Boem

Ok heel erg bedankt.

Hallo, Mijn D schijf zit bijna vol. Nu ben ik aan het zoeken geweest en ben er al wel achter dat er een windowsimage backup wordt gemaakt. Er staat een heel groot VHD bestand op. Kan ik dit zomaar verwijderen of wis ik daarmee al mijn foto's en images? Ik weet echt niet of dit al ergens staat op dit forum, maar ik heb het nergens kunnen vinden. Eigenlijk kan ik het helemaal nergens vinden op internet. Wel allemaal vragen die erop lijken, maar dan net even wat anders zijn. Ik hoop dat jullie me de oplossing kunnen geven. (nb ik heb wel tune up utilities erop staan) Met vriendelijke groet, Boem

Oke, heel erg bedankt.

Bij "unhide.exe" kreeg ik inderdaad een melding dat alles weer zichtbaar was. Er stond nog wel bij dat als nog niet alles zichtbaar was, ik de virusscanner uit moest zetten en opnieuw het programma draaien. Bij MBAM stond dat er geen bedreigingen waren (zie log) En Hijack log voeg ik hieronder ook toe. Dat timeslot bestand was van het programma timeslot. Die was niet meer zichtbaar bij opstarten dus die heb ik wel weer zichtbaar gemaakt. Is dan nu alles goed? MBAM log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Databaseversie: v2012.07.03.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Daphne :: PCPRIVE [administrator] 13-7-2012 15:18:48 mbam-log-2012-07-13 (15-18-48).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 281178 Verstreken tijd: 8 minuut/minuten, 27 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) HIJACK log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:51:01, on 13-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daphne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 9709 bytes

Hallo, Gister een raar virus opgelopen. De pc leek leeg. Alle mappen zijn als verborgen bestanden weergegeven. Ook is de programmalijst bij start leeg. Systeemherstel doet het niet. Nou krijg ik de mappen wel weer zichtbaar, maar ik wil wel zeker weten dat het virus eraf is. Al wel met Eset-NOD gescanned en met spybot. Voor de zekerheid alvast hijacklogje gemaakt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:45:28, on 13-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe C:\Documents and Settings\All Users\Application Data\tmt\ct861.exe C:\Program Files\Timeslot\tmt.exe C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [b2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Daphne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 10027 bytes Wat kan ik doen? Groetjes Boem

Nee eigenlijk is alles weer goed. Heel erg bedankt voor je hulp. Helemaal super. Groetjes Boem

ja hij is een stuk sneller. Moet ik dat met die sleutel nog doen? Of is alles nu in orde? Groetjes Boem

Pc in de vaatwasser gestopt en kijk eens: Cpu met 20 graden gedaald. Moederbord en harde schijf ook een stuk cooler. Andere bestand komt eraan. http://speccy.piriform.com/results/HSlOLXv06e1lwVHoW80S4uq ---------- Post toegevoegd om 11:19 ---------- Vorige post was om 11:13 ---------- Kan de sleutel niet vinden. Ik kom tot UserData, maar LocalSystem staat daar niet in. S-1-5-18 en nog zo´n nummer. Blader naar de sleutel HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem

