Bojangles

Bedankt voor je hulp, Kape. ComboFix werd verwijderd, CCleaner (gebruik ik reeds lang) heeft alles nog eens schoongemaakt en het besmette herstelpunt werd verwijderd en ik heb een nieuw herstelpunt aangemaakt.

Mijn pc is weer vrij van virussen. Jullie zijn super.

Groeten,

Bojangles

Hallo Kape,

24 uur later en geen enkele melding van mijn virusscanner meer gekregen. Wat moet er nu nog gebeuren ?

Hoi, Kape. Ik heb alles uitgevoerd zoals gevraagd. Ondertussen heb ik mijn virus-scanner weer ingeschakeld en heropgestart en nog geen enkele melding van auto-protect gekregen. Hout vasthouden ...

Hier is mijn ComboFix-logje :

ComboFix 12-07-20.02 - Dirk 20/07/2012 19:05:57.3.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1419 [GMT 2:00]

Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe

AV: Norton Internet Security Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security Online *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\@

c:\users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\L\00000004.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\L\00000008.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\00000004.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\00000008.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\000000cb.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\80000000.@

c:\windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\U\80000032.@

.

c:\windows\system32\services.exe . . . is geïnfecteerd!!

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))

.

.

2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Laura\AppData\Local\temp

2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Joke\AppData\Local\temp

2012-07-20 17:15 . 2012-07-20 17:23 -------- d-----w- c:\users\Dirk\AppData\Local\temp

2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\itunes\AppData\Local\temp

2012-07-20 17:15 . 2012-07-20 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-19 18:23 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-19 11:25 . 2012-07-19 11:25 -------- d-----w- c:\users\Laura\AppData\Roaming\redsn0w

2012-07-19 10:33 . 2012-07-19 10:33 -------- d-----w- c:\users\Laura\AppData\Local\libimobiledevice

2012-07-16 16:47 . 2012-07-16 16:54 -------- d-----w- c:\users\Joke\AppData\Roaming\xsecva

2012-07-15 18:35 . 2012-07-16 16:47 -------- d-----w- c:\users\Dirk\AppData\Roaming\xsecva

2012-07-12 16:56 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 16:49 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-11 20:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 20:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 20:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 20:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 20:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 20:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-01 08:36 . 2012-07-01 08:36 -------- d-----w- c:\program files\iPod

2012-06-29 19:41 . 2012-07-11 19:20 -------- d-----w- c:\users\Dirk\Cd's Defect

2012-06-29 19:41 . 2012-06-29 19:41 -------- d-----w- C:\Nieuwe map

2012-06-23 10:05 . 2012-06-23 10:05 -------- d-----w- c:\users\Dirk\AppData\Roaming\Epson

2012-06-23 10:05 . 2012-06-23 10:05 -------- d-----w- c:\users\Dirk\AppData\Local\ArcSoft

2012-06-23 10:05 . 2012-06-23 18:22 -------- d-----w- c:\users\Dirk\AppData\Roaming\ArcSoft

2012-06-22 19:45 . 2012-06-22 19:45 -------- d-----w- c:\windows\nl

2012-06-22 19:44 . 2012-03-08 16:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-06-22 19:41 . 2012-06-22 19:41 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-22 19:38 . 2012-06-22 19:38 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\DXSETUP.exe

2012-06-22 19:38 . 2012-06-22 19:38 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\DSETUP.dll

2012-06-22 19:38 . 2012-06-22 19:38 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a0cb6f591cd50ae02\dsetup32.dll

2012-06-22 19:21 . 2012-06-22 19:21 -------- d-----w- c:\users\Laura\AppData\Local\ArcSoft

2012-06-22 19:21 . 2012-06-22 19:21 -------- d-----w- c:\users\Laura\AppData\Roaming\Epson

2012-06-22 19:20 . 2012-06-22 19:51 -------- d-----w- c:\users\Laura\AppData\Roaming\ArcSoft

2012-06-22 13:38 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 13:38 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 13:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 13:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 13:38 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 13:38 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 13:38 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 13:38 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 13:38 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 12:39 . 2012-06-22 12:56 -------- d-----w- c:\users\Joke\AppData\Roaming\Epson

2012-06-22 12:27 . 2012-06-22 12:29 -------- d-----w- c:\program files\Epson Software

2012-06-22 12:26 . 2012-06-22 12:26 -------- d-----w- c:\users\Joke\AppData\Local\ABBYY

2012-06-22 12:22 . 2012-06-22 12:27 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint

