
dries V
Lid-
Items
65 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door dries V
-
computer doet soms traag en raar
dries V reageerde op dries V's topic in Archief Bestrijding malware & virussen
Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Microsoft User on za 08/03/2014 at 11:48:13,32. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-03-07-154453.log 11468 bytes ==== Windows Installer Info ====================== Adobe Reader XI (11.0.06) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\WINDOWS\Installer\3f501a.msi Apple Application Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5A440F64B8EC691489E4B56D25E563D1]C:\WINDOWS\Installer\129c329.msi Apple Mobile Device Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\69FE29508D96B4E4C99C885FE88AF610]C:\WINDOWS\Installer\129c388.msi Apple Software Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF]C:\WINDOWS\Installer\caad5a.msi ATI Catalyst Control Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EF5D78AC2288AF14E848343A2F4240F6]C:\WINDOWS\Installer\f0f22.msi Bonjour [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2F5519759897D9468219D52080EEDB5]C:\WINDOWS\Installer\129c397.msi Call of Duty® 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\49750A0D2C8442441AA5F902CFDF3D47]C:\WINDOWS\Installer\3d3066.msi Citrix XenApp Plugin for Hosted Apps [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B031C88397004B640A5DCDD27D8AA9B7]C:\WINDOWS\Installer\e1ca0.msi iTunes [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80CB791C28D3156488686EC81275A883]C:\WINDOWS\Installer\129d2d7.msi Java 7 Update 40 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120704FF]C:\WINDOWS\Installer\1d7f6b.msi Java Auto Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401]C:\WINDOWS\Installer\1d7f79.msi Java 6 Update 33 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF238120633FF]C:\WINDOWS\Installer\dcbc04.msi Microsoft .NET Framework 2.0 Service Pack 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3]c:\WINDOWS\Installer\f4b24.msi Microsoft .NET Framework 3.0 Service Pack 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DC1503A46F231838AD88BCDDC8E8F7C]c:\WINDOWS\Installer\117114.msi Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D]C:\WINDOWS\Installer\12438d.msi Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5C1093C35543A0E32A41B090A305076A]C:\WINDOWS\Installer\106275.msi Microsoft .NET Framework 4 Client Profile NLD Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F1AF716240C0BBA3FA46D7B566023C14]C:\WINDOWS\Installer\10627a.msi Microsoft Office Access MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109510031400000000000F01FEC]C:\WINDOWS\Installer\1319ca.msi Microsoft Office Excel MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610031400000000000F01FEC]C:\WINDOWS\Installer\131986.msi Microsoft Office File Validation Add-In [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109500200000000000000F01FEC]C:\WINDOWS\Installer\3a2fc.msi Microsoft Office InfoPath MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109440031400000000000F01FEC]C:\WINDOWS\Installer\13199d.msi Microsoft Office Outlook MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10031400000000000F01FEC]C:\WINDOWS\Installer\13198c.msi Microsoft Office PowerPoint MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109810031400000000000F01FEC]C:\WINDOWS\Installer\131992.msi Microsoft Office Professional Plus 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109110000000000000000F01FEC]C:\WINDOWS\Installer\1319d1.msi Microsoft Office Proof (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10031400000000000F01FEC]C:\WINDOWS\Installer\1319a2.msi Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC]C:\WINDOWS\Installer\1319b3.msi Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC]C:\WINDOWS\Installer\1319ad.msi Microsoft Office Proof (German) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC]C:\WINDOWS\Installer\1319a7.msi Microsoft Office Proofing (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109C20031400000000000F01FEC]C:\WINDOWS\Installer\1319b8.msi Microsoft Office Publisher MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109910031400000000000F01FEC]C:\WINDOWS\Installer\1319be.msi Microsoft Office Shared MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60031400000000000F01FEC]C:\WINDOWS\Installer\131981.msi Microsoft Office Word MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109B10031400000000000F01FEC]C:\WINDOWS\Installer\1319c4.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\WINDOWS\Installer\97816a.msi Microsoft Software Update for Web Folders (Dutch) 12 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109010031400000000000F01FEC]C:\WINDOWS\Installer\131998.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\WINDOWS\Installer\47a0de.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\WINDOWS\Installer\efea80.msi Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E58EC68CABDDFF39B774E7BF9389C90]c:\WINDOWS\Installer\80545a.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\WINDOWS\Installer\a8a626.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\WINDOWS\Installer\13fbeff.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\WINDOWS\Installer\efeaab.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\WINDOWS\Installer\6285e.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\WINDOWS\Installer\fb8d0.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\WINDOWS\Installer\fb8d8.msi PASW Statistics 18 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CF51252C00950B849BC3D83397203721]C:\WINDOWS\Installer\14a9e82.msi QuickTime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ABFAB76BF9C4AF84496939E3B3520544]C:\WINDOWS\Installer\129c309.msi Samsung Kies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1038C85769625584FA5435B4210089A0]C:\WINDOWS\Installer\30dfea.msi ScanSoft PaperPort 11 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547FF8A75CBBB284884E813D7128949A]C:\WINDOWS\Installer\509e4a.msi Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F2FDFE0D6387BE43AD230B83D1FBFA2]C:\WINDOWS\Installer\47a2dc.msi SketchUp Pro 8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E9EFB8E6C50FF4F4BA4ABF289FFAF289]C:\WINDOWS\Installer\afe874.msi TIPCI [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE9FC6B7B2BCA1A4189AEBA1094496A0]C:\WINDOWS\Installer\176655.msi WebFldrs XP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3149C053C7D38EE4AB9A00CB3B5D2472]C:\WINDOWS\Installer\20ad7.msi WIDCOMM Bluetooth Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\569CE4F3FE823C540B36402BD5E46997]C:\WINDOWS\Installer\423c4.msi ==== Empty Folders Check ====================== C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Documents and Settings\Microsoft User\daemonprocess.txt deleted C:\Documents and Settings\Microsoft User\.android deleted C:\Program Files\Mobogenie deleted C:\Documents and Settings\Microsoft User\Application Data\ZoomBrowser EX deleted C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Mobogenie deleted C:\Documents and Settings\Microsoft User\Local Settings\Application Data\cache deleted C:\Documents and Settings\Microsoft User\Mijn documenten\Mobogenie deleted C:\Documents and Settings\MICROS~1\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\firefox@ghostery.com.xpi deleted C:\Documents and Settings\MICROS~1\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\jetpack deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\MICROS~1\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-02-15 14:50:58 -------- d-----w- C:\Program Files\Comodo ======= C: ===== 2014-02-15 15:13:07 DAD3166B2C6207A957C6A3D982856817 2202 ----a-w- C:\DelFix.txt ====== C:\Documents and Settings\Microsoft User\Application Data ====== 2014-03-08 10:34:30 -------- d-----w- C:\Documents and Settings\Microsoft User\Menu Start\Programma's\CyberLink PowerDVD 2014-02-15 14:59:25 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO ====== C:\Documents and Settings\Microsoft User ====== 2014-02-15 14:18:45 -------- d--h--r- C:\Documents and Settings\Microsoft User\Onlangs geopend ====== C: exe-files == 2014-03-06 18:19:00 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\mbam-setup-1.75.0.1300.exe 2014-03-05 18:18:58 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\RSIT.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-220523388-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" "RTHDCPL"="RTHDCPL.EXE" "AGRSMMSG"="AGRSMMSG.exe" "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe /automation" "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot" "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCameraAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CameraAssistant" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideo[inspector]] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InstallHelper" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Citrix XenApp.lnk" "backup"="C:\\WINDOWS\\pss\\Citrix XenApp.lnkCommon Startup" "command"="C:\\WINDOWS\\Installer\\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe " "item"="Citrix XenApp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\McAfee Security Scan Plus.lnk" "backup"="C:\\WINDOWS\\pss\\McAfee Security Scan Plus.lnkCommon Startup" "command"="C:\\PROGRA~1\\MCAFEE~1\\30D80A~1.285\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/02/2014 10:55] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [17/12/2009 14:35] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\MICROS~1\Application Data\Mozilla\Firefox\Profiles\vn80b503.default - Garmin Communicator - C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash 63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner + 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions acpmciifilddgbomoffoilbopgjdjcfk - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha375\ch\WebexpEnhancedV1alpha375.crx[] bopakagnckmlgajfccecajhnimjiiedh - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {51818293-706D-4738-B3DF-034E626DBA3A} Google Url="http://www.google.be/search?hl=nl&source=hp&q={searchTerms}&meta=&aq=f&oq=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" -
