mammieke

internet explorer is niet de standaardbrowser ??? ik krijg telkens deze melding?

mercikes voor de hulp

ComboFix 12-05-05.06 - Karin 05/05/2012 23:32:57.6.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1790.1262 [GMT 2:00] Gestart vanuit: c:\documents and settings\Karin\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))) . . 2012-05-05 21:30 . 2012-05-05 21:30 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DEB4F5D-92CC-4603-B964-14CCBB611A95}\offreg.dll 2012-05-05 21:30 . 2012-05-05 21:30 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DEB4F5D-92CC-4603-B964-14CCBB611A95}\MpKsl5ea28305.sys 2012-05-05 15:42 . 2012-04-12 22:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DEB4F5D-92CC-4603-B964-14CCBB611A95}\mpengine.dll 2012-05-03 18:26 . 2012-04-12 22:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-03 18:24 . 2012-05-03 18:25 -------- d-----w- c:\program files\Microsoft Security Client 2012-05-02 06:57 . 2012-05-02 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\242DE 2012-04-30 14:39 . 2012-05-04 07:16 -------- d--h--r- c:\documents and settings\Karin\Onlangs geopend 2012-04-21 17:02 . 2012-05-03 18:24 -------- d-----w- c:\program files\PokerStars.BE . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-20 18:44 . 2012-03-20 18:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-01 11:00 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-02-15 09:01 . 2012-03-31 13:22 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 09:01 . 2012-03-31 13:22 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 16:22 . 2012-02-10 16:22 388096 ----a-r- c:\documents and settings\Karin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Karin\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Karin\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Karin\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Karin\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-10 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888] "VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Gast\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Karin\Menu Start\Programma's\Opstarten\ Dropbox.lnk - c:\documents and settings\Karin\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 16:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] 2006-01-04 09:29 2809856 -c--a-w- c:\windows\ALCWZRD.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2005-08-12 13:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2006-10-13 15:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-01-11 15:23 15961088 -c--a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-01-04 09:27 86016 -c--a-w- c:\windows\SOUNDMAN.EXE . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Karin\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 4:32 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 7:54 297168] R1 MpKsl5ea28305;MpKsl5ea28305;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DEB4F5D-92CC-4603-B964-14CCBB611A95}\MpKsl5ea28305.sys [5/05/2012 23:30 29904] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 3:18 360224] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 17:17 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 27216] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 248656] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 17:39 7398752] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8/02/2011 5:33 269520] S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2/04/2009 19:27 171264] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL5EA28305 . Inhoud van de 'Gedeelde Taken' map . 2012-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03] . 2012-04-19 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-05-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-05-05 c:\windows\Tasks\User_Feed_Synchronization-{23E845C7-A2A1-4B90-A36E-8D5364319110}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.searchcanvas.com/?ot=6 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) AddRemove-PokerStars.be - c:\program files\PokerStars.BE\PokerStarsUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-05 23:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(544) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-05-05 23:40:44 ComboFix-quarantined-files.txt 2012-05-05 21:40 ComboFix2.txt 2012-02-10 20:27 . Pre-Run: 13.867.356.160 bytes beschikbaar Post-Run: 13.895.417.856 bytes beschikbaar . - - End Of File - - 934A000758C257506DD6E1DE7A19776C

ik heb er vandaag zelf nog twee ontvangen ,maar zal mijn wachtwoord zelf nog eens verandern.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:52:37, on 4/05/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Karin\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = SearchCanvas | Search the web R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Karin\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.smartphoto.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12215 bytes

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/05/2012 10:52:06 mbam-log-2012-05-04 (10-52-06).txt Scantype: Volledige scan (C:\|D:\|E:\|) Objecten gescand: 219036 Verstreken tijd: 1 uur/uren, 12 minuut/minuten, 46 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:33:49, on 3/05/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\Karin\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\All Users\Application Data\Mobistar Internet Everywhere\OnlineUpdate\ouc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = SearchCanvas | Search the web R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Karin\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: PokerStars.be - {878AC5FC-BE78-4bae-896C-7F75B790A71E} - C:\Program Files\PokerStars.BE\PokerStarsUpdate.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.smartphoto.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mobistar Internet Everywhere. OUC (Mobistar Internet Everywhere. RunOuc) - Unknown owner - C:\Program Files\Mobistar Internet Everywhere\UpdateDog\ouc.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 13353 bytes