En hier het logje van combofix Is het trouwens normaal dat de cpu 60 graden is? ComboFix 12-03-17.01 - Daphne 22-03-2012 9:37.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.473 [GMT 1:00] Gestart vanuit: c:\program files\ComboFix\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))) . . 2012-03-22 08:21 . 2012-03-22 08:29 -------- d-----w- c:\program files\speccy 2012-03-21 08:00 . 2012-03-21 15:53 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend 2012-03-21 06:22 . 2012-03-21 06:24 1409 ----a-w- c:\windows\QTFont.for 2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix 2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator 2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder 2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics 2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder 2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder 2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService 2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU 2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll 2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia 2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU 2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter 2012-03-16 09:25 . 2012-03-21 16:13 -------- d-----w- c:\program files\hijack this 2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes 2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware 2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro 2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro 2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2012-03-15 16:29 . 2012-03-21 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II 2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2 2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx 2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB 2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll 2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll 2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll 2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll 2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll 2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX 2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll 2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe 2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe 2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe 2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416] "aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Magnify"="Magnify.exe" [2008-04-14 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent] 2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Persistence"=c:\windows\system32\igfxpers.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Alcmtr"=ALCMTR.EXE "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35126:TCP"= 35126:TCP:utorrent2 "47979:TCP"= 47979:TCP:Utorrent 3 . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408] R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960] R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520] S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104] S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ135 *Deregistered* - cpuz135 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job - c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05] . 2012-03-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51] . 2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52] . 2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52] . 2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.startpagina.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-22 09:46 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2376) c:\program files\Timeslot\dwlgina2.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-03-22 09:49:13 ComboFix-quarantined-files.txt 2012-03-22 08:49 ComboFix2.txt 2012-03-20 15:32 ComboFix3.txt 2012-03-20 15:18 ComboFix4.txt 2012-03-18 13:50 . Pre-Run: 31.162.527.744 bytes beschikbaar Post-Run: 31.166.611.456 bytes beschikbaar . - - End Of File - - F545F7D074935EE6A400E07DB3872DA1

http://speccy.piriform.com/results/i4grWWXI18Y1MQP7B8hnWwk combofix komt eraan

eset had wel wat gevonden. Kan log er niet van laten zien. Had er een jpeg bestand van gemakt, maar die kan je hier niet plaatsen. Hieronder een nieuwe hijack log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:34, on 21-3-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Application Data\tmt\ct0.exe C:\Documents and Settings\All Users\Application Data\tmt\ct31.exe C:\Program Files\Timeslot\tmt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\123webhost\FTP en uploaden\WsftpCOMHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl - alles op een rijtje! (ook op mobiel) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Documents and Settings\Daphne\Mijn documenten\lg pc suite de echte\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [aaservice] "C:\Program Files/Timeslot/servicets.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Magnify] Magnify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [Magnify] Magnify.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updateservice (gupdate1c9ff3c93ad5260) (gupdate1c9ff3c93ad5260) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\malware\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 9070 bytes

ok, dat heb ik gedaan. Maar ik krijg nog steeds iedere keer een melding als ik naar een pagina ga. Waar komt die melding vandaan? BEVEILIGINGSWAARSCHUWING U gaat pagina´s via een beveiligde verbinding weergeven. De informatie die u met deze website uitwisselt, kan door niemand anders op internet worden bekeken. Als ik dan weer naar een andere pagina ga, dan geeft ie hetzelfde aan alleen dan is het een onbeveiligde verbinding. Verder is pc ontzettend traag geworden.

De computer is nu supertraag geworden. Hij geeft ook vaak een melding dat je gegeens via een onbeveiligde website bekeken gaan worden. Ben nu bezig met eset te scannen. Heeft tot nu toe al 3 infiltraties gevonden. Ben benieuwd wat er uitkomt. Ik zal het wel laten weten.