computer doet soms traag en raar
dries V reageerde op dries V's topic in Archief Bestrijding malware & virussen
Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Microsoft User on za 08/03/2014 at 11:48:13,32. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used] ===== Runcheck 11:50:38,75 ===== --- Create Environment Variables 11:50:40,35 --- Checking Input 11:50:48,39 --- AU AppData Check 11:50:52,46 --- Windows Installer List 11:50:55,04 --- Empty Folders Check 11:52:08,12 --- IE Startpage Check 11:53:08,04 --- Program Files DB Check 11:53:42,67 --- C:\Documents and Settings\Administrator\Application Data DB Check 11:54:38,25 --- C:\Documents and Settings\Default User\Application Data DB Check 11:54:38,25 --- C:\Documents and Settings\LocalService\Application Data DB Check 11:54:38,25 --- C:\Documents and Settings\Microsoft User\Application Data DB Check 11:54:38,25 --- C:\Documents and Settings\NetworkService\Application Data DB Check 11:54:38,25 --- C:\WINDOWS\system32\config\systemprofile\Application Data DB Check 11:54:38,25 --- C:\Documents and Settings\Microsoft User DB Check 11:56:29,46 --- C:\DOCUME~1\ALLUSE~1\APPLIC~1 DB Check 11:56:47,68 --- C:\Documents and Settings\Administrator\Local Settings\Application Data DB Check 11:56:48,31 --- C:\Documents and Settings\Default User\Local Settings\Application Data DB Check 11:56:48,31 --- C:\Documents and Settings\LocalService\Local Settings\Application Data DB Check 11:56:48,31 --- C:\Documents and Settings\Microsoft User\Local Settings\Application Data DB Check 11:56:48,31 --- C:\Documents and Settings\NetworkService\Local Settings\Application Data DB Check 11:56:48,31 --- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data DB Check 11:56:48,31 --- C:\Documents and Settings\All Users\Menu Start\Programma's DB Check 11:58:01,07 --- C:\Documents and Settings\Microsoft User\Menu Start\Programma's DB Check 11:58:09,95 --- Tasks DB Check 11:58:14,87 --- Tasks2 DB Check 11:58:17,95 --- Documents DB Check 11:58:39,28 --- Documents2 DB Check 11:58:42,57 --- C:\Documents and Settings\MICROS~1\Application Data\Mozilla\Firefox\Profiles\vn80b503.default DB Check 11:58:44,37 --- C:\Documents and Settings\All Users\Bureaublad DB Check 11:58:47,67 --- C:\Documents and Settings\Microsoft User\Bureaublad DB Check 11:58:50,95 --- Services DB Check 11:59:00,34 --- FF prefs.js DB Check 11:59:20,17 --- Del by CLSID 11:59:57,09 --- Delete Services 12:01:04,34 --- Delete files\folders 12:01:09,54 --- Create Backups 12:01:09,67 --- Recently Created 12:01:42,76 --- StartUp Information 12:04:32,93 --- Firefox Extensions 12:04:49,12 --- Firefox Plugins 12:04:49,62 --- Chrome Look 12:06:08,65 --- Create Backups 12:06:12,79 --- IEdefaults 12:06:13,10 --- Del from Uninstall List 12:06:39,21 -
computer doet soms traag en raar
dries V reageerde op dries V's topic in Archief Bestrijding malware & virussen
Malwarebytes Anti-Malware (PRO) 1.75.0.1300 Malwarebytes : Free Anti-Malware Databaseversie: v2014.03.06.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Microsoft User :: K314 [administrator] Bescherming: Uitgeschakeld 6/03/2014 19:25:24 mbam-log-2014-03-06 (19-25-24).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 251256 Verstreken tijd: 13 minuut/minuten, 14 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 1 HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@WebexpEnhancedV1alpha375.net (PUP.Optional.WebExpEnhanced.A) -> Data: C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha375\ff -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) -
computer doet soms traag en raar
dries V plaatste een topic in Archief Bestrijding malware & virussen
beste, mijn computer doet sinds kort soms raar, werkt zeer traag en blijft soms wat hangen kan iemand mijn logje bekijken. Logfile of random's system information tool 1.09 (written by random/random) Run by Microsoft User at 2014-03-05 19:19:09 Microsoft Windows XP Professional Service Pack 3 System drive C: has 6 GB (5%) free of 114 GB Total RAM: 1022 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:19:28, on 5/03/2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Samsung\Kies\Kies.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\RSIT.exe C:\Program Files\trend micro\Microsoft User.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 9850 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default prefs.js - "browser.search.suggest.enabled" - false prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "http://google.be/" prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6" prefs.js - "keyword.URL" - "http://www.google.com/search?btnG=Google+Search&q=" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "ext@WebexpEnhancedV1alpha375.net"=C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha375\ff [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 12.0.0.70 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin] "Description"=McAfee Mss Plugin "Path"=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ IICAClient.xpt nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ cgpcfg.dll CgpCore.dll confmgr.dll ctxlogging.dll ctxmui.dll ICAClObj.class icafile.dll icalogon.dll Microsoft.VC80.CRT.manifest msvcm80.dll msvcp80.dll msvcr80.dll npicaN.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll QuickTimePlugin.class sslsdk_b.dll TcpPServ.dll C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\ {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-27 16005120] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-16 88204] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-08 102491] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-08 692315] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2006-04-06 225280] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016] "GBMLite8AgentLaCie"=C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe [2008-08-26 189056] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-02-09 312376] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-05-23 311152] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2013-05-01 421888] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"=C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe [2008-08-26 189056] "KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-05-23 1561968] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2013-11-02 152392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [2006-04-06 331776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe [2006-04-06 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] C:\WINDOWS\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-10-03 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\30D80A~1.285\SSSCHE~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-04 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com" "C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor" "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe" "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour-service" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Games\World_of_Tanks\WoTLauncher.exe"="C:\Games\World_of_Tanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=lvcodec2.dll "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "VIDC.MPG4"=mpg4c32.dll "VIDC.MP42"=mpg4c32.dll ======List of files/folders created in the last 1 month====== 2014-03-05 19:19:09 ----D---- C:\rsit 2014-02-15 16:13:07 ----A---- C:\DelFix.txt 2014-02-15 15:53:49 ----D---- C:\Documents and Settings\All Users\Application Data\COMODO 2014-02-15 15:51:32 ----D---- C:\first_launch 2014-02-15 15:50:58 ----D---- C:\Program Files\Comodo 2014-02-15 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader 2014-02-15 15:07:31 ----D---- C:\Program Files\CCleaner 2014-02-15 10:52:18 ----A---- C:\WINDOWS\system32\XAudio2_7.dll 2014-02-15 10:52:18 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll 2014-02-15 10:52:17 ----A---- C:\WINDOWS\system32\xactengine3_7.dll 2014-02-15 10:52:17 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll 2014-02-15 10:52:16 ----A---- C:\WINDOWS\system32\d3dx11_43.dll 2014-02-15 10:52:16 ----A---- C:\WINDOWS\system32\d3dx10_43.dll 2014-02-15 10:52:16 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll 2014-02-15 10:52:15 ----A---- C:\WINDOWS\system32\D3DX9_43.dll 2014-02-15 10:52:14 ----A---- C:\WINDOWS\system32\XAudio2_6.dll 2014-02-15 10:52:14 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll 2014-02-15 10:52:14 ----A---- C:\WINDOWS\system32\xactengine3_6.dll 2014-02-15 10:52:14 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll 2014-02-15 10:52:13 ----A---- C:\WINDOWS\system32\XAudio2_5.dll 2014-02-15 10:52:13 ----A---- C:\WINDOWS\system32\xactengine3_5.dll 2014-02-15 10:52:12 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll 2014-02-15 10:52:10 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll 2014-02-15 10:52:09 ----A---- C:\WINDOWS\system32\d3dx11_42.dll 2014-02-15 10:52:08 ----A---- C:\WINDOWS\system32\D3DX9_42.dll 2014-02-15 10:52:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll 2014-02-15 10:52:07 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2014-02-15 10:52:07 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2014-02-15 10:52:05 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2014-02-15 10:52:04 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2014-02-15 10:52:04 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2014-02-15 10:52:04 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2014-02-15 10:52:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2014-02-15 10:52:03 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2014-02-15 10:52:03 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2014-02-15 10:52:02 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2014-02-15 10:52:02 