Ga naar inhoud

Fritsie123

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    2

  • Registratiedatum

  • Laatst bezocht

Over Fritsie123

  • Verjaardag 04-11-1990

Fritsie123's prestaties

Nieuweling

Nieuweling (1/14)

  • Eerste post
  • Gespreksstarter
  • Week één klaar
  • Een maand later
  • Een jaar binnen

Recente badges

0

Reputatie

  1. Fritsie123
    tnx, en hier de log files: HJT.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:13:08, on 5-9-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Google R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.78\AMVConverter\grab.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.78\MediaManager\grab.html O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?12b50ba26f00402bb60d0aa323b1c886 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?12b50ba26f00402bb60d0aa323b1c886 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10793 bytes nu mbam: Malwarebytes' Anti-Malware 1.26 Database versie: 1116 Windows 5.1.2600 Service Pack 2 5-9-2008 16:58:39 mbam-log-2008-09-05 (16-58-39).txt Scan type: Snelle Scan Objecten gescand: 52175 Verstreken tijd: 9 minute(s), 41 second(s) Geheugenprocessen geïnfecteerd: 13 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 47 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 5 Bestanden geïnfecteerd: 62 Geheugenprocessen geïnfecteerd: C:\WINDOWS\system32\AFinding.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\Nobicyt.exe (Trojan.Refpron) -> Unloaded process successfully. C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\roxtctm.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\sotpeca.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\WServing.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\noxtcyr.exe (Trojan.Agent) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afinding (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roxtctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roxtctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roxtctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sotpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sotpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sotpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wserving (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sobicyt (Trojan.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Routing (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\macidwe (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfs (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdxdowkc (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noxtcyr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noxtcyr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noxtcyr (Trojan.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2 (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache (Adware.2020search) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\system32\AFinding.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Nobicyt.exe (Trojan.Refpron) -> Quarantined and deleted successfully. C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\roxtctm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sotpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WServing.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sobicyt.exe (Trojan.Refpron) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\pbnlv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\Thumbs.db (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\pbnlv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\Thumbs.db (Adware.2020search) -> Quarantined and deleted successfully. C:\Program Files\dynamic toolbar\PBNLV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully. C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atsxyzd.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\noxtcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully. en als laatste cobofixlog" ComboFix 08-09-04.09 - j_Oyce 2008-09-05 17:02:24.1 - NTFSx86 Gestart vanuit: C:\Documents and Settings\j_Oyce\Local Settings\Application Data\Microsoft\Messenger\j-oyce@hotmail.com\Sharing Folders\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Install.txt C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\rtl60.bpl C:\WINDOWS\system32\tdxdowkc.exe C:\WINDOWS\system32\tmp0_302273556425.bk C:\WINDOWS\system32\tpszxyd.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_AFISICX -------\Legacy_MABIDWE -------\Legacy_MACIDWE -------\Legacy_NOXTCYR -------\Legacy_NOYTCYR -------\Legacy_PERFMONS -------\Legacy_PERFS -------\Legacy_ROUTING -------\Legacy_ROXTCTM -------\Legacy_ROYTCTM -------\Legacy_SOBICYT -------\Legacy_SOTPECA -------\Legacy_SOXPECA -------\Legacy_TDXDOWKC -------\Legacy_TDYDOWKC -------\Legacy_WSERVING -------\Legacy_WSLDOEKD (((((((((((((((((((( Bestanden Gemaakt van 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))) . 2008-09-05 16:45 . 2008-09-05 16:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 16:45 . 2008-09-05 16:45 <DIR> d-------- C:\Documents and Settings\j_Oyce\Application Data\Malwarebytes 2008-09-05 16:45 . 2008-09-05 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-05 16:45 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 16:45 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 13:22 . 2008-09-05 13:22 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 19:08 . 2008-08-29 19:08 82,808 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2008-08-27 19:29 . 2008-09-04 19:21 <DIR> dr-h----- C:\Documents and Settings\j_Oyce\Onlangs geopend 2008-08-27 19:25 . 2008-08-27 19:25 <DIR> d-------- C:\Documents and Settings\j_Oyce\Application Data\InstallShield 2008-08-27 19:01 . 2008-07-15 11:48 208,896 --a------ C:\WINDOWS\system32\ConTest.dll 2008-08-27 19:01 . 