martinha

Was al blij klaar te zijn Aub de log . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\btn-green.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\corners-btn.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\corners1.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\corners2.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\corners3.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\corners4.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\ie6-7.css c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\jquery.main.js c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\main.html c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\McAfee.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\nl-flag.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\nl-image.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\pay7.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\pay8.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\pay9.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\steps-en.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\steps-nl.png c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\style.css c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh\tabs.png c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\extensions\64ffxtbr@TelevisionFanatic.com c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome.manifest c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome\64ffxtbr.jar c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\extensions\64ffxtbr@TelevisionFanatic.com\install.rdf c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\extensions\64ffxtbr@TelevisionFanatic.com\installKeys.js c:\documents and settings\Debby Bakker\Favorieten\Videos.url c:\windows\assembly\GAC\Desktop.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))) . . 2012-06-12 15:29 . 2012-06-12 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-12 15:29 . 2012-06-12 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-12 15:29 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 13:47 . 2012-06-12 16:43 -------- d-----w- c:\documents and settings\Administrator 2012-06-11 19:15 . 2012-06-11 19:15 -------- d-----w- c:\documents and settings\Debby Bakker\Local Settings\Application Data\Deployment 2012-05-19 20:31 . 2012-05-19 20:31 -------- d-----w- c:\documents and settings\Debby Bakker\Application Data\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2006-05-31 07:19 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-05 15:08 . 2012-04-03 11:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 15:08 . 2011-06-05 10:25 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2006-05-31 07:19 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2006-05-31 07:19 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-05-03 20:10 . 2011-06-05 11:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-12_16.54.18 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-12 17:29 . 2012-06-12 17:29 16384 c:\windows\temp\Perflib_Perfdata_3dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-15 1398024] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 15:12 98816] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3-8-2008 20:46 52240] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [16-2-2008 1:01 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [16-2-2008 1:01 333328] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [31-5-2006 9:19 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 13:35 257696] S3 dump_wmimmc;dump_wmimmc;\??\c:\documents and settings\BO\Bureaublad\9Dragons\GameGuard\dump_wmimmc.sys --> c:\documents and settings\BO\Bureaublad\9Dragons\GameGuard\dump_wmimmc.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3-5-2012 22:10 129976] S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [3-8-2008 20:46 488768] S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3-8-2008 20:46 648456] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [31-5-2006 9:19 14336] . Inhoud van de 'Gedeelde Taken' map . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:08] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678248431-2001152257-2084088018-1006Core.job - c:\documents and settings\Debby Bakker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-11 19:15] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678248431-2001152257-2084088018-1006UA.job - c:\documents and settings\Debby Bakker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-11 19:15] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 80.126.64.123:3128 uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\ FF - prefs.js: browser.startup.homepage - hxxp://tc4.travian.nl/dorf1.php|SOLID vs CRAP/BAZEN(LOSERS) - Pagina 26 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-12 20:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\windows\explorer(2).exe:userini.exe 22528 bytes executable c:\windows\explorer(3).exe:userini.exe 22528 bytes executable c:\windows\explorer(4).exe:userini.exe 22528 bytes executable c:\windows\explorer(5).exe:userini.exe 22528 bytes executable . Scan succesvol afgerond verborgen bestanden: 4 . ************************************************************************** . Voltooingstijd: 2012-06-12 20:27:27 ComboFix-quarantined-files.txt 2012-06-12 18:27 ComboFix2.txt 2012-06-12 16:58 . Pre-Run: 26.023.124.992 bytes beschikbaar Post-Run: 26.049.216.512 bytes beschikbaar . - - End Of File - - BB2FD077D176ED87C14E6977912AB8E1

