Ga naar inhoud

Bojangles

Lid
  • Items

    27
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door Bojangles

  1. Bedankt voor je hulp, Kape. ComboFix werd verwijderd, CCleaner (gebruik ik reeds lang) heeft alles nog eens schoongemaakt en het besmette herstelpunt werd verwijderd en ik heb een nieuw herstelpunt aangemaakt. Mijn pc is weer vrij van virussen. Jullie zijn super. Groeten, Bojangles
  2. Hallo Kape, 24 uur later en geen enkele melding van mijn virusscanner meer gekregen. Wat moet er nu nog gebeuren ?
  3. Hoi, Kape. Ik heb alles uitgevoerd zoals gevraagd. Ondertussen heb ik mijn virus-scanner weer ingeschakeld en heropgestart en nog geen enkele melding van auto-protect gekregen. Hout vasthouden ... Hier is mijn ComboFix-logje : ComboFix 12-07-20.02 - Dirk 20/07/2012 19:05:57.3.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1419 [GMT 2:00] Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe AV: Norton Internet Security Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security Online *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\@ c:\users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\L\00000004.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\L\00000008.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\00000004.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\00000008.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\000000cb.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\80000000.@ c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\80000032.@ . c:\windows\system32\services.exe . . . is geïnfecteerd!! . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))) . . 2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Laura\AppData\Local\temp 2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Joke\AppData\Local\temp 2012-07-20 17:15 . 2012-07-20 17:23 -------- d-----w- c:\users\Dirk\AppData\Local\temp 2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\itunes\AppData\Local\temp 2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-19 18:23 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-19 11:25 . 2012-07-19 11:25 -------- d-----w- c:\users\Laura\AppData\Roaming\redsn0w 2012-07-19 10:33 . 2012-07-19 10:33 -------- d-----w- c:\users\Laura\AppData\Local\libimobiledevice 2012-07-16 16:47 . 2012-07-16 16:54 -------- d-----w- c:\users\Joke\AppData\Roaming\xsecva 2012-07-15 18:35 . 2012-07-16 16:47 -------- d-----w- c:\users\Dirk\AppData\Roaming\xsecva 2012-07-12 16:56 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 16:49 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-11 20:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 20:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 20:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 20:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 20:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 20:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-01 08:36 . 2012-07-01 08:36 -------- d-----w- c:\program files\iPod 2012-06-29 19:41 . 2012-07-11 19:20 -------- d-----w- c:\users\Dirk\Cd's Defect 2012-06-29 19:41 . 2012-06-29 19:41 -------- d-----w- C:\Nieuwe map 2012-06-23 10:05 . 2012-06-23 10:05 -------- d-----w- c:\users\Dirk\AppData\Roaming\Epson 2012-06-23 10:05 . 2012-06-23 10:05 -------- d-----w- c:\users\Dirk\AppData\Local\ArcSoft 2012-06-23 10:05 . 2012-06-23 18:22 -------- d-----w- c:\users\Dirk\AppData\Roaming\ArcSoft 2012-06-22 19:45 . 2012-06-22 19:45 -------- d-----w- c:\windows\nl 2012-06-22 19:44 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2012-06-22 19:41 . 2012-06-22 19:41 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-22 19:38 . 2012-06-22 19:38 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\DXSETUP.exe 2012-06-22 19:38 . 2012-06-22 19:38 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\DSETUP.dll 2012-06-22 19:38 . 2012-06-22 19:38 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\dsetup32.dll 2012-06-22 19:21 . 2012-06-22 19:21 -------- d-----w- c:\users\Laura\AppData\Local\ArcSoft 2012-06-22 19:21 . 2012-06-22 19:21 -------- d-----w- c:\users\Laura\AppData\Roaming\Epson 2012-06-22 19:20 . 