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2014-02-15 10:52:02 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2014-02-15 10:52:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2014-02-15 10:52:01 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2014-02-15 10:52:00 ----A---- C:\WINDOWS\system32\XAudio2_2.dll 2014-02-15 10:52:00 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll 2014-02-15 10:52:00 ----A---- C:\WINDOWS\system32\xactengine3_2.dll 2014-02-15 10:51:59 ----A---- C:\WINDOWS\system32\D3DX9_39.dll 2014-02-15 10:51:59 ----A---- C:\WINDOWS\system32\d3dx10_39.dll 2014-02-15 10:51:59 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll 2014-02-15 10:51:58 ----A---- C:\WINDOWS\system32\XAudio2_1.dll 2014-02-15 10:51:58 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll 2014-02-15 10:51:58 ----A---- C:\WINDOWS\system32\xactengine3_1.dll 2014-02-15 10:51:57 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll 2014-02-15 10:51:57 ----A---- C:\WINDOWS\system32\d3dx10_38.dll 2014-02-15 10:51:57 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll 2014-02-15 10:51:56 ----A---- C:\WINDOWS\system32\XAudio2_0.dll 2014-02-15 10:51:56 ----A---- C:\WINDOWS\system32\D3DX9_38.dll 2014-02-15 10:51:55 ----A---- C:\WINDOWS\system32\xactengine3_0.dll 2014-02-15 10:51:54 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll 2014-02-15 10:51:54 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2014-02-15 10:51:54 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2014-02-15 10:51:54 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2014-02-15 10:51:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2014-02-15 10:51:52 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2014-02-15 10:51:52 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2014-02-15 10:51:52 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2014-02-15 10:51:51 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2014-02-15 10:51:50 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2014-02-15 10:51:50 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2014-02-15 10:51:50 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2014-02-15 10:51:49 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2014-02-15 10:51:49 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2014-02-15 10:51:47 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2014-02-15 10:51:47 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2014-02-15 10:51:47 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2014-02-15 10:51:46 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2014-02-15 10:51:42 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2014-02-15 10:51:41 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2014-02-15 10:51:41 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2014-02-15 10:51:39 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2014-02-15 10:51:39 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2014-02-15 10:51:38 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2014-02-15 10:51:37 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2014-02-15 10:51:36 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2014-02-15 10:51:36 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2014-02-15 10:51:36 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2014-02-15 10:51:35 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2014-02-15 10:51:35 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2014-02-15 10:51:35 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2014-02-15 10:51:34 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2014-02-15 10:51:33 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2014-02-15 10:51:28 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2014-02-15 10:51:28 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2014-02-15 10:51:28 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2014-02-15 10:51:27 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2014-02-15 10:51:27 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2014-02-15 10:51:26 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2014-02-15 10:51:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2014-02-15 10:51:25 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2014-02-15 10:51:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2014-02-15 10:51:21 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2014-02-15 10:49:32 ----HD---- C:\WINDOWS\msdownld.tmp 2014-02-15 10:49:25 ----D---- C:\WINDOWS\Logs 2014-02-15 10:49:21 ----D---- C:\Games 2014-02-13 20:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-13 19:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2904878$ 2014-02-13 08:55:40 ----D---- C:\Program Files\McAfee Security Scan ======List of files/folders modified in the last 1 month====== 2014-03-05 19:19:16 ----D---- C:\Program Files\Trend Micro 2014-03-05 19:19:15 ----D---- C:\WINDOWS\Prefetch 2014-03-05 18:36:28 ----D---- C:\WINDOWS\Temp 2014-03-05 18:20:55 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2014-03-05 18:20:48 ----D---- C:\WINDOWS\Registration 2014-03-05 18:20:30 ----D---- C:\WINDOWS 2014-03-05 18:20:28 ----D---- C:\WINDOWS\system32\Lang 2014-03-04 21:18:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2014-03-04 19:26:59 ----A---- C:\WINDOWS\NeroDigital.ini 2014-03-01 17:45:09 ----D---- C:\WINDOWS\system32\CatRoot2 2014-02-27 22:04:16 ----D---- C:\WINDOWS\system32 2014-02-21 10:55:54 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2014-02-19 20:05:00 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995 2014-02-15 17:47:02 ----D---- C:\WINDOWS\system32\drivers 2014-02-15 16:04:34 ----SHD---- C:\WINDOWS\Installer 2014-02-15 16:03:43 ----D---- C:\Program Files\Common Files 2014-02-15 16:03:34 ----HD---- C:\WINDOWS\inf 2014-02-15 15:50:58 ----RD---- C:\Program Files 2014-02-15 15:28:45 ----D---- C:\Program Files\Mozilla Firefox 2014-02-15 15:26:00 ----D---- C:\Program Files\Mozilla Maintenance Service 2014-02-15 15:19:06 ----D---- C:\Documents and Settings\Microsoft User\Application Data\BitTorrent 2014-02-15 15:19:06 ----D---- C:\Documents and Settings\Microsoft User\Application Data\Azureus 2014-02-15 15:18:46 ----D---- C:\WINDOWS\Debug 2014-02-15 14:32:17 ----D---- C:\WINDOWS\system32\Restore 2014-02-15 10:52:33 ----D---- C:\WINDOWS\WinSxS 2014-02-15 10:52:21 ----D---- C:\WINDOWS\system32\DirectX 2014-02-15 10:51:33 ----RSD---- C:\WINDOWS\assembly 2014-02-15 10:51:15 ----D---- C:\WINDOWS\Microsoft.NET 2014-02-13 20:05:27 ----RSHDC---- C:\WINDOWS\system32\dllcache 2014-02-13 20:03:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-13 20:00:08 ----D---- C:\WINDOWS\system32\MRT 2014-02-13 19:56:41 ----A---- C:\WINDOWS\system32\MRT.exe 2014-02-13 19:56:23 ----D---- C:\Program Files\Internet Explorer 2014-02-13 19:55:57 ----D---- C:\WINDOWS\ie8updates 2014-02-06 04:38:34 ----A---- C:\WINDOWS\system32\wininet.dll 2014-02-06 00:08:31 ----N---- C:\WINDOWS\system32\occache.dll 2014-02-06 00:08:31 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\urlmon.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\url.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\mstime.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\mshtmled.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\mshtml.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\msfeeds.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\licmgr10.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\jsproxy.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\iertutil.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\iepeers.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\ieframe.dll 2014-02-06 00:08:31 ----A---- C:\WINDOWS\system32\corpol.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-10 19840] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928] R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000] R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-02-09 112096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-02 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-24 83392] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-04 1522688] R3 btaudio;Bluetooth-audioapparaat; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-05 328061] R3 BTKRNL;Bluetooth bus-enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-05 850282] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920] R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 1097472] R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2006-04-06 39424] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288] R3 rtl8139;NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BTDriver;Bluetooth virtuele-communicatiestuurprogramma; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-05 30459] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-05 148900] S3 catchme;catchme; \??\C:\DOCUME~1\MICROS~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-05-02 83864] S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2013-05-22 20032] S3 MHNDRV;MHN-stuurprogramma; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-05-02 181912] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976] S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-04 405504] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-05 266295] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560] R2 ehSched;Media Center-taakplanner; C:\WINDOWS\eHome\ehSched.exe [2004-08-30 102912] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-04-06 86016] R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 553288] S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-13 118896] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- -
hij heeft 2dingen gevonden met volgende gegevens C:\Program Files\Avira\Antivir Desktop\shlext.dll en Apartment
-
als ik mijn pc in veilige modus opstart, en combofix laat draaien krijg ik nog altijd de zelfde melding
-
wat bedoel je met het draaien van combofix in veilige modus, is dit windows opstarten in veilige modus?