Zelf ook herstart van pc gedaan en alles lijkt normaal te werken, als je niets vreemds zie in de logs dan kan deze als opgelost neergezet worden Bedankt voor jullie hulp

Uitgevoerd en pc herstarte en lijkt nu normaal, nog geen eigen herstart gedaan hier de log ComboFix 12-06-12.01 - Administrator 12-06-2012 18:34:12.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.582 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: Trend Micro Internet Security Pro *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\haobbrwkwlckqqv c:\documents and settings\All Users\Application Data\imwknzqy.exe c:\documents and settings\All Users\Application Data\qdsiunuo.exe c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\trugbanw.exe c:\documents and settings\All Users\Application Data\wavqlcfg.exe c:\documents and settings\Debby Bakker\Menu Start\Programma's\Opstarten\hj8ol0.exe.lnk c:\documents and settings\Debby Bakker\WINDOWS c:\documents and settings\Default User\WINDOWS C:\Microsoft c:\program files\altcmd c:\program files\altcmd\uninstall.bat c:\program files\TelevisionFanatic c:\program files\TelevisionFanatic\bar\Cache\008F5888 c:\program files\TelevisionFanatic\bar\Cache\008F5C03 c:\program files\TelevisionFanatic\bar\Cache\008F5D3B.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5DA9.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5E16.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5F00.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5F5E.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5FAC.bmp c:\program files\TelevisionFanatic\bar\Cache\008F5FEB.bmp c:\program files\TelevisionFanatic\bar\Cache\008F6039.bmp c:\program files\TelevisionFanatic\bar\Cache\008F6087.bmp c:\program files\TelevisionFanatic\bar\Cache\008F60D5.bmp c:\program files\TelevisionFanatic\bar\Cache\008F6123.bmp c:\program files\TelevisionFanatic\bar\Cache\008F6162.bmp c:\program files\TelevisionFanatic\bar\Cache\008F7065.jhtml c:\program files\TelevisionFanatic\bar\Cache\008F9775 c:\program files\TelevisionFanatic\bar\Cache\008FAD11.bmp c:\program files\TelevisionFanatic\bar\Cache\files.ini c:\program files\TelevisionFanatic\bar\gen1\COMMON.T8S c:\program files\TelevisionFanatic\bar\History\search3 c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S c:\program files\TelevisionFanatic\bar\Message\COMMON\8_step1.gif c:\program files\TelevisionFanatic\bar\Message\COMMON\anemone.js c:\program files\TelevisionFanatic\bar\Message\COMMON\bd_grad.gif c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard.js c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard1.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\hpguard2.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_ok.png c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_x.png c:\program files\TelevisionFanatic\bar\Message\COMMON\hpp_x2.png c:\program files\TelevisionFanatic\bar\Message\COMMON\index.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\mid_dots.gif c:\program files\TelevisionFanatic\bar\Message\COMMON\mws_logo.gif c:\program files\TelevisionFanatic\bar\Message\COMMON\protect.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\rebut4b.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\shield.png c:\program files\TelevisionFanatic\bar\Message\COMMON\stop.gif c:\program files\TelevisionFanatic\bar\Message\COMMON\systrayp.htm c:\program files\TelevisionFanatic\bar\Message\COMMON\tp_grad.gif c:\program files\TelevisionFanatic\bar\Settings\prevcfg2.htm c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat c:\program files\TelevisionFanatic\bar\Settings\s_w1.dat c:\program files\TelevisionFanatic\bar\Settings\s_w2.dat c:\program files\TelevisionFanatic\bar\Settings\setting3.htm c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016728.html c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100016730.html c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties100065028.html c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\PopupProperties200821787.html c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\Radio.html c:\program files\TelevisionFanatic\TelevisionFanatic\Cache\VideosAffinityBtn.html c:\windows\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\@ c:\windows\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\L\00000004.@ c:\windows\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\U\00000004.@ c:\windows\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\U\000000cb.@ c:\windows\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\U\80000032.@ c:\windows\IsUn0413.exe c:\windows\system32\config\systemprofile\WINDOWS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_TELEVISIONFANATICSERVICE . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))) . . 2012-06-12 15:29 . 2012-06-12 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-12 15:29 . 2012-06-12 15:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-12 15:29 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 13:47 . 2012-06-12 16:43 -------- d-----w- c:\documents and settings\Administrator 2012-06-12 13:09 . 2012-06-12 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\bkkuerdtobqfegh 2012-06-11 19:15 . 2012-06-11 19:15 -------- d-----w- c:\documents and settings\Debby Bakker\Local Settings\Application Data\Deployment 2012-05-19 20:31 . 