Jerrroen88
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Jerrroen88
-
-
ComboFix 12-10-04.02 - Jeroen De Roeck 08-10-2012 1:24.2.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3326.2289 [GMT 2:00]
Gestart vanuit: c:\users\Jeroen De Roeck\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jeroen De Roeck\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-07 to 2012-10-07 ))))))))))))))))))))))))))))))
.
.
2012-10-07 23:33 . 2012-10-07 23:33 -------- d-----w- c:\users\Joris De Roeck\AppData\Local\temp
2012-10-07 23:33 . 2012-10-07 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 23:33 . 2012-10-07 23:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-06 11:53 . 2012-10-06 11:53 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-06 11:41 . 2012-10-06 11:41 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\737a99961cda3b72c\InstallManager_WLE_WLE.exe
2012-10-06 11:40 . 2012-10-06 11:40 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\66aa43f61cda3b720\MeshBetaRemover.exe
2012-10-06 11:40 . 2012-10-06 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\DSETUP.dll
2012-10-06 11:40 . 2012-10-06 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\DXSETUP.exe
2012-10-06 11:40 . 2012-10-06 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\dsetup32.dll
2012-10-06 11:40 . 2012-10-06 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\DSETUP.dll
2012-10-06 11:40 . 2012-10-06 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\DXSETUP.exe
2012-10-06 11:40 . 2012-10-06 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\dsetup32.dll
2012-10-06 11:39 . 2012-10-07 00:24 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Local\Windows Live
2012-10-06 11:37 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-05 10:09 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99DC5D29-CFB3-499A-9DEA-220CA0DCC6D3}\mpengine.dll
2012-10-04 22:53 . 2012-10-04 22:53 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Roaming\Malwarebytes
2012-10-04 22:51 . 2012-10-04 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 22:51 . 2012-10-04 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-04 22:51 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 14:43 . 2012-10-04 14:43 388096 ----a-r- c:\users\Jeroen De Roeck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-04 14:43 . 2012-10-04 14:43 -------- d-----w- c:\program files\Trend Micro
2012-10-04 14:17 . 2012-10-04 14:17 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Local\ElevatedDiagnostics
2012-10-04 13:47 . 2012-10-04 13:47 -------- d-----r- c:\users\Jeroen De Roeck\AppData\Roaming\Brother
2012-10-04 13:22 . 2012-10-04 13:22 -------- d-----w- c:\program files\Browny02
2012-10-04 13:22 . 2010-01-12 02:01 1534464 ----a-w- c:\windows\system32\BrWi209c.dll
2012-10-04 13:22 . 2009-08-18 10:36 55808 ----a-w- c:\windows\system32\BrUsi09c.dll
2012-10-04 13:22 . 2010-01-22 07:52 61440 ----a-w- c:\windows\system32\brprtink.dll
2012-10-04 13:22 . 2012-10-04 13:22 -------- d-----w- c:\program files\Brother
2012-10-04 13:22 . 2010-02-09 15:11 217088 ------w- c:\windows\system32\NSSearch.dll
2012-10-04 13:22 . 2010-01-22 13:34 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-10-04 13:22 . 2007-12-13 20:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-10-04 13:22 . 2007-12-13 20:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-10-04 13:22 . 2010-02-05 09:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Roaming\InstallShield
2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\programdata\Brother
2012-09-19 11:42 . 2012-09-19 11:42 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 10:00 . 2012-06-06 14:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 10:00 . 2011-07-31 21:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2008-12-10 13:50 . 2008-12-10 13:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-07 15:11 . 2009-10-07 15:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2012-05-18 09:27 . 2012-05-18 09:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-03 21:55 . 2010-07-03 21:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-08 1193176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-06 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2011-9-29 1773568]
StatBar.lnk - c:\program files\Globe Software\StatBar\StatBar.exe [2003-7-25 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:39]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:39]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateXML_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-07 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-11-29 16:34]
.
2012-10-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-07 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-11-29 16:38]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
FF - ProfilePath - c:\users\Jeroen De Roeck\AppData\Roaming\Mozilla\Firefox\Profiles\lixzu2pd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3212_5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-08 01:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
[0] 0x00169496
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-10-08 01:36:08
ComboFix-quarantined-files.txt 2012-10-07 23:36
ComboFix2.txt 2012-10-07 13:56
.
Pre-Run: 330.237.132.800 bytes beschikbaar
Post-Run: 330.208.555.008 bytes beschikbaar
.
- - End Of File - - 42848DBCCA70E94A04C2E030C8D2C52D
-
Het begint er goed uit te zien denk ik.