2012-06-22 19:51 -------- d-----w- c:\users\Laura\AppData\Roaming\ArcSoft 2012-06-22 13:38 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 13:38 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 13:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 13:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 13:38 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-22 13:38 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 13:38 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 13:38 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 13:38 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 12:39 . 2012-06-22 12:56 -------- d-----w- c:\users\Joke\AppData\Roaming\Epson 2012-06-22 12:27 . 2012-06-22 12:29 -------- d-----w- c:\program files\Epson Software 2012-06-22 12:26 . 2012-06-22 12:26 -------- d-----w- c:\users\Joke\AppData\Local\ABBYY 2012-06-22 12:22 . 2012-06-22 12:27 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint 2012-06-22 12:22 . 2012-06-22 12:22 -------- d-----w- c:\programdata\ABBYY 2012-06-22 12:22 . 2012-06-22 12:22 -------- d-----w- c:\program files\Common Files\ABBYY 2012-06-22 12:18 . 2012-06-22 12:18 -------- d-----w- c:\users\Joke\AppData\Local\ArcSoft 2012-06-22 12:16 . 2012-06-22 12:41 -------- d--h--w- c:\programdata\ArcSoft 2012-06-22 12:15 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2012-06-22 12:15 . 2012-06-22 12:15 -------- d-----w- c:\program files\Common Files\ArcSoft 2012-06-22 12:15 . 2012-06-22 12:20 -------- d-----w- c:\program files\ArcSoft 2012-06-22 12:15 . 2012-06-22 13:50 -------- d-----w- c:\users\Joke\AppData\Roaming\ArcSoft 2012-06-22 12:13 . 2012-06-22 12:13 -------- d-----w- c:\users\Joke\AppData\Roaming\InstallShield 2012-06-22 12:13 . 2010-01-19 10:31 123904 ----a-w- c:\windows\system32\esw2_ad.dll 2012-06-22 12:13 . 2009-12-20 22:00 65793 ----a-w- c:\windows\system32\esfwad.bin 2012-06-22 12:13 . 2009-12-06 22:00 204800 ----a-w- c:\windows\system32\esintad.dll 2012-06-22 12:13 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe 2012-06-22 12:13 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll 2012-06-22 12:12 . 2012-06-22 12:29 -------- d-----w- c:\program files\epson . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 19:26 . 2012-05-24 06:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-11 19:26 . 2011-06-02 06:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-01 14:03 . 2012-06-13 15:20 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-05-01 10:05 . 2012-05-01 09:45 65536 ----a-w- c:\windows\system32\afasrv32.exe 2012-04-23 16:00 . 2012-06-13 15:20 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-04-23 16:00 . 2012-06-13 15:20 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-23 16:00 . 2012-06-13 15:20 98304 ----a-w- c:\windows\system32\cryptnet.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\services.exe [-] 2009-04-11 . 8737764F4FD36D6808EE80578409C843 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe [7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [7] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048] "RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2012-04-10 161336] "USBestCR"="c:\program files\Sitecom MD-020 SIM Editor\iconcs540543.exe" [2012-05-01 7041024] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000] "EnableNotificationsRef"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 19:26] . 2012-07-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 10:01] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2012-07-20 c:\windows\Tasks\Norton Security Scan for Dirk.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-20 19:23 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*] "datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65, b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\ "rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\windows\system32\IoctlSvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\DllHost.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2012-07-20 19:27:24 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-20 17:27 . Pre-Run: 63.596.277.760 bytes beschikbaar Post-Run: 64.233.881.600 bytes beschikbaar . - - End Of File - - 76421D00761CCE796A4830085B67F5D8
  4. Ja, had ik gedaan en voor de zekerheid zonet nog eens heropgestart, maar de meldingen blijven komen. Ditmaal zegt auto-protect dat er risico's geblokkeerd werden (maar niet welke) en een andere keer krijg ik de melding dat auto-protect de 'verwijderde risico's' (trojan.gen) geblokkeerd heeft. En vervolgens de melding "uw computer is veilig". Maar de meldingen blijven wel komen ...