2008-05-29 10:37 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll 2008-08-14 16:11 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 15:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-05 15:10 --------- d-----w C:\Program Files\Hitman Pro 2008-09-02 16:19 --------- d-----w C:\Documents and Settings\j_Oyce\Application Data\Apple Computer 2008-08-27 17:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-27 16:42 --------- d-----w C:\Program Files\CCleaner 2008-08-25 19:04 --------- d-----w C:\Program Files\ESET 2008-07-24 09:43 --------- d-----w C:\Program Files\iTunes 2008-07-24 09:43 --------- d-----w C:\Program Files\iPod 2008-07-24 09:40 --------- d-----w C:\Program Files\QuickTime 2008-07-24 09:40 --------- d-----w C:\Program Files\Bonjour 2008-07-24 09:19 --------- d-----w C:\Program Files\Safari 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-07-09 18:21 --------- d-----w C:\Program Files\Picasa2 2008-06-13 15:52 164 ----a-w C:\install.dat 2008-06-13 15:31 4,011,208 ----a-w C:\Program Files\hitmanpro.exe 2008-06-09 15:27 6,104,632 ----a-w C:\Program Files\Picasa Foto's.exe 2007-03-21 20:57 17,194,607 ----a-w C:\Program Files\hemaalbumsoftwareadvancedsetup.exe 2007-02-23 20:00 374 ----a-w C:\Documents and Settings\j_Oyce\Application Data\internaldb6334.dat 2007-02-23 19:47 18,432 ----a-w C:\Documents and Settings\j_Oyce\Application Data\internaldb41.dat 2007-02-23 19:00 538 ----a-w C:\Documents and Settings\j_Oyce\Application Data\internaldb8467.dat 2006-12-06 10:18 359,112 ----a-w C:\Program Files\LimeWireWin.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 975360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 147456] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 596760] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-28 949376] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 1107848] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2004-09-25 173056] S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 17142] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-02 38528] . Inhoud van de 'Gedeelde Taken' map . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.nl/ R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.nl/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.78\AMVConverter\grab.html O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 -: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.78\MediaManager\grab.html O8 -: Openen in een nieuwe achtergrondtab - C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?12b50ba26f00402bb60d0aa323b1c886 O8 -: Openen in een nieuwe voorgrondtab - C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?12b50ba26f00402bb60d0aa323b1c886 O16 -: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab C:\WINDOWS\Downloaded Program Files\jordanapplet.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\JordanApplet.dll O16 -: {91F52A42-C10D-49A7-B941-882C657C604F} - hxxp://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll C:\WINDOWS\Downloaded Program Files\instwact.dll O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 17:10:35 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** "ImagePath"="\"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\000 [%\00«Ô‘|\00\00\00\00\00\00\00\00\00\00\00\003\00\00\00\00\00+\03pè\13\00pè\13\00\18î" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\ESET\nod32krn.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Voltooingstijd: 2008-09-05 17:17:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 15:16:52 Pre-Run: 50,441,711,616 bytes beschikbaar Post-Run: 50,733,789,184 bytes beschikbaar 190 --- E O F --- 2008-09-01 20:01:31 cést tout ;-)
  2. Fritsie123
    beste mensen, ben nieuw, mocht ik deze post verkeerd hebben geplaatst..mijn excuses hiervoor. Probleem is dat mijn laptop erg traag is, en sinds 2 dagen staat er opeens een nieuw useraccount op mijn inlogscherm (iuser_admin). Heb geen flauw idee hoe ik dit moet verwijderen. Weet ook niet hoe ik m'n laptop in de 'veilige modus'kan opstarten. f2 of f8 geeft geen keuze aan. Heb inmiddels een hjt file aangemaakt, ben zo vrij deze mee te posten. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:16, on 5-9-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\afinding.exe C:\WINDOWS\system32\afisicx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\mabidwe.exe C:\WINDOWS\system32\macidwe.exe C:\WINDOWS\system32\Nobicyt.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\noxtcyr.exe C:\WINDOWS\system32\noytcyr.exe C:\WINDOWS\system32\roxtctm.exe C:\WINDOWS\system32\roytctm.exe C:\WINDOWS\system32\sobicyt.exe C:\WINDOWS\system32\sotpeca.exe C:\WINDOWS\system32\soxpeca.exe C:\WINDOWS\system32\tdxdowkc.exe C:\WINDOWS\system32\tdydowkc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\WServing.exe C:\WINDOWS\system32\wsldoekd.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\APPS\SMP\SmpSys.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\Restore\rstrui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-F362B685FA7D} - (no file) O3 - Toolbar: (no name) - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.78\AMVConverter\grab.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.78\MediaManager\grab.html O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?12b50ba26f00402bb60d0aa323b1c886 O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?12b50ba26f00402bb60d0aa323b1c886 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.samsungcamera.com/3dvr/s3_63/s630_vr.asp?prol_uid=2699&cat_uid=11 O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe O23 - Service: afisicx Event propagation service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe O23 - Service: macidwe - Unknown owner - C:\WINDOWS\system32\macidwe.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: noxtcyr Settings storage service (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: routing Service (routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: roxtctm Corporation (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: sobicyt - Unknown owner - C:\WINDOWS\system32\sobicyt.exe O23 - Service: sotpeca Corporation (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe O23 - Service: tdxdowkc - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINDOWS\system32\WServing.exe O23 - Service: wsldoekd Co. Ltd. (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe -- End of file - 13753 bytes thats it, hoop dat er iemand wat mee kan... Groetjes, Joyce
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.