Hieronder de inhoud van het ComboFix log:
ComboFix 12-10-04.02 - Jeroen De Roeck 07-10-2012 15:44:36.1.4 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.3326.1831 [GMT 2:00]
Gestart vanuit: c:\users\Jeroen De Roeck\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pthreadGC2.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-07 to 2012-10-07 ))))))))))))))))))))))))))))))
.
.
2012-10-07 13:53 . 2012-10-07 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 11:53 . 2012-10-06 11:53 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-06 11:41 . 2012-10-06 11:41 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\737a99961cda3b72c\InstallManager_WLE_WLE.exe
2012-10-06 11:40 . 2012-10-06 11:40 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\66aa43f61cda3b720\MeshBetaRemover.exe
2012-10-06 11:40 . 2012-10-06 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\DSETUP.dll
2012-10-06 11:40 . 2012-10-06 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\DXSETUP.exe
2012-10-06 11:40 . 2012-10-06 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\5a0d0c461cda3b719\dsetup32.dll
2012-10-06 11:40 . 2012-10-06 11:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\DSETUP.dll
2012-10-06 11:40 . 2012-10-06 11:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\DXSETUP.exe
2012-10-06 11:40 . 2012-10-06 11:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\573757061cda3b717\dsetup32.dll
2012-10-06 11:39 . 2012-10-07 00:24 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Local\Windows Live
2012-10-06 11:37 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-10-05 10:09 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99DC5D29-CFB3-499A-9DEA-220CA0DCC6D3}\mpengine.dll
2012-10-04 22:53 . 2012-10-04 22:53 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Roaming\Malwarebytes
2012-10-04 22:51 . 2012-10-04 22:51 -------- d-----w- c:\programdata\Malwarebytes
2012-10-04 22:51 . 2012-10-04 22:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-04 22:51 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-04 14:43 . 2012-10-04 14:43 388096 ----a-r- c:\users\Jeroen De Roeck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-04 14:43 . 2012-10-04 14:43 -------- d-----w- c:\program files\Trend Micro
2012-10-04 14:17 . 2012-10-04 14:17 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Local\ElevatedDiagnostics
2012-10-04 13:47 . 2012-10-04 13:47 -------- d-----r- c:\users\Jeroen De Roeck\AppData\Roaming\Brother
2012-10-04 13:22 . 2012-10-04 13:22 -------- d-----w- c:\program files\Browny02
2012-10-04 13:22 . 2010-01-12 02:01 1534464 ----a-w- c:\windows\system32\BrWi209c.dll
2012-10-04 13:22 . 2009-08-18 10:36 55808 ----a-w- c:\windows\system32\BrUsi09c.dll
2012-10-04 13:22 . 2010-01-22 07:52 61440 ----a-w- c:\windows\system32\brprtink.dll
2012-10-04 13:22 . 2012-10-04 13:22 -------- d-----w- c:\program files\Brother
2012-10-04 13:22 . 2010-02-09 15:11 217088 ------w- c:\windows\system32\NSSearch.dll
2012-10-04 13:22 . 2010-01-22 13:34 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-10-04 13:22 . 2007-12-13 20:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-10-04 13:22 . 2007-12-13 20:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-10-04 13:22 . 2010-02-05 09:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Jeroen De Roeck\AppData\Roaming\InstallShield
2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\programdata\Brother
2012-09-19 11:42 . 2012-09-19 11:42 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 10:00 . 2012-06-06 14:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 10:00 . 2011-07-31 21:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2008-12-10 13:50 . 2008-12-10 13:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-07 15:11 . 2009-10-07 15:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2012-05-18 09:27 . 2012-05-18 09:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-03 21:55 . 2010-07-03 21:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-08 1193176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 4702208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-06 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2011-9-29 1773568]
StatBar.lnk - c:\program files\Globe Software\StatBar\StatBar.exe [2003-7-25 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:39]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 19:39]
.
2012-10-07 c:\windows\Tasks\ReclaimerUpdateFiles_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-05 c:\windows\Tasks\ReclaimerUpdateXML_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-07 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-11-29 16:34]
.
2012-10-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Jeroen De Roeck.job
- c:\users\Jeroen De Roeck\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-26 13:36]
.
2012-10-07 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-11-29 16:38]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 195.130.130.2 195.130.131.2
FF - ProfilePath - c:\users\Jeroen De Roeck\AppData\Roaming\Mozilla\Firefox\Profiles\lixzu2pd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=3212_5&babsrc=KW_ss&mntrId=fe12fc5f000000000000000cf6aa0469&q=
FF - user.js: extensions.BabylonToolbar_i.id - fe12fc5f000000000000000cf6aa0469
FF - user.js: extensions.BabylonToolbar_i.hardId - fe12fc5f000000000000000cf6aa0469
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15332
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3212_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - fe12fc5f000000000000000cf6aa0469
FF - user.js: extensions.BabylonToolbar.instlDay - 15558
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:54
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-07 15:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-10-07 15:56:14
ComboFix-quarantined-files.txt 2012-10-07 13:56
.