Ok Dat heb ik gedaan. Groetjes boem ComboFix 12-03-17.01 - Daphne 20-03-2012 16:21:42.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.416 [GMT 1:00] Gestart vanuit: c:\program files\ComboFix\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Daphne\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . FILE :: "c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\ARPPRODUCTICON.exe" "c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe" "c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe" "c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe" "c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\ARPPRODUCTICON.exe c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe c:\documents and settings\Daphne\Application Data\Microsoft\Installer\{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe c:\documents and settings\Daphne\Application Data\OpenCandy c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\2656.ico c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\EBB77268-338F-4C6A-8590-AD88FED26F4A c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\LinkuryInstaller.msi c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\LinkuryInstaller_p1v12.exe c:\documents and settings\Daphne\Application Data\OpenCandy\D75AB720CE72439F84AE38181906A025\OCBrowserHelper_1.0.3.85.dll c:\documents and settings\Daphne\Local Settings\Application Data\Linkury c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Application\SmartbarInternetExplorerBHO.dll c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Application\SmartbarInternetExplorerExtension.dll c:\documents and settings\Daphne\Local Settings\Application Data\Linkury\Linkury.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0\user.config c:\documents and settings\Daphne\Local Settings\Application Data\Smartbar c:\documents and settings\Daphne\Local Settings\Application Data\Smartbar\Linkury.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.2.0.0\user.config c:\windows\iun6002.exe c:\windows\system32\roboot.exe c:\windows\system32\Thumbs.db . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))) . . 2012-03-19 11:39 . 2012-03-20 14:57 -------- d--h--r- c:\documents and settings\Daphne\Onlangs geopend 2012-03-18 13:27 . 2012-03-18 13:27 -------- d-----w- c:\program files\ComboFix 2012-03-18 12:49 . 2012-03-18 12:49 -------- d-----w- c:\documents and settings\Administrator 2012-03-17 13:24 . 2012-03-18 11:30 -------- d-----w- c:\documents and settings\Camilè\Application Data\PriceGong 2012-03-17 10:58 . 2012-03-17 10:58 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Conduit 2012-03-17 10:58 . 2012-03-17 13:24 -------- d-----w- c:\documents and settings\Camilè\Local Settings\Application Data\Freecorder 2012-03-16 21:56 . 2012-03-16 21:56 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\LG Electronics 2012-03-16 18:59 . 2012-03-16 19:04 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\Freecorder 2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\program files\Freecorder 2012-03-16 18:59 . 2012-03-16 18:59 -------- d-----w- c:\documents and settings\Daphne\Local Settings\Application Data\FLVService 2012-03-16 18:26 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\Daphne\Application Data\AVS4YOU 2012-03-16 18:22 . 2011-09-16 15:05 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll 2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\Common Files\AVSMedia 2012-03-16 18:22 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2012-03-16 18:22 . 2012-03-16 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2012-03-16 18:22 . 2012-03-16 18:24 -------- d-----w- c:\program files\AVS4YOU 2012-03-16 18:18 . 2012-03-16 18:21 -------- d-----w- c:\program files\avs video converter 2012-03-16 09:25 . 2012-03-18 13:00 -------- d-----w- c:\program files\hijack this 2012-03-16 08:47 . 2012-03-16 08:47 -------- d-----w- c:\documents and settings\Daphne\Application Data\Malwarebytes 2012-03-16 08:46 . 2012-03-16 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-16 08:46 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-16 08:45 . 2012-03-16 08:46 -------- d-----w- c:\program files\malware 2012-03-15 22:21 . 2012-03-15 22:21 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-03-15 22:11 . 2012-03-15 22:11 -------- d-----w- c:\program files\HitmanPro 2012-03-15 22:10 . 2012-03-15 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2012-03-15 22:10 . 2012-03-15 22:10 -------- d-----w- c:\program files\hitman pro 2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2012-03-15 16:31 . 2012-03-15 16:31 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2012-03-15 16:29 . 2012-03-19 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-03-15 16:29 . 2012-03-15 16:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-15 10:13 . 2012-03-15 16:09 -------- d-----w- c:\program files\Image Grabber II 2012-03-15 10:01 . 2012-03-15 10:01 -------- d-----w- c:\program files\image grabber 2 2012-03-13 20:31 . 2012-03-13 20:31 -------- d-----w- C:\ifx 2012-03-13 20:27 . 2012-03-14 11:26 -------- d-----w- C:\LG_USB 2012-03-13 20:25 . 2011-05-10 12:37 655872 ----a-w- c:\windows\system32\msvcr90.dll 2012-03-13 20:25 . 2011-05-10 12:37 568832 ----a-w- c:\windows\system32\msvcp90.dll 2012-03-13 20:25 . 