ik krijg wel 30 mails per dag zoals de onderstaande; Geachte heer of mevrouw, Betreft: Uw vraag aan de afdeling Studietoelagen via **************** Het e-mailadres ************** is niet meer in gebruik. U kunt terecht met uw vragen op Contact school- of studietoelage . U kunt op die website ook uw dossier vervolledigen door de ontbrekende informatie als bijlagen te versturen. Met vriendelijke groeten, Afdeling Studietoelagen -----Origineel Bericht----- Van: ****************** Verzonden: Wed May 02 21:02:49 CEST 2012 Aan: ****************** Onderwerp: Apple ipad 16G GO Dear Madam/Sir, China Wholesale: Buy Wholesale Products from China is the world's largest shopping sites. You can buy jewelries,shoes, bags, clothing and other fashion products. We do retail, wholesale and dropship service. Any assistance on prices or other problems please be free to us ! Website: http://www.nimishop.net#512.com/img/151_qtr.jpg Best regards Dit email adres is een uit mijn adresboek en zo zou iedereen ook ontvangen. Hoe kan ik dit stoppen? mammieke

ik heb nieuw emailadres aangemaakt,nu afwachten of dit lukt.

We sturen een e-mail naar po*****@hotmail.com ????? ---------- Post toegevoegd om 10:52 ---------- Vorige post was om 10:45 ---------- ik heb dus een nieuw emailadres aangemaakt ,maar ik kan dit zelf niet invullen,ik kom op pagina uit waar dat te lezen staat; We sturen een e-mail naar po*****@hotmail.com

ik kom uit op een pagina,Hoe wil je de code ontvangen? en dan een email waar ik die code kan op ontvangen,maar ik geraak kan ook dat emailadres niet open krijgen.

hey, ik zit met een probleem,was op verlof,daar op messenger willen gaan en blijkbaar mijn wachtwoord niet meer juist ingegeven.Thuis word dit automatisch ingegeven daardoor dat ik dit niet meer juist wist. Na mss 10 keer geprobeerd heb de melding dat het geblokkeerd is,geheime vraag kan ik niet meer op antwoorden en email adres naarwaar ze de code zouden sturen krijg ik ook niet meer open. Weet iemand raad?

ik heb een iPad 2 met 16GB

tja,ik heb me dit ding aangeschaft en dacht dit eens vlug te gebruiken. pfft ,niks minder waar. Blijkbaar moet je een hele procedure overlopen om te kunnen starten. Ik heb al een online handleiding geraadpleegd maar snap er niks van. Kan er mij iemand zo wat stap voor stap uitleggen wat ik juist moet doen? hij is nu aan het opladen.....

mercikes

Mijn kaspersky antivirus verloopt binnen paar dagen. Ik ga er geen meer kopen maar een gratis downloaden alleen heb ik geen idee welk ik op het moment kan downloaden. wie kent er iets meer van,liefst geen ingewikkeld he daar ik maar computerleek ben:-)

ik denk dat ik alles juist heb gedaan maar probleem is blijkbaar niet weg ,ik krijg ook veel de melding van "de meest recente browersessie is onverwacht gesloten,de recente sessie herstellen of naar startpagina gaan"

ik dacht dat het beter was ,maar vandaag doet hij toch nog moeilijk,ik moet pc dikwijls herstarten en pc is heeeel traag. ---------- Post toegevoegd om 17:10 ---------- Vorige post was om 17:07 ---------- aha ik heb het laatste bericht nog niet gelezen en ook nog niet uitgevoerd,zal er eens aan beginnen.

