WardL
-
Items
3 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door WardL
-
Bedankt voor het antwoord, hier de log van Combofix: ComboFix 12-06-25.03 - Sofie 25-06-2012 20:11:34.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2021.1285 [GMT 2:00] Gestart vanuit: c:\documents and settings\TEMP.HP14944136973\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Sofie\WINDOWS c:\windows\jestertb.dll c:\windows\system32\dllcache\dlimport.exe D:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-23 14:05 . 2012-06-23 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-23 14:05 . 2012-06-23 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-23 14:05 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 08:13 . 2012-06-23 10:33 -------- d-----w- c:\documents and settings\TEMP 2012-06-21 17:18 . 2012-06-23 14:45 -------- d-----w- C:\hijackthis 2012-06-13 17:44 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-10 10:11 . 2012-06-10 10:11 -------- d-----w- c:\program files\Dropbox 2012-06-09 11:06 . 2012-06-09 11:06 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-29 05:45 . 2012-03-14 16:23 54784 ----a-w- c:\windows\system32\pdfcmon.dll 2012-05-29 05:45 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-05-29 05:45 . 2012-05-29 05:45 -------- d-----w- c:\program files\PDFCreator 2012-05-29 05:45 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 13:19 . 2008-10-16 12:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2004-08-04 08:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2004-08-04 08:03 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2004-08-04 08:03 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2008-10-16 12:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2004-08-04 08:03 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2004-08-04 08:03 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2004-08-04 08:03 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2008-10-16 12:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2004-08-04 08:03 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2008-10-16 12:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2004-08-04 08:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2009-05-05 16:59 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2009-05-05 16:59 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-08-04 08:03 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2004-08-04 08:03 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2004-08-04 07:56 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:44 . 2004-08-04 08:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:44 . 2004-08-04 08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 11:39 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2004-08-04 07:58 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2006-03-02 09:00 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2004-08-04 08:03 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-24 21:47 . 2011-09-21 09:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-11-17 611144] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Sofie\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1-6-2011 11:26 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30-11-2010 20:55 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30-11-2010 20:55 20696] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23-6-2012 16:05 654408] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [27-11-2010 0:55 398176] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4-5-2009 1:16 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23-6-2012 16:05 22344] S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24-11-2011 21:33 136176] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24-11-2011 21:33 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24-4-2012 23:47 129976] . Inhoud van de 'Gedeelde Taken' map . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 19:33] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-24 19:33] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hp.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.133 195.130.131.133 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\TEMP.HP14944136973\Application Data\Mozilla\Firefox\Profiles\l49ee1mq.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe AddRemove-BittorrentBar_NL Toolbar - c:\progra~1\BITTOR~2\UNWISE.EXE AddRemove-IncrediMail_MediaBar_Nederlands_2 Toolbar - c:\program files\IncrediMail_MediaBar_Nederlands_2\uninstall.exe AddRemove-KetnetKick V1.06.13 - c:\progra~1\KETNET~1\UNWISE.EXE AddRemove-KetnetKick V1.80 - c:\progra~1\KETNET~1\UNWISE.EXE AddRemove-Need For Speed III - c:\program files\Electronic Arts\Need For Speed III\DeIsL1.isu . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 20:15 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2012-06-25 20:16:21 ComboFix-quarantined-files.txt 2012-06-25 18:16 . Pre-Run: 103.852.036.096 bytes beschikbaar Post-Run: 104.237.281.280 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 441715A08F81DEBD465F57C05D94C09B
-
bedankt voor de info. hieronder logs van Hijackthis en MBAM. probleem lijkt op eerste zicht opgelost, wel nog wat problemen met het laden van profiel tijdens opstarten... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:45:38, on 23-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft\BingBar\BBSvc.EXE C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP - United States | Laptop Computers, Desktops , Printers, Servers and more R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=74&bd=smb&pf=desktop O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241536194531 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- End of file - 8831 bytes 2012/06/23 16:05:54 +0200 HP14944136973 Sofie MESSAGE Starting protection 2012/06/23 16:05:59 +0200 HP14944136973 Sofie MESSAGE Protection started successfully 2012/06/23 16:06:02 +0200 HP14944136973 Sofie MESSAGE Starting IP protection 2012/06/23 16:06:03 +0200 HP14944136973 Sofie MESSAGE IP Protection started successfully 2012/06/23 16:06:16 +0200 HP14944136973 Sofie MESSAGE Executing scheduled update: Daily 2012/06/23 16:06:16 +0200 HP14944136973 Sofie MESSAGE Database already up-to-date 2012/06/23 16:21:52 +0200 HP14944136973 Sofie IP-BLOCK 94.125.182.255 (Type: incoming) 2012/06/23 16:42:02 +0200 HP14944136973 Sofie MESSAGE Starting protection 2012/06/23 16:42:10 +0200 HP14944136973 Sofie MESSAGE Protection started successfully 2012/06/23 16:42:13 +0200 HP14944136973 Sofie MESSAGE Starting IP protection 2012/06/23 16:42:15 +0200 HP14944136973 Sofie MESSAGE IP Protection started successfully
-
Hallo, Ik zit hier aan computer waar het Ukash 'politie' virus is op terecht gekomen. ik heb al een aantal van de topics hier doorlopen, maar geen ervan leek een oplossing te bieden (de opgelijste items kwamen niet voor bij mijn hijackthis scan) Ik heb nu pc in veilige modus kunnen opstarten en Hijackthis uitgevoerd. Hieronder is de log te vinden. Ziet iemand de boosdoeners? Alvast hartelijk bedankt!