-
als ik combofix laat lopen krijg ik nog altijd de zelfde melding voor het starten van de scan
-
Zoek.exe Version 4.0.0.4 Updated 07-October-2013 Tool run by Microsoft User on di 08/10/2013 at 12:58:19,04. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Microsoft User\Bureaublad\zoek.exe [script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-10-06-192546.log 16277 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\avkmgr deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\avkmgr deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avkmgr deleted successfully ==== Deleting Files \ Folders ====================== "C:\Program Files\Avira" not found "c:\program files\pazera-software" deleted "C:\Qoobox" deleted ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U40 AF661355EBAB898EB92D5454AEF93CE0 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.400.43 E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash 148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In 75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner + AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 C1680C34DE8A405C8829AB93236576FD - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\WINDOWS\system32\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® 7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {51818293-706D-4738-B3DF-034E626DBA3A} Google Url="http://www.google.be/search?hl=nl&source=hp&q={searchTerms}&meta=&aq=f&oq=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\Microsoft User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\MICROS~1\LOCALS~1\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\Microsoft User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 08/10/2013 at 15:05:47,90 ======================
-
ja, ik krijg nog altijd de melding AntiVir Removal Tool 3.0 © 2006 Avira GmbH Removal Tool for: Sober.J/P/Y TR/Spy.Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3 W32/Stanit.A Worm/NetSky.P Version: 3.0.1.16, May 28 2008 15:11:17 Use /? to list all available command line options - Saving results to logfile "tool_en.log". - Host: "K314", IP: 192.168.0.213 Scanning memory... done No malware found in memory Scanning drive C: ... No malware found on hard drives scan results: scanned directories: 15193
-
# AdwCleaner v3.006 - Report created 06/10/2013 at 22:32:05 # Updated 01/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Microsoft User - K314 # Running from : C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\adwcleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [Tubesaver@istqt.co] Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tubesaver@istqt.co Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lucky leap Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tubesaver@istqt.co ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (nl) [ File : C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\prefs.js ] ************************* AdwCleaner[R0].txt - [4285 octets] - [05/10/2013 10:05:04] AdwCleaner[R1].txt - [4156 octets] - [06/10/2013 22:31:19] AdwCleaner[s0].txt - [4155 octets] - [06/10/2013 22:32:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4215 octets] ##########
-
Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by Microsoft User on zo 06/10/2013 at 21:09:22,57. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Microsoft User\Bureaublad\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 6/10/2013 21:12:31 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AntiVirService deleted successfully ==== FireFox Fix ====================== Deleted from C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.be/"); user_pref("browser.search.selectedEngine", "Google"); Added to C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AntiVirService"=- "AntiVirSchedulerService"=- ==== Deleting Files \ Folders ====================== "C:\Program Files\Avira" not found "C:\WINDOWS\002797_.tmp" deleted "C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}" deleted "C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}" deleted "C:\Program Files\TubeSaver" deleted "C:\Program Files\MyFree Codec" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\MICROS~1\LOCALS~1\Temp ==== ====== Java Cache ===== 2013-09-15 17:20:04 86EAEE123BFD25B5C9B66586487CCD6A 400 ----a-w- C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\764fb46-7dbeaaa0 2013-09-21 12:58:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3a207aa5 ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2013-09-15 17:07:46 -------- d-----w- C:\Program Files\Common Files\Java 2013-09-09 18:46:53 -------- d-----w- C:\Program Files\pazera-software ======= C: ===== ====== C:\Documents and Settings\Microsoft User\Application Data ====== 2013-10-06 19:02:43 -------- d-----w- C:\Documents and Settings\Microsoft User\Menu Start\Programma's\CyberLink PowerDVD 2013-09-11 17:09:27 1698037AAE1E1FA8532063FE762D0DF9 71544 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ====== C:\Documents and Settings\Microsoft User ====== 2013-10-05 17:26:58 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies ====== C: exe-files == 2013-10-06 12:42:07 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\RSIT(1).exe 2013-10-05 08:08:15 60CEFABAC2C573B266B567534CE7567E 1178424 ----a-w- C:\Documents and Settings\Microsoft User\Bureaublad\mbar\mbar.exe 2013-10-05 08:08:15 373A0226FCB397B0C4031AD27FC429EE 757048 ----a-w- C:\Documents and Settings\Microsoft User\Bureaublad\mbar\Plugins\fixdamage.exe 2013-10-05 08:07:59 E6F3BBBCD31AB4CE97782C66551903FB 12907592 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\mbar-1.07.0.1005.exe 2013-10-05 08:04:50 5611140E8CC5927D371C27EA1F9E71A6 1045226 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\adwcleaner.exe 2013-10-04 17:29:39 A0E9A27B051ACEB918F7DBB88BBF3DB3 5552488 ----a-w- C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\spsetup123.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-220523388-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" "RTHDCPL"="RTHDCPL.EXE" "AGRSMMSG"="AGRSMMSG.exe" "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe /automation" "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot" "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCameraAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CameraAssistant" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideo[inspector]] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InstallHelper" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Citrix XenApp.lnk" "backup"="C:\\WINDOWS\\pss\\Citrix XenApp.lnkCommon Startup" "command"="C:\\WINDOWS\\Installer\\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe " "item"="Citrix XenApp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\McAfee Security Scan Plus.lnk" "backup"="C:\\WINDOWS\\pss\\McAfee Security Scan Plus.lnkCommon Startup" "command"="C:\\PROGRA~1\\MCAFEE~1\\30D80A~1.285\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/09/2013 09:55] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - lucky leap - %ProfilePath%\extensions\firefox@luckyleap.net.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default CA0E1DFBE480CF0BE13A0883BEB378B6 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U40 AF661355EBAB898EB92D5454AEF93CE0 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.400.43 E5AF72B7353FF8D431A7C463A4229524 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash 148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In 75300E5ED4CD5B4363C3DBBB2D03269C - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner + AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3 2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3 B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3 3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3 C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3 45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3 9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3 C1680C34DE8A405C8829AB93236576FD - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\WINDOWS\system32\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® 7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Deleting Files \ Folders ====================== "C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\firefox@luckyleap.net.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ojcdnngpmbenohhjlickdajclhbcaada - C:\Program Files\TubeSaver\133.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{51818293-706D-4738-B3DF-034E626DBA3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {51818293-706D-4738-B3DF-034E626DBA3A} Google Url="http://www.google.be/search?hl=nl&source=hp&q={searchTerms}&meta=&aq=f&oq=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Microsoft User\Local Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\Microsoft User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Microsoft User\Local Settings\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\MICROS~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\Microsoft User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 06/10/2013 at 21:25:46,28 ====================== - - - Updated - - - het probleem met de teksten die verschijnen als ik op een link sta is weg. maar als ik combofix terug start krijg ik terug de melding dat avira nog aan staat
-