2012-05-19 20:31 -------- d-----w- c:\documents and settings\Debby Bakker\Application Data\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2006-05-31 07:19 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-05 15:08 . 2012-04-03 11:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 15:08 . 2011-06-05 10:25 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:55 . 2004-08-04 00:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2006-05-31 07:19 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2006-05-31 07:19 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-05-03 20:10 . 2011-06-05 11:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-15 1398024] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [18-4-2006 15:12 98816] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3-8-2008 20:46 52240] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [16-2-2008 1:01 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [16-2-2008 1:01 333328] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [31-5-2006 9:19 14336] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 13:35 257696] S3 dump_wmimmc;dump_wmimmc;\??\c:\documents and settings\BO\Bureaublad\9Dragons\GameGuard\dump_wmimmc.sys --> c:\documents and settings\BO\Bureaublad\9Dragons\GameGuard\dump_wmimmc.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3-5-2012 22:10 129976] S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [3-8-2008 20:46 488768] S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3-8-2008 20:46 648456] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [31-5-2006 9:19 14336] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - IPHLPSVC *NewlyCreated* - WS2IFSL . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487c76e8-23d2-11df-b284-0018de2d3841}] \Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487c76e9-23d2-11df-b284-0018de2d3841}] \Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254980a-71b4-11dc-aff2-0016d42bdb11}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8254980c-71b4-11dc-aff2-0016d42bdb11}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efeb7687-8df6-11db-add6-0016d42bdb11}] \Shell\AutoRun\command - G:\CruzerProfile.exe /autorun . Inhoud van de 'Gedeelde Taken' map . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:08] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678248431-2001152257-2084088018-1006Core.job - c:\documents and settings\Debby Bakker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-11 19:15] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1678248431-2001152257-2084088018-1006UA.job - c:\documents and settings\Debby Bakker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-11 19:15] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 80.126.64.123:3128 uInternet Settings,ProxyOverride = <local> LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Debby Bakker\Application Data\Mozilla\Firefox\Profiles\sfqql9om.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://tc4.travian.nl/dorf1.php|SOLID vs CRAP/BAZEN(LOSERS) - Pagina 26 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6cd690400000000000000018de2d3841&tlver=1.4.35.10&affID=101434 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\TelevisionFanatic\bar\1.bin\64SrcAs.dll WebBrowser-{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - (no file) WebBrowser-{C98D5B61-B0EA-4D48-9839-1079D352D880} - (no file) HKCU-Run-qdsiunuopgxuyfl - c:\documents and settings\All Users\Application Data\qdsiunuo.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe Notify-WgaLogon - (no file) AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe AddRemove-PC Diagnoseprogramma - c:\windows\IsUn0413.exe AddRemove-Power Saver - c:\windows\IsUn0413.exe AddRemove-{718D791F-F4E8-4aa7-98A6-15FDED17BDD0} - c:\program files\Trend Micro\Internet Security\remove.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-12 18:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\windows\explorer(2).exe:userini.exe 22528 bytes executable c:\windows\explorer(3).exe:userini.exe 22528 bytes executable c:\windows\explorer(4).exe:userini.exe 22528 bytes executable c:\windows\explorer(5).exe:userini.exe 22528 bytes executable . Scan succesvol afgerond verborgen bestanden: 4 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(1052) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\wdfmgr.exe c:\program files\Trend Micro\BM\TMBMSRV.exe . ************************************************************************** . Voltooingstijd: 2012-06-12 18:58:11 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-12 16:58 . Pre-Run: 26.289.836.032 bytes beschikbaar Post-Run: 26.099.855.360 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - EC8C18B6050C6E3B4845E2C648ACD06B

allereerst bedankt voor de hulp uitgevoerd zoals je neerzette bij herstart van pc opende de pc op gewone modus en had gelijk weer dat lelijke scherm opnieuw in veilige modus opgestart en de scans opnieuw gedaan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:43, on 12-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-21-1678248431-2001152257-2084088018-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1678248431-2001152257-2084088018-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 5598 bytes Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.12.05 Windows XP Service Pack 3 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.6001.18702 Administrator :: DEBAAS [administrator] 12-6-2012 18:00:47 mbam-log-2012-06-12 (18-00-47).