dries V

5 januari 2013

beste,

ik had een probleem met in windows XP na het installeren van macfee antivirus:

probleem was volgend scherm:

Windows Bestandsbeveiliging

Enkele bestanden die voor een goede werking van Windows nodig zijn, zijn vervangen door niet-herkende versies. De oorspronkelijke versie van deze bestanden moet worden teruggezet om systeemstabiliteit te behouden. Plaats nu: product cd-rom.

ik heb dan een systeem herstel uitgevoerd naar de tijd voor ik deze anti virus had, waardoor ik deze melding niet meer krijg. Dit was succes vol, tot ik bepaalde bestanden van mijn computer wou verwijderen.

ZO heb ik het probleem dat ik de avira niet van mijn computer kan verwijderen of openen.

ik krijg continu de melding dat "ccplg.xml file missing is".

Kan iemand me helpen met Avira van MIJN computer te smijten, en Mij vertellen hoe ik het windows probleem kan voorkomen met mijn Macfee???

7 december 2012

sorry, ik was enkele dagen van huis,

hier alvast combofix logje:

ComboFix 12-12-04.01 - Microsoft User 07/12/2012 22:38:29.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.335 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-07 to 2012-12-07 ))))))))))))))))))))))))))))))

.

2012-12-01 19:32 . 2012-12-01 19:32 -------- d-----w- c:\documents and settings\Microsoft User\.swt

2012-12-01 19:31 . 2012-12-01 21:51 -------- d-----w- c:\documents and settings\Microsoft User\Application Data\Azureus

2012-12-01 19:31 . 2012-12-01 19:31 -------- d-----w- c:\program files\Vuze

2012-11-29 19:58 . 2012-11-29 19:58 -------- d-----w- c:\documents and settings\Microsoft User\Local Settings\Application Data\Sun

2012-11-29 18:44 . 2012-11-29 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor

2012-11-29 18:44 . 2012-11-29 18:44 -------- d-----w- c:\documents and settings\Microsoft User\Application Data\OnlineArmor

2012-11-29 18:44 . 2012-10-02 14:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2012-11-29 18:44 . 2012-10-02 14:02 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys

2012-11-29 18:44 . 2012-10-02 14:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys

2012-11-29 18:44 . 2012-10-02 14:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys

2012-11-29 18:44 . 2012-11-30 19:10 -------- d-----w- c:\program files\Online Armor

2012-11-29 18:33 . 2012-11-29 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2012-11-29 18:33 . 2012-11-29 18:33 -------- d-----w- c:\program files\McAfee Security Scan

2012-11-29 18:31 . 2012-11-29 18:32 -------- d-----w- c:\program files\Common Files\Adobe

2012-11-29 18:19 . 2012-11-29 18:19 -------- d-----w- c:\program files\Common Files\Java

2012-11-29 18:18 . 2012-11-29 18:18 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 19:23 . 2012-11-29 17:59 -------- d-----w- c:\documents and settings\Microsoft User\Application Data\EurekaLog

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-29 18:18 . 2012-08-08 20:49 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-29 18:18 . 2012-01-14 22:11 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-25 18:09 . 2012-07-14 10:15 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-25 18:09 . 2011-05-25 08:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-28 08:10 . 2012-10-28 08:10 556 ----a-w- c:\windows\_MSSETUP.BAT

2012-10-28 08:10 . 2012-10-28 08:10 9813 ----a-w- c:\windows\_MSRSTRT.EXE

2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-22 19:57 . 2004-09-02 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04 . 2004-09-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-29 18:54 . 2012-02-11 13:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-24 14:32 . 2012-08-08 20:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2008-08-16 15:42 . 2012-10-27 15:40 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2012-10-27 15:40 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2012-10-27 15:40 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2012-10-27 15:40 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2012-10-27 15:40 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2012-10-27 15:40 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2012-10-27 15:40 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2012-10-27 15:40 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2012-10-27 15:40 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2012-10-27 15:40 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2012-10-27 15:40 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2012-10-27 15:40 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-11-20 06:17 . 2012-10-27 15:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]

"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-02 2415104]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-02 366440]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Citrix XenApp.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Citrix XenApp.lnk

backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2006-04-06 18:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

2006-04-06 18:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=

"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=

"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/05/2012 13:17 36000]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [29/11/2012 19:44 208320]

R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [29/11/2012 19:44 44992]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [29/11/2012 19:44 27648]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [29/11/2012 19:44 31920]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2012 13:17 86224]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/10/2012 17:22 399432]

R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [29/11/2012 19:44 216072]

R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [29/11/2012 19:44 4463864]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/12/2009 11:39 1097472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2012 14:48 22856]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2012 14:48 676936]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [15/12/2009 17:28 20160]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [5/09/2012 16:56 234776]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:09]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

FF - ProfilePath - c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - ExtSQL: 2012-11-10 16:17; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: 2012-11-29 19:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Microsoft User\Application Data\Mozilla\Firefox\Profiles\vn80b503.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: !HIDDEN! 2009-12-17 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-12-07 22:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(500)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3488)

c:\windows\system32\webcheck.dll

.

Voltooingstijd: 2012-12-07 22:55:12

ComboFix-quarantined-files.txt 2012-12-07 21:55

ComboFix2.txt 2012-07-29 08:56

.

Pre-Run: 40.258.494.464 bytes beschikbaar

Post-Run: 40.476.520.448 bytes beschikbaar

.

- - End Of File - - B5EA8639299C00FA93AD0B023595BFB6

29 november 2012

hallo,

Mijn pc blijft soms hangen en het duurt lang om firefox te starten.

Hier alvast mijn log van Hijack en maleware bytes

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:32:46, on 29/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Online Armor\OAcat.exe

C:\Program Files\Online Armor\oasrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\ElkCtrl.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Online Armor\OAui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Online Armor\OAhlp.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"

O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

--

End of file - 10042 bytes

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

Malwarebytes : Free anti-malware download

Databaseversie: v2012.11.29.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Microsoft User :: K314 [administrator]

Realtime bescherming: Uitgeschakeld

29/11/2012 20:34:16

mbam-log-2012-11-29 (20-34-16).txt

Scantype: Snelle scan

Uitgeschakelde scanopties: P2P

Objecten gescand: 205915

Verstreken tijd: 12 minuut/minuten, 9 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

29 juli 2012

oké, heb dit alles gedaan.

aan wat kan het nog meer liggen dat ik het netwerk niet vind?

hij vind enkel een onbeveiligd computer naar computernetwerk

29 juli 2012

voila,

ComboFix 12-07-27.03 - Microsoft User 29/07/2012 10:41:36.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.581 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Microsoft User\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Microsoft User\Bureaublad\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-29 ))))))))))))))))))))))))))))))

.

2012-07-14 10:15 . 2012-07-28 15:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-28 15:55 . 2011-05-25 08:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 11:46 . 2012-02-11 13:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:55 . 2004-09-02 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2009-12-17 12:45 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2004-09-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2004-09-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-12-15 16:17 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-12-15 16:17 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2009-12-15 16:17 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-12-15 16:17 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-12-15 16:17 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2004-09-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2009-12-15 16:17 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-12-15 16:17 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-12-23 11:05 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2009-12-23 11:05 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2009-12-23 11:05 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2004-09-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2004-09-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44 . 2004-09-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2004-09-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2004-09-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2004-09-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2009-12-15 16:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-14 00:15 . 2012-07-28 16:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-09-02 12:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-07-28_16.32.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-29 08:13 . 2012-07-29 08:13 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 88204]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-04-06 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 18:06 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 471040]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]