Logfile of random's system information tool 1.09 (written by random/random) Run by Microsoft User at 2013-10-06 14:42:30 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (21%) free of 114 GB Total RAM: 1022 MB (19% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:42:36, on 6/10/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Samsung\Kies\Kies.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Microsoft User\Mijn documenten\Downloads\RSIT(1).exe C:\Program Files\trend micro\Microsoft User.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [ (A0)] cmd /c "C:\Documents and Settings\Microsoft User\Bureaublad\mbar\mbar.exe" /rdv /s O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 9442 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default prefs.js - "browser.startup.homepage" - "http://www.google.be/" prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6" "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.8.800.168 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.40.2] "Description"=Java™ Deployment Toolkit "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin] "Description"=McAfee Mss Plugin "Path"=C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ IICAClient.xpt nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\plugins\ cgpcfg.dll CgpCore.dll confmgr.dll ctxlogging.dll ctxmui.dll ICAClObj.class icafile.dll icalogon.dll Microsoft.VC80.CRT.manifest msvcm80.dll msvcp80.dll msvcr80.dll npicaN.dll nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npqtplugin7.dll QuickTimePlugin.class sslsdk_b.dll TcpPServ.dll C:\Documents and Settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\ {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} {20a82645-c095-46ed-80e3-08825760534b} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-15 462248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-15 171944] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-02-27 16005120] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-16 88204] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-08 102491] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-08 692315] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2006-04-06 225280] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2006-03-30 471040] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016] "GBMLite8AgentLaCie"=C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe [2008-08-26 189056] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2012-02-09 312376] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-10-25 421888] "KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-05-23 311152] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] " (A0)"=cmd /c C:\Documents and Settings\Microsoft User\Bureaublad\mbar\mbar.exe /rdv /s [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"=C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe [2008-08-26 189056] "KiesPreload"=C:\Program Files\Samsung\Kies\Kies.exe [2013-05-23 1561968] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2012-09-09 421776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [2006-04-06 331776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe [2006-04-06 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] C:\WINDOWS\Installer\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-10-03 73728] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] C:\PROGRA~1\MCAFEE~1\30D80A~1.285\SSSCHE~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 "AntiVirService"=2 "AntiVirSchedulerService"=2 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-04 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com" "C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor" "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe" "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=lvcodec2.dll "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "VIDC.MPG4"=mpg4c32.dll "VIDC.MP42"=mpg4c32.dll ======List of files/folders created in the last 1 month====== 2013-10-05 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-05 10:08:22 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2013-10-05 10:05:02 ----D---- C:\AdwCleaner 2013-10-05 09:13:54 ----SHD---- C:\RECYCLER 2013-10-04 20:09:22 ----A---- C:\ComboFix.txt 2013-10-01 19:37:41 ----D---- C:\Program Files\Mozilla Firefox 2013-09-15 19:07:46 ----D---- C:\Program Files\Common Files\Java 2013-09-15 19:07:37 ----A---- C:\WINDOWS\system32\javaws.exe 2013-09-15 19:07:29 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-09-15 19:07:29 ----A---- C:\WINDOWS\system32\javaw.exe 2013-09-15 19:07:29 ----A---- C:\WINDOWS\system32\java.exe 2013-09-15 18:55:37 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-09-15 18:30:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-15 18:30:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-15 18:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$ 2013-09-15 18:19:13 ----D---- C:\Program Files\TubeSaver 2013-09-09 20:46:53 ----D---- C:\Program Files\pazera-software 2013-09-09 18:03:55 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem #3.txt ======List of files/folders modified in the last 1 month====== 2013-10-06 14:42:32 ----D---- C:\Program Files\Trend Micro 2013-10-06 14:42:23 ----D---- C:\WINDOWS\Prefetch 2013-10-05 15:18:28 ----D---- C:\WINDOWS\system32\drivers 2013-10-05 09:34:52 ----D---- C:\WINDOWS\system32\Lang 2013-10-05 09:34:50 ----D---- C:\WINDOWS\Temp 2013-10-05 09:34:50 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt 2013-10-05 09:34:46 ----D---- C:\WINDOWS 2013-10-05 09:34:33 ----D---- C:\WINDOWS\Registration 2013-10-05 09:32:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-10-05 09:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995 2013-10-04 23:04:47 ----D---- C:\WINDOWS\system32\CatRoot2 2013-10-04 20:09:25 ----D---- C:\Qoobox 2013-10-04 20:06:57 ----A---- C:\WINDOWS\system.ini 2013-10-04 20:06:45 ----D---- C:\WINDOWS\system32\drivers\etc 2013-10-04 20:06:11 ----RD---- C:\Program Files 2013-10-04 20:03:13 ----D---- C:\WINDOWS\system32 2013-10-04 20:03:13 ----D---- C:\WINDOWS\AppPatch 2013-10-04 19:41:09 ----D---- C:\Program Files\Common Files 2013-10-04 19:30:05 ----D---- C:\Program Files\Speccy 2013-10-02 08:21:16 ----D---- C:\Program Files\Mozilla Maintenance Service 2013-09-21 09:55:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-18 17:57:09 ----HD---- C:\WINDOWS\inf 2013-09-16 20:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2013-09-16 20:53:38 ----SD---- C:\WINDOWS\Tasks 2013-09-15 19:07:46 ----SHD---- C:\WINDOWS\Installer 2013-09-15 19:07:15 ----A---- C:\WINDOWS\system32\npdeployJava1.dll 2013-09-15 19:07:15 ----A---- C:\WINDOWS\system32\deployJava1.dll 2013-09-15 18:32:14 ----RSHDC---- C:\WINDOWS\system32\dllcache 2013-09-15 18:32:11 ----D---- C:\Program Files\Internet Explorer 2013-09-15 18:31:47 ----D---- C:\WINDOWS\ie8updates 2013-09-15 18:31:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-09-15 18:30:51 ----A---- C:\WINDOWS\imsins.BAK 2013-09-15 18:08:15 ----A---- C:\WINDOWS\NeroDigital.ini 2013-09-15 18:05:30 ----A---- C:\WINDOWS\system32\MRT.exe 2013-09-09 20:57:00 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt 2013-09-09 20:46:47 ----D---- C:\WINDOWS\WinSxS 2013-09-09 19:44:55 ----D---- C:\Documents and Settings\Microsoft User\Application Data\Azureus 2013-09-09 18:22:19 ----D---- C:\Program Files\Vuze ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-10 19840] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928] R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000] R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2012-02-09 112096] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-09-02 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-25 83392] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-16 1124097] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-04 1522688] R3 btaudio;Bluetooth-audioapparaat; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-05 328061] R3 BTKRNL;Bluetooth bus-enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-05 850282] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920] R3 lv321av;Logitech USB PC Camera (VC0321); C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 1097472] R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2006-04-06 39424] R3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288] R3 rtl8139;NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-08 191456] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BTDriver;Bluetooth virtuele-communicatiestuurprogramma; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-05 30459] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-05 148900] S3 catchme;catchme; \??\C:\DOCUME~1\MICROS~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-05-02 83864] S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2013-05-22 20032] S3 MHNDRV;MHN-stuurprogramma; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-05-02 181912] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-04 405504] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-05 266295] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560] R2 ehSched;Media Center-taakplanner; C:\WINDOWS\eHome\ehSched.exe [2004-08-30 102912] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-09-15 182696] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-04-06 86016] R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21 257416] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-09-09 821648] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-01 118680] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
-
neen, dit is opgelost toen ik de ventilator terug gemaakt hebt. sorry, heb proberen afbeeldingen te laden. 2 de poging mijn laptop valt niet meer uit, reden was dus dat ventilator vast zat. maar ik heb wel nog altijd 2 rare dingen: 1) als ik ophyperlinks kom te staan met mijn muis op een site, komen er rare teksten te voorschijn zie afbeelding hierna ook als ik combofix start krijg ik telkens de melding dat AVira nog actief is, maar dit staat niet op mij computer.