  5. Bedankt, Kape. MBAM vond inderdaad een 6-tal infecties en heeft ze verwijderd. De meldingen van Norton Auto-Protect blijven echter komen ... Dit is het MBAM-logje : Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.07.19.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dirk :: PCDIRK [administrator] 19/07/2012 20:25:23 mbam-log-2012-07-19 (20-25-23).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 258932 Verstreken tijd: 11 minuut/minuten, 12 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Data: ɦMŸBˆÍÏåÿ -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n. -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Zal worden verwijderd tijdens het herstarten. C:\Windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n (Trojan.Agent.BVXGen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) ------------------- En dit is het nieuwe HiJackThis-logje : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:46:22, on 19/07/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Dirk\Desktop\HijackThis.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe RunFromReg O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 12109 bytes
  6. Bedankt voor de snelle reactie, Jion. Hier is mijn HijackThis-logje : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:23:46, on 18/07/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Dirk\Desktop\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe RunFromReg O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [XSECVA] C:\Users\Dirk\AppData\Roaming\xsecva\xsecva.exe -s O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11975 bytes
  7. Hallo, Sedert enkele dagen krijg ik waarschuwingen van mijn Norton Internet Security anti-virussoftware dat Auto-Protect beveiligingsrisico's geblokkeerd heeft. Het gaat om Trojan.Gen, Trojan.Gen.2 en Trojan.ZeroAccess.B Wil dit nu zeggen dat mijn computer besmet is met virussen ? Zo ja, wat kan ik doen om deze bedreigingen te verwijderen van mijn pc ? Groeten, B.
  8. OK, heb gedaan wat je vroeg. Combofix gaf wel een melding over de datum die overschreden was en in verminderde prestatiemodus zou draaien. Hier is de logfile : ComboFix 11-12-27.01 - Dirk 02/01/2012 14:52:16.2.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1639 [GMT 1:00] Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Dirk\Desktop\CFScript.txt AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . - VERMINDERDE FUNCTIONALITEIT MODUS - . FILE :: "c:\users\Dirk\AppData\Local\Temp\ldiskl.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dirk\.swt c:\users\Dirk\.swt\lib\win32\x86\swt-gdip-win32-3802.dll c:\users\Dirk\.swt\lib\win32\x86\swt-win32-3802.dll c:\users\Dirk\AppData\Local\Temp\~efe476\~de1a55.tmp c:\users\Dirk\AppData\Local\Temp\~efe476\~df394b.tmp c:\users\Dirk\AppData\Local\Temp\~eff21c\~ded171.tmp c:\users\Dirk\AppData\Local\Temp\~eff21c\~df394b.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))) . . 2011-12-31 11:07 . 2011-12-31 11:07 -------- d-----w- c:\users\Dirk\AppData\Roaming\Malwarebytes 2011-12-31 11:06 . 2011-12-31 11:06 -------- d-----w- c:\programdata\Malwarebytes 2011-12-31 11:06 . 2012-01-01 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-27 22:12 . 2011-12-27 22:12 -------- d-----w- c:\program files\Trend Micro 2011-12-24 13:27 . 2011-12-24 13:27 -------- d-----w- c:\program files\iPod 2011-12-24 13:24 . 2011-12-24 13:24 -------- d-----w- c:\program files\Bonjour 2011-12-15 11:28 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-15 11:28 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-15 11:28 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 11:28 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 11:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-15 11:28 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 11:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-27 20:36 . 2011-06-02 06:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048] "RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9892bbfcd4fb8;Google Update Service (gupdate1c9892bbfcd4fb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104] R3 EraserUtilDrv11110;EraserUtilDrv11110;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104] R3 ldiskl;ldiskl;c:\users\Dirk\AppData\Local\Temp\ldiskl.sys [x] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-26 721904] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [2011-11-14 819320] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSvix86.sys [2011-08-18 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-12-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 15:06] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2011-12-30 c:\windows\Tasks\Norton Security Scan for Dirk.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.2.1 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-02 14:54 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*] "datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65, b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\ "rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7 . Voltooingstijd: 2012-01-02 14:57:25 ComboFix-quarantined-files.txt 2012-01-02 13:57 . Pre-Run: 63.761.313.792 bytes beschikbaar Post-Run: 63.741.829.120 bytes beschikbaar . - - End Of File - - 06DF0E03C0B4506F02627A5735684EE7
  9. Sleep CFScript.txt in ComboFix.exe Dat begrijp ik niet. Moet ik het txt-icoontje gewoon bovenop het combofix.exe icoontje slepen, waarna combofix zichzelf opstart ?