hey, ik dacht gisteren dat alle problemen van de baan waren,niet dus,pc opent heel traag en durft terug blijven hangen. mammieke

nee,pc gaat terug veel vlotter.mercikes

ComboFix 12-02-10.03 - Karin 10/02/2012 21:18:29.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1790.1238 [GMT 1:00] Gestart vanuit: c:\documents and settings\Karin\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Karin\Application Data\PriceGong c:\documents and settings\Karin\Application Data\PriceGong\Data\1.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\a.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\b.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\c.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\d.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\e.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\f.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\g.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\h.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\i.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\J.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\k.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\l.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\m.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\n.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\o.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\p.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\q.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\r.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\s.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\t.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\u.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\v.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\w.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\x.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\y.xml c:\documents and settings\Karin\Application Data\PriceGong\Data\z.xml c:\documents and settings\Karin\WINDOWS c:\windows\system32\MSMAsk32.ocx c:\windows\system32\SET4F.tmp c:\windows\system32\SET51.tmp c:\windows\system32\SET5D.tmp c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))) . . 2012-02-10 16:50 . 2012-02-10 16:50 -------- d-----w- c:\program files\Speccy 2012-02-10 16:22 . 2012-02-10 16:22 388096 ----a-r- c:\documents and settings\Karin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2004-08-04 12:00 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:22 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:22 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-10 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888] "VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-05-07 344736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Gast\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Karin\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 16:43 69632 -c--a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] 2006-01-04 09:29 2809856 -c--a-w- c:\windows\ALCWZRD.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2005-08-12 13:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2006-10-13 15:01 277296 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-01-11 15:23 15961088 -c--a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2006-01-04 09:27 86016 -c--a-w- c:\windows\SOUNDMAN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 7:13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19/01/2011 3:32 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/02/2011 6:54 297168] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 2:18 360224] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30/03/2011 16:17 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 6:53 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 6:53 27216] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [27/07/2011 16:06 72576] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/11/2009 19:27 19472] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 5:41 248656] S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [6/05/2010 23:19 132184] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 16:39 7398752] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8/02/2011 4:33 269520] S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?] S2 Mobistar Internet Everywhere. RunOuc;Mobistar Internet Everywhere. OUC;c:\program files\Mobistar Internet Everywhere\UpdateDog\ouc.exe [27/07/2011 16:03 218624] S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2/04/2009 18:27 171264] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [27/07/2011 16:06 85248] . Inhoud van de 'Gedeelde Taken' map . 2012-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-02-09 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-02-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-02-10 c:\windows\Tasks\User_Feed_Synchronization-{23E845C7-A2A1-4B90-A36E-8D5364319110}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.searchcanvas.com/?ot=6 uInternet Connection Wizard,ShellNext = iexplore IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Free YouTube to MP3 Converter - c:\documents and settings\Karin\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Invul Formulieren - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 195.130.130.132 195.130.131.132 DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Toolbar-!{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) Toolbar-!{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-02-10 21:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-02-10 21:27:49 ComboFix-quarantined-files.txt 2012-02-10 20:27 . Pre-Run: 18.405.474.304 bytes beschikbaar Post-Run: 18.890.539.008 bytes beschikbaar . - - End Of File - - EA908A32C7C7DBBF6EA46ECA2D197BF3

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:36:17, on 10/02/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\All Users\Application Data\Mobistar Internet Everywhere\OnlineUpdate\ouc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = SearchCanvas | Search the web R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O3 - Toolbar: (no name) - !{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Karin\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.smartphoto.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mobistar Internet Everywhere. OUC (Mobistar Internet Everywhere. RunOuc) - Unknown owner - C:\Program Files\Mobistar Internet Everywhere\UpdateDog\ouc.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11969 bytes

En waar dient dat speccy logje? ---------- Post toegevoegd om 17:53 ---------- Vorige post was om 17:47 ---------- http://speccy.piriform.com/results/8pFpbESm6Mw6FAkYALN6Q5k

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:29:12, on 10/02/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Documents and Settings\All Users\Application Data\Mobistar Internet Everywhere\OnlineUpdate\ouc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = SearchCanvas | Search the web R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing) O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O3 - Toolbar: (no name) - !{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file) O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Karin\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Invul Formulieren - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: &Virtueel Toetsenbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: C&ontrole van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110915070742 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.smartphoto.be/ExtraFilmUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mobistar Internet Everywhere. OUC (Mobistar Internet Everywhere. RunOuc) - Unknown owner - C:\Program Files\Mobistar Internet Everywhere\UpdateDog\ouc.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 13250 bytes

mijn pc blijft weer constant vasthangen,het minste dat ik wil opstarten ondervind ik problemen. Zelfs afsluiten dan is moeilijk,kan iemand me nog eens helpen aub? karine