-
ComboFix 13-10-04.02 - Microsoft User 04/10/2013 19:34:52.11.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.550 [GMT 2:00] Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Microsoft User\Bureaublad\CFScript.txt AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\a5d4c1127107c5262fd20055873f c:\a5d4c1127107c5262fd20055873f\mrt.exe._p c:\a5d4c1127107c5262fd20055873f\mrtstub.exe c:\program files\MyPC Backup c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-04 to 2013-10-04 )))))))))))))))))))))))))))))) . . 2013-09-15 17:07 . 2013-09-15 17:07 -------- d-----w- c:\program files\Common Files\Java 2013-09-15 17:07 . 2013-09-15 17:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-15 16:55 . 2013-09-21 07:55 3723656 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-09-15 16:19 . 2013-09-16 18:53 -------- d-----w- c:\program files\TubeSaver 2013-09-09 18:46 . 2013-09-09 18:46 -------- d-----w- c:\program files\pazera-software 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-21 07:55 . 2012-07-14 10:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-21 07:55 . 2011-05-25 08:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-15 17:07 . 2012-08-08 20:49 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-09-15 17:07 . 2012-08-08 20:49 868264 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-09-15 17:07 . 2012-01-14 22:11 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-09 01:56 . 2004-09-02 12:00 391168 ----a-w- c:\windows\system32\themeui.dll 2013-08-08 06:09 . 2004-09-02 12:00 1877888 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 06:05 . 2004-09-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05 . 2004-09-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-08-08 06:05 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-08-08 00:04 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-08-05 13:30 . 2004-09-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll 2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-10 10:37 . 2004-09-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll 2008-08-16 15:42 . 2013-10-01 17:37 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2013-10-01 17:37 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2013-10-01 17:37 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2013-10-01 17:37 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2013-10-01 17:37 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2013-10-01 17:37 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2013-10-01 17:37 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2013-10-01 17:37 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2013-10-01 17:37 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2013-10-01 17:37 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2013-10-01 17:37 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2013-10-01 17:37 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-05-23 1561968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] 2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] 2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 14:17 36000] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [31/08/2013 10:24 418376] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 12:39 1097472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/08/2013 10:24 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/08/2013 10:24 701512] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 18:28 20160] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [23/06/2013 11:26 83864] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [23/06/2013 11:17 20032] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [5/02/2013 17:48 235216] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [23/06/2013 11:26 181912] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ136 *Deregistered* - cpuz136 . Inhoud van de 'Gedeelde Taken' map . 2013-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 07:55] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2013-08-30 05:34; firefox@luckyleap.net; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\firefox@luckyleap.net.xpi FF - ExtSQL: 2013-09-15 18:19; Tubesaver@istqt.co; c:\program files\TubeSaver\133.xpi FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-10-04 20:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2013-10-04 20:09:21 ComboFix-quarantined-files.txt 2013-10-04 18:09 ComboFix2.txt 2013-10-03 16:40 ComboFix3.txt 2013-09-16 19:19 ComboFix4.txt 2013-04-22 17:59 ComboFix5.txt 2013-10-04 17:33 . Pre-Run: 25.147.797.504 bytes beschikbaar Post-Run: 25.135.984.640 bytes beschikbaar . - - End Of File - - F1673FFC03EA84259951FD24D255A5CF 3051207086651214E435112E51817DC5 http://speccy.piriform.com/results/gt04nE4cQEuVPoim5scmWv6
-
was via speccy dat ik keek naar de temperatuur, bleek dat processor in de 90°C had, mijn ventilator werkte niet, nu ondertussen wel terug, zat vast
-
hier het log bestand van het programma ComboFix 13-10-03.03 - Microsoft User 03/10/2013 18:28:04.10.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.504 [GMT 2:00] Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-03 to 2013-10-03 )))))))))))))))))))))))))))))) . . 2013-09-15 17:07 . 2013-09-15 17:07 -------- d-----w- c:\program files\Common Files\Java 2013-09-15 17:07 . 2013-09-15 17:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-15 16:55 . 2013-09-21 07:55 3723656 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-09-15 16:19 . 2013-09-16 18:53 -------- d-----w- c:\program files\TubeSaver 2013-09-15 16:04 . 2013-09-15 16:12 -------- d-----w- C:\a5d4c1127107c5262fd20055873f 2013-09-09 18:47 . 2013-09-11 17:15 -------- d-----w- c:\program files\MyPC Backup 2013-09-09 18:46 . 2013-09-09 18:46 -------- d-----w- c:\program files\pazera-software 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-21 07:55 . 2012-07-14 10:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-21 07:55 . 2011-05-25 08:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-15 17:07 . 2012-08-08 20:49 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-09-15 17:07 . 2012-08-08 20:49 868264 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-09-15 17:07 . 2012-01-14 22:11 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-09 01:56 . 2004-09-02 12:00 391168 ----a-w- c:\windows\system32\themeui.dll 2013-08-08 06:09 . 2004-09-02 12:00 1877888 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 06:05 . 2004-09-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05 . 2004-09-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-08-08 06:05 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-08-08 00:04 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-08-05 13:30 . 2004-09-02 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll 2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-10 10:37 . 2004-09-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll 2008-08-16 15:42 . 2013-10-01 17:37 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2013-10-01 17:37 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2013-10-01 17:37 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2013-10-01 17:37 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2013-10-01 17:37 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2013-10-01 17:37 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2013-10-01 17:37 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2013-10-01 17:37 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2013-10-01 17:37 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2013-10-01 17:37 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2013-10-01 17:37 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2013-10-01 17:37 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-05-23 1561968] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] 2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] 2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 14:17 36000] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [31/08/2013 10:24 418376] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 12:39 1097472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/08/2013 10:24 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/08/2013 10:24 701512] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 18:28 20160] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [23/06/2013 11:26 83864] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [23/06/2013 11:17 20032] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [5/02/2013 17:48 235216] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [23/06/2013 11:26 181912] . Inhoud van de 'Gedeelde Taken' map . 2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 07:55] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2013-08-30 05:34; firefox@luckyleap.net; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\firefox@luckyleap.net.xpi FF - ExtSQL: 2013-09-15 18:19; Tubesaver@istqt.co; c:\program files\TubeSaver\133.xpi FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-10-03 18:37 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2013-10-03 18:40:50 ComboFix-quarantined-files.txt 2013-10-03 16:40 ComboFix2.txt 2013-09-16 19:19 ComboFix3.txt 2013-04-22 17:59 ComboFix4.txt 2013-01-10 17:57 ComboFix5.txt 2013-10-03 16:25 . Pre-Run: 25.157.705.728 bytes beschikbaar Post-Run: 25.153.015.808 bytes beschikbaar . - - End Of File - - 2D6ADAD475000AF2E9F8C865C4CB55E0 3051207086651214E435112E51817DC5
-
beste, het gebeurd soms dat mijn laptop zomaar zonder reden uitvalt. Als ik mij Malwarebytes Anti-Malware mag geloven is er geen spam aanwezig op mijn computer hieronder vind je een log bestandje van Hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:55:20, on 2/10/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Samsung\Kies\Kies.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 9255 bytes kan iemand dit nazien of er alles oké is. mvg, Dries
-
ja, er staat nog een snelkoppeling op mijn bureaublad, en via start, alle programma's heb ik nog een map Avira, maar alles wat erin staat kan niet geopend worden, vind niets terug
-
Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "c:\program files\Avira" deleted successfully. Completed script processing. ******************* Finished! Terminate.