  10. Ik heb het gevonden. Beide dll-files worden als proces geblokkeerd door Azureus (Vuze). Blijkbaar is Azureus de boosdoener die deze map en bestanden vanzelf aanmaakt bij gebruik van het programma. Eventjes gespiekt op de laptop van mijn zoon (die ook Vuze gebruikt) en jawel, ook bij hem staat deze map en de bijhorende dll-files. In ieder geval is mijn pc eens gekuist van alle malware. Toch bedankt voor jullie hulp. Deze topic mag afgesloten worden. Groeten, Bojangles
  11. Hier is het logbestandje van combofix : ComboFix 11-12-27.01 - Dirk 31/12/2011 15:43:51.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.2028 [GMT 1:00] Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\AutocompletePro c:\program files\AutocompletePro\AcRemoteUpdate.exe c:\program files\AutocompletePro\InstTracker.exe c:\program files\AutocompletePro\support@predictad.com\chrome.manifest c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js c:\program files\AutocompletePro\support@predictad.com\install.rdf c:\program files\AutocompletePro\TaskScheduler.dll c:\program files\AutocompletePro\unins000.dat c:\program files\AutocompletePro\unins000.exe c:\users\Dirk\AppData\Roaming\AD ON Multimedia c:\users\Dirk\AppData\Roaming\Local c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx c:\users\Dirk\Documents\~WRL0002.tmp c:\users\Dirk\Documents\~WRL2605.tmp c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))) . . 2011-12-31 14:56 . 2011-12-31 15:00 -------- d-----w- c:\users\Dirk\AppData\Local\temp 2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Laura\AppData\Local\temp 2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Joke\AppData\Local\temp 2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-31 12:04 . 2011-12-31 12:04 -------- d-----w- c:\users\Dirk\.swt 2011-12-31 11:07 . 2011-12-31 11:07 -------- d-----w- c:\users\Dirk\AppData\Roaming\Malwarebytes 2011-12-31 11:06 . 2011-12-31 11:06 -------- d-----w- c:\programdata\Malwarebytes 2011-12-31 11:06 . 2011-12-31 11:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-31 11:06 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-27 22:12 . 2011-12-27 22:12 388096 ----a-r- c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-27 22:12 . 2011-12-27 22:12 -------- d-----w- c:\program files\Trend Micro 2011-12-24 13:27 . 2011-12-24 13:27 -------- d-----w- c:\program files\iPod 2011-12-24 13:24 . 2011-12-24 13:24 -------- d-----w- c:\program files\Bonjour 2011-12-15 11:28 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-12-15 11:28 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-12-15 11:28 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-12-15 11:28 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-12-15 11:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-12-15 11:28 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 11:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-27 20:36 . 2011-06-02 06:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 04:06 . 2010-05-18 17:01 472808 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048] "RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336] "LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c9892bbfcd4fb8;Google Update Service (gupdate1c9892bbfcd4fb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104] R3 EraserUtilDrv11110;EraserUtilDrv11110;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104] R3 ldiskl;ldiskl;c:\users\Dirk\AppData\Local\Temp\ldiskl.sys [x] R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-26 721904] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [2011-11-14 819320] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSvix86.sys [2011-08-18 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-12-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 15:06] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job - c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31] . 2011-12-30 c:\windows\Tasks\Norton Security Scan for Dirk.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.2.1 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file) HKCU-Run-fsm - (no file) MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0413.EXE AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-31 15:59 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) . [HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*] "datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65, b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\ "rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7 . Voltooingstijd: 2011-12-31 16:02:32 ComboFix-quarantined-files.txt 2011-12-31 15:02 . Pre-Run: 55.362.121.728 bytes beschikbaar Post-Run: 63.669.473.280 bytes beschikbaar . - - End Of File - - E4CFB8DA139D3F1844CB1BAA59A309BF P.S. de map .swt met inhoud stond er weer (voor ik combofix uitvoerde). Blijkbaar komt ze er vanzelf van zodra ik op het internet ga. P.S.2 ik zou echt niet weten waar ik die widgets vandaan gehaald heb. Heb zelfs even moeten googelen wat widgets precies zijn. Blijkbaar zijn het kleine programmaatjes zoals kalenders met een eigen functie.
