 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\documents and settings\Henk\Application Data\Thunderbird 2012-01-09 09:56 . 2012-01-09 09:56 -------- d-----w- c:\program files\Mozilla Thunderbird . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-09-13 19:09 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2011-09-15 12:41 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-09-13 19:01 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-10 04:54 . 2010-10-25 13:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-10 02:27 . 2011-02-09 07:51 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-08 10:39 . 2011-11-04 07:22 2078208 ----a-w- c:\windows\system32\Incinerator32.dll 2011-11-08 10:11 . 2011-10-31 07:25 29696 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-11-08 10:11 . 2011-10-31 07:25 11776 ----a-w- c:\windows\system32\smrgdf.exe 2011-11-04 19:13 . 2004-09-13 19:09 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-09-13 18:57 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-09-13 18:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-09-13 18:55 385024 ----a-w- c:\windows\system32\html.iec 2011-11-03 15:29 . 2004-09-13 19:02 1296384 ----a-w- c:\windows\system32\quartz.dll 2011-11-03 15:29 . 2004-09-13 19:02 386560 ----a-w- c:\windows\system32\qdvd.dll 2011-11-01 16:07 . 2004-09-13 19:01 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-31 07:22 . 2011-10-31 07:22 74703 ----a-w- c:\windows\system32\mfc45.dll 2011-10-28 05:32 . 2011-09-15 12:41 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2011-09-15 12:41 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2011-09-15 12:41 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-07 1491920] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit," . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Controller.LNK] backup=c:\windows\pss\Controller.LNKCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^TMMonitor.lnk] backup=c:\windows\pss\TMMonitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Henk^Menu Start^Programma's^Opstarten^Webshots.lnk] backup=c:\windows\pss\Webshots.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BinatoneInternetPhone HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WFXSwtch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-07-07 15:54 399312 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2008-04-14 17:03 110592 ----a-w- c:\windows\system32\bthprops.cpl . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IR_SERVER] 2007-04-16 10:45 139264 -c--a-w- c:\program files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2009-05-05 14:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN] 2008-06-06 14:08 198184 -c--a-w- c:\program files\KPN\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPNAssistentUpdater] 2011-05-20 06:50 1979776 ----a-w- c:\program files\KPN\KPN Update\KPNAssistentUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 17:03 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2008-06-17 14:00 1249280 -c--a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor] 2009-04-17 12:33 54576 -c--a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2008-08-11 06:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-08-21 01:18 443968 -c--a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage] 2009-10-19 08:32 5592352 ----a-w- c:\program files\Nuance\OmniPage17\OmniPage17.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 16:20 339968 -c--a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\rundll32.exe"= "c:\\Program Files\\KPN\\agent\\bin\\bcont.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Documents and Settings\\Henk\\Mijn documenten\\Downloads\\solutoinstaller-Wm56Jed9YG.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [17-1-2012 14:51 51144] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 8:18 35168] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16 472280] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [31-10-2011 8:26 722616] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2-1-2012 17:30 515104] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [20-3-2008 3:34 21888] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-12-2011 15:28 135664] S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24-12-2008 5:40 80256] S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [16-12-2008 6:10 70016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8-9-2010 8:38 137344] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000] S3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [6-1-2009 8:33 62720] S3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\drivers\RTL2831UUSB.sys [6-1-2009 8:33 24064] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12-8-2011 8:28 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12-8-2011 8:28 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12-8-2011 8:28 136808] S4 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [22-11-2004 15:15 3072] S4 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [6-6-2008 15:08 202016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d7b70-bd50-11de-bd4c-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d6701bc-683d-11dd-bc0e-00123f77e8e0}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cbae58d-c48a-11df-be3c-00123f77e8e0}] \Shell\AutoRun\command - I:\SanDiskMediaManager.EXE . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b33e902c-ba27-11de-bd4a-00123f77e8e0}] \Shell\AutoRun\command - I:\laucher.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa1356e4-9306-11df-be0d-00123f77e8e0}] \Shell\AutoRun\command - I:\Install_Nokia_Ovi_Suite.exe . Inhoud van de 'Gedeelde Taken' map . 2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28] . 2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 14:28] . 2011-11-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] . 2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{008C2A0D-DC20-4263-AB42-901853D9E996}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://nl.msn.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.2.254 DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - hxxp://192.168.2.250:9250/activex/AMC.cab DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 .txt=UltraEdit.txt . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) MSConfigStartUp-OpAgent - OpAgent.exe MSConfigStartUp-smgr - mgrs.exe MSConfigStartUp-WinFaxAppPortStarter - wfxsnt40.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-18 11:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}*] "SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21, 5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,0d,b0,b2, ed,74,50,00,3a,71,36,12,90,07,fb,e8,eb,3d,4f,9b,01,a7,c7,93,02,ae,f2,66,90,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3296) c:\windows\system32\msi.dll c:\program files\MuvEnum\AddressBar\MuvEnumAddressBar_x86.dll c:\program files\MuvEnum\AddressBar\BandObjectLib.dll c:\program files\MuvEnum\AddressBar\ComponentFactory.Krypton.Toolkit.dll c:\program files\MuvEnum\AddressBar\NLog.dll c:\program files\MuvEnum\AddressBar\System.Data.SQLite.dll c:\program files\MuvEnum\AddressBar\Newtonsoft.Json.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\SCardSvr.exe c:\program files\Soluto\soluto.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-01-18 11:37:27 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-18 10:37 . Pre-Run: 114.165.194.752 bytes beschikbaar Post-Run: 114.275.348.480 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DDED51EDE79BEA7E1D1DE5EE25932FF6 Logfile Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:40:55, on 18-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Soluto\soluto.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375 O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7156 bytes
  5. OEPS! Komt ie: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:30:37, on 18-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Soluto\soluto.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375 O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7429 bytes
  6. Via de link MBAM (Malwarebytes Anti-Malware) kwam ik steeds op Majorgeeks uit. Maar ik heb het wel via een andere weg gevonden. Hier de logfile: Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.01.18.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Henk :: WERK [administrator] 18-1-2012 8:53:30 mbam-log-2012-01-18 (08-53-30).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 180083 Verstreken tijd: 4 minuut/minuten, 53 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 7 HKCR\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (NOTEPAD.EXE %1) Goed: ("%1" /S) -> Succesvol in quarantaine geplaatst en gerepareerd. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: (NOTEPAD.EXE %1) Goed: (regedit.exe "%1") -> Succesvol in quarantaine geplaatst en gerepareerd. Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Documents and Settings\Henk\Mijn documenten\Downloads\installer_avicodec_Nederlands_Dutch.exe (PUP.SmsPay.pns) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Henk\Mijn documenten\Downloads\installer_ewido_anti-spyware_4_0_Dutch.exe (PUP.SmsPay.PGen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
  7. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:32:34, on 17-1-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Soluto\soluto.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199779292375 O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://192.168.2.250:9250/activex/AMC.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Filter: AutorunsDisabled - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 7976 bytes
  8. Goedemiddag, Het opstarten van mijn PC duurt soms wel zo'n8 minuten. Ik heb er niets bijzonders op waardoor hij veel werk heeft. Ik heb System Mechanic, Ccleaner ed er al naar laten snuffelen, maar het wordt er niet beter op Kunnen jullie zien wat er mis is? Vr. gr. Aartje
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.