-
hier de file ComboFix 13-01-08.01 - Microsoft User 10/01/2013 18:38:16.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.434 [GMT 1:00] Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Microsoft User\Bureaublad\CFScript.txt AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Avira c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INI c:\documents and settings\Microsoft User\Application Data\Avira c:\program files\Avira\AntiVir Desktop\aebb.dll c:\program files\Avira\AntiVir Desktop\aecore.dll c:\program files\Avira\AntiVir Desktop\aeemu.dll c:\program files\Avira\AntiVir Desktop\aeexp.dll c:\program files\Avira\AntiVir Desktop\aegen.dll c:\program files\Avira\AntiVir Desktop\aehelp.dll c:\program files\Avira\AntiVir Desktop\aeheur.dll c:\program files\Avira\AntiVir Desktop\aeoffice.dll c:\program files\Avira\AntiVir Desktop\aepack.dll c:\program files\Avira\AntiVir Desktop\aerdl.dll c:\program files\Avira\AntiVir Desktop\aesbx.dll c:\program files\Avira\AntiVir Desktop\aescn.dll c:\program files\Avira\AntiVir Desktop\aescript.dll c:\program files\Avira\AntiVir Desktop\aevdf.dll c:\program files\Avira\AntiVir Desktop\apnic.dll c:\program files\Avira\AntiVir Desktop\apnstub.exe c:\program files\Avira\AntiVir Desktop\apntoolbarinstaller.exe c:\program files\Avira\AntiVir Desktop\avacl.dll c:\program files\Avira\AntiVir Desktop\avarkt.dll c:\program files\Avira\AntiVir Desktop\avbb.dll c:\program files\Avira\AntiVir Desktop\avcenter.exe c:\program files\Avira\AntiVir Desktop\avconfig.cpl c:\program files\Avira\AntiVir Desktop\avconfig.dll c:\program files\Avira\AntiVir Desktop\avconfig.exe c:\program files\Avira\AntiVir Desktop\avconfigrc.dll c:\program files\Avira\AntiVir Desktop\avesvc.dll c:\program files\Avira\AntiVir Desktop\avesvcr.dll c:\program files\Avira\AntiVir Desktop\avevtlog.dll c:\program files\Avira\AntiVir Desktop\avevtrc.dll c:\program files\Avira\AntiVir Desktop\avghook.dll c:\program files\Avira\AntiVir Desktop\avgio.dll c:\program files\Avira\AntiVir Desktop\avgnt.exe c:\program files\Avira\AntiVir Desktop\avgntflt.cat c:\program files\Avira\AntiVir Desktop\avgntflt.inf c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avinet.dll c:\program files\Avira\AntiVir Desktop\avipbb.inf c:\program files\Avira\AntiVir Desktop\avipc.dll c:\program files\Avira\AntiVir Desktop\avkmgr.cat c:\program files\Avira\AntiVir Desktop\avkmgr.inf c:\program files\Avira\AntiVir Desktop\avmres.dll c:\program files\Avira\AntiVir Desktop\avnotify.dll c:\program files\Avira\AntiVir Desktop\avnotify.exe c:\program files\Avira\AntiVir Desktop\avpref.dll c:\program files\Avira\AntiVir Desktop\avreg.dll c:\program files\Avira\AntiVir Desktop\avrep.dll c:\program files\Avira\AntiVir Desktop\avrestart.exe c:\program files\Avira\AntiVir Desktop\avscan.dll c:\program files\Avira\AntiVir Desktop\avscan.exe c:\program files\Avira\AntiVir Desktop\avscplr.dll c:\program files\Avira\AntiVir Desktop\avsda.dll c:\program files\Avira\AntiVir Desktop\avsda64.dll c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Avira\AntiVir Desktop\avsmtp.dll c:\program files\Avira\AntiVir Desktop\avupgsvc.exe c:\program files\Avira\AntiVir Desktop\avwebgrc.dll c:\program files\Avira\AntiVir Desktop\avwebgrd.exe c:\program files\Avira\AntiVir Desktop\avwebloader.dll c:\program files\Avira\AntiVir Desktop\avwebloader.exe c:\program files\Avira\AntiVir Desktop\avwebloadergui.dll c:\program files\Avira\AntiVir Desktop\avwinll.dll c:\program files\Avira\AntiVir Desktop\avwmi.dll c:\program files\Avira\AntiVir Desktop\avwsc.exe c:\program files\Avira\AntiVir Desktop\ccavscanex.dll c:\program files\Avira\AntiVir Desktop\ccavscanexrc.dll c:\program files\Avira\AntiVir Desktop\ccev.dll c:\program files\Avira\AntiVir Desktop\ccevrc.dll c:\program files\Avira\AntiVir Desktop\ccevw.dll c:\program files\Avira\AntiVir Desktop\ccgen.dll c:\program files\Avira\AntiVir Desktop\ccgenrc.dll c:\program files\Avira\AntiVir Desktop\ccgenw.dll c:\program files\Avira\AntiVir Desktop\ccgrdrc.dll c:\program files\Avira\AntiVir Desktop\ccgrdw.dll c:\program files\Avira\AntiVir Desktop\ccguard.dll c:\program files\Avira\AntiVir Desktop\cchips.dll c:\program files\Avira\AntiVir Desktop\cchipsrc.dll c:\program files\Avira\AntiVir Desktop\cclic.dll c:\program files\Avira\AntiVir Desktop\cclicrc.dll c:\program files\Avira\AntiVir Desktop\cclicw.dll c:\program files\Avira\AntiVir Desktop\ccmainrc.dll c:\program files\Avira\AntiVir Desktop\ccmsg.dll c:\program files\Avira\AntiVir Desktop\ccmsgrc.dll c:\program files\Avira\AntiVir Desktop\ccprofil.dll c:\program files\Avira\AntiVir Desktop\ccquamgr.dll c:\program files\Avira\AntiVir Desktop\ccquarc.dll c:\program files\Avira\AntiVir Desktop\ccquaw.dll c:\program files\Avira\AntiVir Desktop\ccreporc.dll c:\program files\Avira\AntiVir Desktop\ccreport.dll c:\program files\Avira\AntiVir Desktop\ccrepow.dll c:\program files\Avira\AntiVir Desktop\ccscanrc.dll c:\program files\Avira\AntiVir Desktop\ccscanw.dll c:\program files\Avira\AntiVir Desktop\ccsched.dll c:\program files\Avira\AntiVir Desktop\ccschedw.dll c:\program files\Avira\AntiVir Desktop\ccscherc.dll c:\program files\Avira\AntiVir Desktop\ccupdate.dll c:\program files\Avira\AntiVir Desktop\ccupdrc.dll c:\program files\Avira\AntiVir Desktop\ccupdw.dll c:\program files\Avira\AntiVir Desktop\ccwgrd.dll c:\program files\Avira\AntiVir Desktop\ccwgrdrc.dll c:\program files\Avira\AntiVir Desktop\ccwgrdw.dll c:\program files\Avira\AntiVir Desktop\ccwkrlib.dll c:\program files\Avira\AntiVir Desktop\cfglib.dll c:\program files\Avira\AntiVir Desktop\defaults.ini c:\program files\Avira\AntiVir Desktop\extdlgfw.dll c:\program files\Avira\AntiVir Desktop\fact.exe c:\program files\Avira\AntiVir Desktop\factrc.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aebb.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aecore.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeemu.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeexp.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aegen.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aeoffice.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aepack.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aesbx.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescn.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aescript.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\aevdf.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\avreg.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\avrep.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\avscplr.dll c:\program files\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll c:\program files\Avira\AntiVir Desktop\gpavgio.dll c:\program files\Avira\AntiVir Desktop\gpevtlog.dll c:\program files\Avira\AntiVir Desktop\gpgavid.dll c:\program files\Avira\AntiVir Desktop\gpgen.dll c:\program files\Avira\AntiVir Desktop\gpgenrep.dll c:\program files\Avira\AntiVir Desktop\gpgrd.dll c:\program files\Avira\AntiVir Desktop\gpgui.dll c:\program files\Avira\AntiVir Desktop\gpipc.dll c:\program files\Avira\AntiVir Desktop\gplegacy.dll c:\program files\Avira\AntiVir Desktop\gpschd.dll c:\program files\Avira\AntiVir Desktop\grdcore.dll c:\program files\Avira\AntiVir Desktop\guardgui.exe c:\program files\Avira\AntiVir Desktop\guardmsg.dll c:\program files\Avira\AntiVir Desktop\ipmgui.exe c:\program files\Avira\AntiVir Desktop\libdb44.dll c:\program files\Avira\AntiVir Desktop\licmgr.dll c:\program files\Avira\AntiVir Desktop\licmgr.exe c:\program files\Avira\AntiVir Desktop\luke.dll c:\program files\Avira\AntiVir Desktop\lukeres.dll c:\program files\Avira\AntiVir Desktop\mgrs.dll c:\program files\Avira\AntiVir Desktop\msgclient.dll c:\program files\Avira\AntiVir Desktop\netnt.dll c:\program files\Avira\AntiVir Desktop\onlcfg.dll c:\program files\Avira\AntiVir Desktop\rchelp.dll c:\program files\Avira\AntiVir Desktop\rcimage.dll c:\program files\Avira\AntiVir Desktop\rcnwload_de.dll c:\program files\Avira\AntiVir Desktop\rcnwload_en.dll c:\program files\Avira\AntiVir Desktop\rcnwload_es.dll c:\program files\Avira\AntiVir Desktop\rcnwload_fr.dll c:\program files\Avira\AntiVir Desktop\rcnwload_it.dll c:\program files\Avira\AntiVir Desktop\rcnwload_jp.dll c:\program files\Avira\AntiVir Desktop\rcnwload_ko.dll c:\program files\Avira\AntiVir Desktop\rcnwload_nl.dll c:\program files\Avira\AntiVir Desktop\rcnwload_pt.dll c:\program files\Avira\AntiVir Desktop\rcnwload_ru.dll c:\program files\Avira\AntiVir Desktop\rcnwload_tr.dll c:\program files\Avira\AntiVir Desktop\rcnwload_zhcn.dll c:\program files\Avira\AntiVir Desktop\rcnwload_zhtw.dll c:\program files\Avira\AntiVir Desktop\rctext.dll c:\program files\Avira\AntiVir Desktop\restartrc.dll c:\program files\Avira\AntiVir Desktop\scewxmlw.dll c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\schedr.dll c:\program files\Avira\AntiVir Desktop\setup.dll c:\program files\Avira\AntiVir Desktop\setup.exe c:\program files\Avira\AntiVir Desktop\shlext.dll c:\program files\Avira\AntiVir Desktop\sqlite3.dll c:\program files\Avira\AntiVir Desktop\ssmdrv.inf c:\program files\Avira\AntiVir Desktop\unacev2.dll c:\program files\Avira\AntiVir Desktop\update.dll c:\program files\Avira\AntiVir Desktop\update.exe c:\program files\Avira\AntiVir Desktop\updaterc.dll c:\program files\Avira\AntiVir Desktop\updext.dll c:\program files\Avira\AntiVir Desktop\updgui.dll c:\program files\Avira\AntiVir Desktop\updguirc.dll c:\program files\Avira\AntiVir Desktop\updrgui.exe c:\program files\Avira\AntiVir Desktop\webcat.dll c:\program files\Avira\AntiVir Desktop\webcatrc.dll c:\program files\Avira\AntiVir Desktop\wksstats.dll c:\program files\Avira . . . . konden niet verwijderd worden . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ANTIVIRSCHEDULERSERVICE -------\Service_AntiVirSchedulerService . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))) . . 2013-01-05 12:32 . 2013-01-05 12:32 -------- d-----w- c:\windows\system32\wbem\Repository 2013-01-05 12:28 . 2013-01-05 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 12:28 . 2013-01-06 16:12 -------- d-----w- c:\program files\Online Armor 2013-01-05 12:28 . 2013-01-05 12:28 -------- d-----w- c:\program files\Avira 2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\Common Files\Mcafee 2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\McAfee 2012-12-20 10:30 . 2012-04-13 19:33 161144 ----a-r- c:\windows\system32\mfevtps.exe.595c.deleteme 2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 17:55 . 2013-01-10 17:55 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-01-05 13:56 . 2012-07-14 10:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-05 13:55 . 2011-05-25 08:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(2).dll 2012-11-29 18:18 . 2012-11-29 18:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-29 18:18 . 2012-08-08 20:49 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-29 18:18 . 2012-01-14 22:11 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-13 11:55 . 2004-09-02 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(3).dll 2012-11-02 02:03 . 2004-09-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-09-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-28 08:10 . 2012-10-28 08:10 556 ----a-w- c:\windows\_MSSETUP.BAT 2012-10-28 08:10 . 2012-10-28 08:10 9813 ----a-w- c:\windows\_MSRSTRT.EXE 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2008-08-16 15:42 . 2013-01-06 16:14 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2013-01-06 16:14 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2013-01-06 16:14 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2013-01-06 16:14 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2013-01-06 16:14 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2013-01-06 16:14 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2013-01-06 16:14 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2013-01-06 16:14 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2013-01-06 16:14 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2013-01-06 16:14 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2013-01-06 16:14 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2013-01-06 16:14 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2013-01-06 16:14 . 2013-01-06 16:14 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll [-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] 2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] 2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 13:17 36000] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 11:39 1097472] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 17:28 20160] . Inhoud van de 'Gedeelde Taken' map . 2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 17:55] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 195.130.130.133 195.130.131.133 FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-29 19:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-01-10 18:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\windows\system32\FlashPlayerInstaller.exe 15739912 bytes executable . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(7968) c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\eHome\ehmsas.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2013-01-10 18:57:55 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-10 17:57 ComboFix2.txt 2013-01-08 19:36 ComboFix3.txt 2013-01-06 20:07 ComboFix4.txt 2012-12-07 21:55 ComboFix5.txt 2013-01-10 17:36 . Pre-Run: 31.664.074.752 bytes beschikbaar Post-Run: 31.427.293.184 bytes beschikbaar . - - End Of File - - 1ECF33E39E449CADA6CEE1DE9FE73E62
-
sorry mijn fout hier is het combo logje: ComboFix 13-01-08.01 - Microsoft User 08/01/2013 20:25:49.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.493 [GMT 1:00] Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-08 to 2013-01-08 )))))))))))))))))))))))))))))) . . 2013-01-05 12:32 . 2013-01-05 12:32 -------- d-----w- c:\windows\system32\wbem\Repository 2013-01-05 12:28 . 2013-01-05 12:28 -------- d-----w- c:\documents and settings\Microsoft User\Application Data\Avira 2013-01-05 12:28 . 2013-01-05 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2013-01-05 12:28 . 2013-01-05 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-05 12:28 . 2013-01-06 16:12 -------- d-----w- c:\program files\Online Armor 2013-01-05 12:28 . 2013-01-05 12:28 -------- d-----w- c:\program files\Avira 2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\Common Files\Mcafee 2012-12-20 10:38 . 2013-01-05 12:28 -------- d-----w- c:\program files\McAfee 2012-12-20 10:30 . 2012-04-13 19:33 161144 ----a-r- c:\windows\system32\mfevtps.exe.595c.deleteme . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-05 13:56 . 2012-07-14 10:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-05 13:55 . 2011-05-25 08:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 12:23 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(2).dll 2012-11-29 18:18 . 2012-11-29 18:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-29 18:18 . 2012-08-08 20:49 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-29 18:18 . 2012-01-14 22:11 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-13 11:55 . 2004-09-02 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 00:41 . 2004-09-02 12:00 290560 ----a-w- c:\windows\system32\atmfd(3).dll 2012-11-02 02:03 . 2004-09-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2004-09-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:12 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-28 08:10 . 2012-10-28 08:10 556 ----a-w- c:\windows\_MSSETUP.BAT 2012-10-28 08:10 . 2012-10-28 08:10 9813 ----a-w- c:\windows\_MSRSTRT.EXE 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2008-08-16 15:42 . 2013-01-06 16:14 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 15:42 . 2013-01-06 16:14 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 15:42 . 2013-01-06 16:14 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 15:42 . 2013-01-06 16:14 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 15:43 . 2013-01-06 16:14 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 15:42 . 2013-01-06 16:14 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 15:42 . 2013-01-06 16:14 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 06:41 . 2013-01-06 16:14 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 06:41 . 2013-01-06 16:14 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 06:41 . 2013-01-06 16:14 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 11:58 . 2013-01-06 16:14 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 15:42 . 2013-01-06 16:14 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2013-01-06 16:14 . 2013-01-06 16:14 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll [-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] 2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] 2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "AntiVirService"=2 (0x2) "AntiVirSchedulerService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"= "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 13:17 36000] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 11:39 1097472] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2012 13:17 86224] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 17:28 20160] . Inhoud van de 'Gedeelde Taken' map . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 13:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 195.130.130.133 195.130.131.133 FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-10 16:17; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - ExtSQL: 2012-11-29 19:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-01-08 20:34 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(556) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(2920) c:\windows\system32\webcheck.dll . Voltooingstijd: 2013-01-08 20:36:58 ComboFix-quarantined-files.txt 2013-01-08 19:36 ComboFix2.txt 2013-01-06 20:07 ComboFix3.txt 2012-12-07 21:55 ComboFix4.txt 2012-07-29 08:56 . Pre-Run: 31.913.148.416 bytes beschikbaar Post-Run: 31.900.315.648 bytes beschikbaar . - - End Of File - - 8576EFB953AC58B4FE4553396B7342AD
-
logje van Combofix: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:03:14, on 6/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Online Armor\OAcat.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe" O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe -- End of file - 8965 bytes
-
Sorry, lukt niet om print screen hier te posten: ik krijg de melding dat Avira nog actief is van combofix en dat ik het eerst moet uitschakelen maar ik kan Avira niet openen op de computer en hij is ook niet actief aanwezig op bureau blad. hier alvast een hihackthis logje van de computer: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:03:14, on 6/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Online Armor\OAcat.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe" O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe -- End of file - 8965 bytes
-
Heb dit geprobeerd maar dit doet niets anders dan mijn computer scannen, avira staat er nog altijd op.

OVER ONS
PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!