  12. OK, bedankt. Heb alles uitgevoerd zoals gevraagd. Hier zijn de logfiles : 1. Logfile Malwarebytes : Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2011.12.31.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dirk :: PCDIRK [administrator] 31/12/2011 12:10:16 mbam-log-2011-12-31 (12-10-16).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 222048 Verstreken tijd: 13 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\MySearch (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 33 C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\MySearch (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 104 C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) 2. Logfile HijackThis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:57:57, on 31/12/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9873 bytes P.S. Ik heb de swt-map en inhoud verwijderd. Ik heb dit vroeger nog gedaan, maar ze komt telkens terug.
  13. Eclipse staat niet tussen mijn geïnstalleerde programma's. Hier is de logfile van HijackThis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:13:27, on 27/12/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Azureus\Azureus.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file) R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) R3 - URLSearchHook: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10810 bytes P.S. Ik gebruik Norton Internet Security Online als virusbeveiliging.
  14. Sedert enige tijd heb ik een .swt-map op mijn pc op de locatie C:\Users\ikke\.swt\lib\win32\x86. Daarin zitten 2 dll-files : swt-gdip-win32-3802.dll en swt-win32-3802.dll. Als ik alles verwijder (mappen en dll-files) dan komt alles terug na enige tijd. Vind ik zeer vervelend, vermits dit mapje op een locatie staat waarin ik als user alle ander mappen heb gezet waarin ik allerlei topics bewaar. Hoe komt deze map daar en hoe geraak ik daar van af ?
  15. Ik heb de instellingen (eindelijk) kunnen wijzigen, maar het lukt me nog steeds niet om verbinding te maken mijn router. Ik zie mijn verbinding te staan, maar krijg telkens de melding "er kan geen verbinding worden gemaakt met ... "
  16. Om die wijzigingen aan te brengen moet ik administrator rechten hebben, en die heb ik momenteel niet. ('t is een nieuwe laptop van mijn werkgever). Ik zal die moeten aanvragen. Dat wordt wachten tot na nieuwjaar. Tommetoch ...
  17. Ik heb Windows 7 op de nieuwe laptop. Ik heb de beveiliging eens op WEP gezet (met een paswoord) i.p.v. WAP en ik kreeg nu wel verbinding met de router, maar met status "geen internettoegang". Even ge-googeld en gevonden dat het iets met de DNS zou kunnen te maken hebben. Ben er niet wijzer uit geworden.
  18. Neen, lukt mij ook niet. "Enable Mac Filtering" stond trouwens op NO. Is het mogelijk dat mijn nieuwe laptop geen WPA ondersteunt ? Hoe kan ik dit weten ?