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 235950 Verstreken tijd: 13 minuut/minuten, 35 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Apart ---------- Post toegevoegd om 18:21 ---------- Vorige post was om 18:19 ---------- vergaat nog de oude log van malware Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Databaseversie: v2012.06.12.05 Windows XP Service Pack 3 x86 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 8.0.6001.18702 Administrator :: DEBAAS [administrator] 12-6-2012 17:31:51 mbam-log-2012-06-12 (17-31-51).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 236387 Verstreken tijd: 15 minuut/minuten, 56 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 89 HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{aed3b1e0-fabb-4c27-a2da-ec8352ee7e30} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{952c6f00-cba7-47be-baf3-cfc5808e6c7b} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{73cadbbd-4dc5-419d-84f1-e7bf4c3b20c4} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{a378fd9d-b406-44bb-96d2-8cdaa668713f} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{34979cb5-728d-4727-81bf-01850a3bb89b} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{026fd9ba-112b-4d9f-86ea-589e28016e8c} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{03f59b4b-09d9-40f0-a01a-6e895023f2f0} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{6784d08d-cdc3-419d-9b97-744a351ed908} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{608f7340-e221-4afb-a848-c4dad297cd58} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MsVCL1.BhoApp (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MsVCL1.BhoApp.1 (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SkinLauncher (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SkinLauncher.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SkinLauncherSettings (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TelevisionFanatic.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\rhc759j0ecdn (Rogue.AntiVirusXP) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc759j0ecdn (Rogue.AntiVirusXP) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion|rhc759j0ecdn (Rogue.AntiVirusXP) -> Data: ‚”H -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files\TelevisionFanatic\bar\1.bin -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 1 HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Slecht: (\\.\globalroot\systemroot\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\n.) Goed: (%systemroot%\system32\wbem\wbemess.dll) -> Succesvol in quarantaine geplaatst en gerepareerd. Mappen gedetecteerd: 16 C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\BrowserObjects (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\rhc759j0ecdn\Quarantine\Packages (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 54 C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64html.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\n (Spyware.Password) -> Zal worden verwijderd tijdens het herstarten. C:\WINDOWS\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\L\00000008.@ (Trojan.BitMiner) -> Zal worden verwijderd tijdens het herstarten. C:\WINDOWS\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\Installer\{273dfab5-1ab7-6771-5ca5-1e08ee31a024}\U\80000000.@ (Trojan.Sirefef) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\temp.dll (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntiVirus2008) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\0.48540979505434145.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart\Log\2008 Aug 02 - 09_24_28 PM_765.log (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart\Log\2008 Aug 02 - 10_02_20 PM_062.log (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart\Log\2008 Aug 02 - 10_19_48 PM_125.log (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Debby Bakker\Application Data\RegistrySmart\Log\2008 Aug 02 - 11_08_09 PM_453.log (Rogue.RegistrySmart) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn\MFC71.dll (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn\MFC71ENU.DLL (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn\msvcp71.dll (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn\msvcr71.dll (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\rhc759j0ecdn\rhc759j0ecdn.exe.local (Rogue.Multiple) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64hkstub.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64idle.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64ieovr.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64reghk.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64sknlcr.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

gestart in velige modus HIJachThis erop losgelaten en hier de log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:56:21, on 12-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~1\TELEVI~2\bar\1.bin\64bar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {DF9FBB27-7F51-430A-BA2D-F4887396A6AD} - C:\WINDOWS\system32\fastsrch.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~1\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h O4 - HKLM\..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~1\TELEVI~2\bar\1.bin\64brmon.exe O4 - HKLM\..\Run: [qdsiunuopgxuyfl] C:\Documents and Settings\All Users\Application Data\qdsiunuo.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TelevisionFanaticService - COMPANYVERS_NAME - C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 6527 bytes graag hulp wat ik verder moet doen