2011-05-10 12:37 224768 ----a-w- c:\windows\system32\msvcm90.dll 2012-03-13 20:25 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll 2012-03-13 20:25 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll 2012-03-13 20:25 . 2012-03-14 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX 2012-03-13 19:56 . 2004-04-18 22:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll 2012-03-13 19:56 . 2004-04-18 22:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll 2012-03-13 19:56 . 2004-04-18 22:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll 2012-03-13 19:56 . 2004-04-18 22:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll 2012-03-13 19:56 . 2004-04-18 22:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe 2012-03-13 19:56 . 2012-03-13 19:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll 2012-03-13 19:56 . 2012-03-13 19:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-29 11:07 . 2011-06-03 08:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:57 . 2004-08-04 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:07 . 2012-02-15 13:21 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2008-01-07 14:14 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-03 20:59 . 2011-06-03 20:58 9344296 ----a-w- c:\program files\albelli7_NL.exe 2011-06-02 22:27 . 2011-06-02 22:25 91864240 ----a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe 2010-05-13 15:41 . 2010-05-13 15:41 4614113 ----a-w- c:\program files\SetupImgBurn_2.5.1.0.exe 2010-01-26 09:11 . 2010-11-14 15:45 444283 -c--a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-18_13.48.15 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-20 08:44 . 2012-03-20 08:44 16384 c:\windows\Temp\Perflib_Perfdata_308.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-23 188416] "aaservice"="C:\Program Files/Timeslot/servicets.exe" [2007-09-06 397312] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-10 77824] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Magnify"="Magnify.exe" [2008-04-14 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-22 14:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2009-03-18 01:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\malware\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent] 2011-10-19 13:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-02-10 20:49 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-30 08:47 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Persistence"=c:\windows\system32\igfxpers.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Alcmtr"=ALCMTR.EXE "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth Pro\\googleearth.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "35126:TCP"= 35126:TCP:utorrent2 "47979:TCP"= 47979:TCP:Utorrent 3 . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 6:23 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 6:26 96408] R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [20-3-2011 19:42 20480] R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-7-2009 23:03 75272] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 6:24 735960] R2 MBAMService;MBAMService;c:\program files\malware\Malwarebytes' Anti-Malware\mbamservice.exe [16-3-2012 9:46 652360] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27-1-2010 3:09 50704] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [31-5-2011 17:01 1052480] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29-9-2009 8:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29-9-2009 8:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29-9-2009 8:11 12928] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-3-2012 9:46 20464] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25-2-2010 10:18 10064] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-7-2009 23:03 96520] S2 gupdate1c9ff3c93ad5260;Google Updateservice (gupdate1c9ff3c93ad5260);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 20:53 133104] S3 MemStPCI;Sony PCI Memory Stick-controller (PCI);c:\windows\system32\drivers\MemStPCI.SYS [2-10-2010 23:37 26112] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-03-16 c:\windows\Tasks\Automatisch onderhoud.job - c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31 16:05] . 2012-03-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:51] . 2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52] . 2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:52] . 2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1957994488-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1957994488-839522115-1007.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.startpagina.nl/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-AndreaMosaic - c:\windows\iun6002.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-20 16:29 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2012-03-20 16:32:10 ComboFix-quarantined-files.txt 2012-03-20 15:32 ComboFix2.txt 2012-03-20 15:18 ComboFix3.txt 2012-03-18 13:50 . Pre-Run: 31.401.390.080 bytes beschikbaar Post-Run: 31.366.176.768 bytes beschikbaar . - - End Of File - - B24A98D044EF7B0CD9E55BE1A28228B6

Dat was een programma om youtube filmpjes om te zetten naar mp3, maar het werkt niet dus die heb ik eraf gehaald. Ik heb de map nu verwijderd. Of blijft er dan nog van alles achter op mijn pc?