  19. Ik probeer met mijn nieuwe laptop verbinding te maken met mijn router, maar als ik klik op "verbinding maken" dan krijg ik telkens ik het paswoord ingeef van mijn netwerk-beveiliging de melding "er kan geen verbinding worden gemaakt ...". Het paswoord is nochtans correct. Op de laptop van mijn zoon lukt het wel om verbinding te maken. Beide laptops zijn Dell-laptops en hebben allebei Windows 7 als operating system. Mijn router (U.S. Robotics Wireless 54Mbps ADSL router) is ingesteld met WPA security. Als ik de instelling van mijn routere op "No WEP, no WPA" zet dan kan ik op mijn laptop wel verbinding maken met mijn router en op het internet gaan, maar dan heb ik een onbeveiligd netwerk en dat is niet wat ik wil. Wie weet raad ?
  20. Heb zonet eens de beide DVD's op mijn pc afgespeeld en de onderbreking doet zich niet voor. Dat wil zeggen dat de dvd toch in orde is, maar dat een gewone dvd-speler aangesloten op een tv er blijkbaar anders mee omgaat dan een dvd-speler in een pc. Toch bedankt voor de reactie.
  21. Bij het afspelen van een DVD9 die ik gebrand heb met Nero 8 ontdek ik dat er zich een kleine hapering voordoet ergens middenin de weergave. Beeld en geluid stokken een seconde. Met een andere gebrande DVD9 had ik dat ook al. Als ik de vob-file op mijn pc afspeel (met powerdvd) dan speelt ie dat stuk perfect af. Als ik de gebrande dvd met een andere dvd-speler afspeel merk ik ook een lichte hapering. Het probleem ligt dus bij de dvd. Met gewone dvd's (DVD5) heb ik dat nog nooit voorgehad. Iemand een idee hoe dit komt en of ik het kan probleem kan voorkomen. Ik gebruik DVD9's van EMTEC (DVD+R double layer 8.5 Gb).
  22. Heeft iemand ervaring met Net2Plug, het systeem om computers te verbinden via het elektriciteitsnet. Wat kost dat ongeveer ? Werkt dat goed en snel ? Kan je internet ook delen op die manier ? Zijn er bepaalde voorwaarden waar je rekening mee moet houden om dit systeem toe te passen ? Ik wil in 4 kamers in ons huis een pc (of laptop) aansluiten op het internet, zonder gebruik te maken van een draadloos internet-signaal. Ik dacht dat Net2Plug daarvoor geschikt zou zijn. Maar misschien bestaat er nog iets anders ?
  23. Er zijn er waarschijnlijk nog veel, maar het klein maar fijn Multiquence gebruik ik nu al jaren. Hier te downloaden : MULTIQUENCE Download
  24. Hallo, Ik kocht onlangs een DVD met regio-code 1 die ik niet kon afspelen op mijn gewone dvd-speler die aangesloten is op mijn TV. Met DVD-Shrink kon ik een backup-nemen en hem weer branden als regiocode vrij. Het afspelen van deze gebrande dvd lukte nu wel, maar op een bepaald punt slaat ie plots af. Diezelfde dvd speelt wel op mijn pc-dvd speler en slaat niet af. Ik dacht eerst dat het aan de schijf (een dvd-rw) lag, maar ook met een gewone dvd-r sloeg hij af op hetzelfde punt. Ik heb daarna de backup-bestanden die DVDShrink tijdelijk aanmaakt op de pc nog eens gebrand met Nero 8 en nu slaat de dvd niet meer af als ik hem afspeel op mijn gewone dvd-speler. Weet iemand hoe dat komt ? Ik dacht dat DVD-Shrink eigenlijk Nero op de achtergrond gebruikt om te branden, maar blijkbaar gebeurt dit toch op een andere manier, vermits het resultaat met het ene programma fouten oplevert bij het lezen en met het andere programma er geen fouten optreden. En een bijkomend vraagje : is het mogelijk om de regio-code met Nero te wijzigen ?
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.