2012-06-22 12:22 . 2012-06-22 12:22 -------- d-----w- c:\programdata\ABBYY

2012-06-22 12:22 . 2012-06-22 12:22 -------- d-----w- c:\program files\Common Files\ABBYY

2012-06-22 12:18 . 2012-06-22 12:18 -------- d-----w- c:\users\Joke\AppData\Local\ArcSoft

2012-06-22 12:16 . 2012-06-22 12:41 -------- d--h--w- c:\programdata\ArcSoft

2012-06-22 12:15 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2012-06-22 12:15 . 2012-06-22 12:15 -------- d-----w- c:\program files\Common Files\ArcSoft

2012-06-22 12:15 . 2012-06-22 12:20 -------- d-----w- c:\program files\ArcSoft

2012-06-22 12:15 . 2012-06-22 13:50 -------- d-----w- c:\users\Joke\AppData\Roaming\ArcSoft

2012-06-22 12:13 . 2012-06-22 12:13 -------- d-----w- c:\users\Joke\AppData\Roaming\InstallShield

2012-06-22 12:13 . 2010-01-19 10:31 123904 ----a-w- c:\windows\system32\esw2_ad.dll

2012-06-22 12:13 . 2009-12-20 22:00 65793 ----a-w- c:\windows\system32\esfwad.bin

2012-06-22 12:13 . 2009-12-06 22:00 204800 ----a-w- c:\windows\system32\esintad.dll

2012-06-22 12:13 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-06-22 12:13 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll

2012-06-22 12:12 . 2012-06-22 12:29 -------- d-----w- c:\program files\epson

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 19:26 . 2012-05-24 06:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 19:26 . 2011-06-02 06:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-01 14:03 . 2012-06-13 15:20 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-05-01 10:05 . 2012-05-01 09:45 65536 ----a-w- c:\windows\system32\afasrv32.exe

2012-04-23 16:00 . 2012-06-13 15:20 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-04-23 16:00 . 2012-06-13 15:20 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-23 16:00 . 2012-06-13 15:20 98304 ----a-w- c:\windows\system32\cryptnet.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\ERDNT\cache\services.exe

[-] 2009-04-11 . 8737764F4FD36D6808EE80578409C843 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[7] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]

"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336]

"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2012-04-10 161336]

"USBestCR"="c:\program files\Sitecom MD-020 SIM Editor\iconcs540543.exe" [2012-05-01 7041024]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000]

"EnableNotificationsRef"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]

S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 19:26]

.

2012-07-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 10:01]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2012-07-20 c:\windows\Tasks\Norton Security Scan for Dirk.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-20 19:23

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*]

"datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65,

b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\

"rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\DllHost.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-20 19:27:24 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-20 17:27

.

Pre-Run: 63.596.277.760 bytes beschikbaar

Post-Run: 64.233.881.600 bytes beschikbaar

.

- - End Of File - - 76421D00761CCE796A4830085B67F5D8

Ja, had ik gedaan en voor de zekerheid zonet nog eens heropgestart, maar de meldingen blijven komen. Ditmaal zegt auto-protect dat er risico's geblokkeerd werden (maar niet welke) en een andere keer krijg ik de melding dat auto-protect de 'verwijderde risico's' (trojan.gen) geblokkeerd heeft. En vervolgens de melding "uw computer is veilig". Maar de meldingen blijven wel komen ...

Bedankt, Kape.

MBAM vond inderdaad een 6-tal infecties en heeft ze verwijderd.

De meldingen van Norton Auto-Protect blijven echter komen ...

Dit is het MBAM-logje :

Malwarebytes Anti-Malware 1.62.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2012.07.19.12

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dirk :: PCDIRK [administrator]

19/07/2012 20:25:23

mbam-log-2012-07-19 (20-25-23).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 258932

Verstreken tijd: 11 minuut/minuten, 12 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1

HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 3

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Data: ɦMŸBˆÍÏåÿ -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Dirk\AppData\Local\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n. -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2

C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Zal worden verwijderd tijdens het herstarten.