Pre-Run: 327.640.158.208 bytes beschikbaar
Post-Run: 327.623.655.424 bytes beschikbaar
.
- - End Of File - - 0ABAC84522BCECEE77697149B310844B
-
Die foutmelding is ondertussen al verdwenen, nu krijg ik enkel nog af en toe de melding dat het Windows-hostprocess (Rundll32) niet meer werkt. Hoe kan ik dit oplossen?
Alvast bedankt voor de eerste hulp!
-
Dat is allemaal gelukt, hierbij het laatste logje van HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:45, on 6-10-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sitecom\Common\RaUI.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe
O4 - Global Startup: StatBar.lnk = C:\Program Files\Globe Software\StatBar\StatBar.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate1ca1b84a41b61ae) (gupdate1ca1b84a41b61ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 12145 bytes
-
Ja, ik heb het bestand mslisn.cmd gevonden.
Naam: Load
Type: REG_SZ
Gegevens: C:\Users\Jeroen~1\LOCALS~1\Temp\mslisn.cmd
samen met de rundll32 foutmeldingen krijg ik hier ook telkens een foutmelding van bij het opstarten
-
Hier de uitslag van Malwarebytes:
Malwarebytes Anti-Malware 1.65.0.1400
Malwarebytes : Free anti-malware download
Databaseversie: v2012.10.04.11
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jeroen De Roeck :: PC_VAN_JORISDR [administrator]
5-10-2012 0:59:33
mbam-log-2012-10-05 (00-59-33).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 231993
Verstreken tijd: 8 minuut/minuten, 16 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111181125} (PUP.CrossRider.BCA) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111181125} (PUP.CrossRider.BCA) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\bho_project.bho_object (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\JEROEN~1\LOCALS~1\Temp\mslisn.cmd -> Zal worden verwijderd tijdens het herstarten.
Registerdata gedetecteerd: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Slecht: ("regedit.exe" "%1") Goed: (regedit.exe "%1") -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 2
C:\ProgramData\GBox\GBox.exe (Trojan.Dropper) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
En hier nog eens de uitslag van HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:24, on 5-10-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Sitecom\Common\RaUI.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\Users\JEROEN~1\LOCALS~1\Temp\mslisn.cmd
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe
O4 - Global Startup: StatBar.lnk = C:\Program Files\Globe Software\StatBar\StatBar.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate1ca1b84a41b61ae) (gupdate1ca1b84a41b61ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 12514 bytes
-
Ik heb al enkele berichten gelezen van mensen die hetzelfde meegemaakt hebben en heb bij deze HiJackThis geïnstalleerd en hier is het resultaat van de logfile. Alvast heel erg bedankt voor de hulp! Jeroen
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:05, on 4-10-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sitecom\Common\RaUI.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\JEROEN~1\LOCALS~1\Temp\mslisn.cmd
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_PROJECT - {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files\OApps\bho_project.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe
O4 - Global Startup: StatBar.lnk = C:\Program Files\Globe Software\StatBar\StatBar.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate1ca1b84a41b61ae) (gupdate1ca1b84a41b61ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 12635 bytes
-
Ik heb al enkele berichten gelezen van mensen die hetzelfde meegemaakt hebben en heb bij deze HiJackThis geïnstalleerd en hier is het resultaat van de logfile. Alvast heel erg bedankt voor de hulp! Jeroen
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:05, on 4-10-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sitecom\Common\RaUI.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\JEROEN~1\LOCALS~1\Temp\mslisn.cmd
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_PROJECT - {0931BD3F-547E-45C1-B133-D0E995645DBA} - C:\Program Files\OApps\bho_project.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NI Background Service] C:\Program Files\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jeroen De Roeck\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Common\RaUI.exe
O4 - Global Startup: StatBar.lnk = C:\Program Files\Globe Software\StatBar\StatBar.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\sprote~1\sprote~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate1ca1b84a41b61ae) (gupdate1ca1b84a41b61ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Sitecom\Common\RegistryWriter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
--
End of file - 12635 bytes
Windows hostproces rundll32 werkt niet meer
in Archief Bestrijding malware & virussen
Geplaatst:
Ik denk dat de problemen verholpen zijn. PC start goed op en tot nu toe geen enkele foutmelding meer gekregen.
Heel hard bedankt voor de hulp!