C:\Windows\Installer\{80af3f8a-479e-b2ff-a0cb-0c48f1b7a3e4}\n (Trojan.Agent.BVXGen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

-------------------

En dit is het nieuwe HiJackThis-logje :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:46:22, on 19/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Dirk\Desktop\HijackThis.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe RunFromReg

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 12109 bytes

Bedankt voor de snelle reactie, Jion. Hier is mijn HijackThis-logje :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:23:46, on 18/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Dirk\Desktop\HijackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation

O4 - HKLM\..\Run: [uSBestCR] C:\Program Files\Sitecom MD-020 SIM Editor\iconcs540543.exe RunFromReg

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [XSECVA] C:\Users\Dirk\AppData\Roaming\xsecva\xsecva.exe -s

O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 11975 bytes

Hallo,

Sedert enkele dagen krijg ik waarschuwingen van mijn Norton Internet Security anti-virussoftware dat Auto-Protect beveiligingsrisico's geblokkeerd heeft. Het gaat om Trojan.Gen, Trojan.Gen.2 en Trojan.ZeroAccess.B

Wil dit nu zeggen dat mijn computer besmet is met virussen ?

Zo ja, wat kan ik doen om deze bedreigingen te verwijderen van mijn pc ?

Groeten,

B.

Bedankt voor alle hulp ...

OK, heb gedaan wat je vroeg. Combofix gaf wel een melding over de datum die overschreden was en in verminderde prestatiemodus zou draaien. Hier is de logfile :

ComboFix 11-12-27.01 - Dirk 02/01/2012 14:52:16.2.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.1639 [GMT 1:00]

Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Dirk\Desktop\CFScript.txt

AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

FILE ::

"c:\users\Dirk\AppData\Local\Temp\ldiskl.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Dirk\.swt

c:\users\Dirk\.swt\lib\win32\x86\swt-gdip-win32-3802.dll

c:\users\Dirk\.swt\lib\win32\x86\swt-win32-3802.dll

c:\users\Dirk\AppData\Local\Temp\~efe476\~de1a55.tmp

c:\users\Dirk\AppData\Local\Temp\~efe476\~df394b.tmp

c:\users\Dirk\AppData\Local\Temp\~eff21c\~ded171.tmp

c:\users\Dirk\AppData\Local\Temp\~eff21c\~df394b.tmp

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 ))))))))))))))))))))))))))))))

.

.

2011-12-31 11:07 . 2011-12-31 11:07 -------- d-----w- c:\users\Dirk\AppData\Roaming\Malwarebytes

2011-12-31 11:06 . 2011-12-31 11:06 -------- d-----w- c:\programdata\Malwarebytes

2011-12-31 11:06 . 2012-01-01 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-27 22:12 . 2011-12-27 22:12 -------- d-----w- c:\program files\Trend Micro

2011-12-24 13:27 . 2011-12-24 13:27 -------- d-----w- c:\program files\iPod

2011-12-24 13:24 . 2011-12-24 13:24 -------- d-----w- c:\program files\Bonjour

2011-12-15 11:28 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 11:28 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 11:28 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 11:28 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 11:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-12-15 11:28 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 11:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 20:36 . 2011-06-02 06:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]

"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336]

"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9892bbfcd4fb8;Google Update Service (gupdate1c9892bbfcd4fb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

R3 EraserUtilDrv11110;EraserUtilDrv11110;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

R3 ldiskl;ldiskl;c:\users\Dirk\AppData\Local\Temp\ldiskl.sys [x]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-26 721904]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [2011-11-14 819320]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSvix86.sys [2011-08-18 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-31 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 15:06]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2011-12-30 c:\windows\Tasks\Norton Security Scan for Dirk.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.2.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-02 14:54

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*]

"datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65,

b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\

"rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7

.

Voltooingstijd: 2012-01-02 14:57:25

ComboFix-quarantined-files.txt 2012-01-02 13:57

.

Pre-Run: 63.761.313.792 bytes beschikbaar

Post-Run: 63.741.829.120 bytes beschikbaar

.

- - End Of File - - 06DF0E03C0B4506F02627A5735684EE7

Sleep CFScript.txt in ComboFix.exe

Dat begrijp ik niet. Moet ik het txt-icoontje gewoon bovenop het combofix.exe icoontje slepen, waarna combofix zichzelf opstart ?

Ik heb het gevonden. Beide dll-files worden als proces geblokkeerd door Azureus (Vuze). Blijkbaar is Azureus de boosdoener die deze map en bestanden vanzelf aanmaakt bij gebruik van het programma. Eventjes gespiekt op de laptop van mijn zoon (die ook Vuze gebruikt) en jawel, ook bij hem staat deze map en de bijhorende dll-files.

In ieder geval is mijn pc eens gekuist van alle malware. Toch bedankt voor jullie hulp.

Deze topic mag afgesloten worden.

Groeten,

Bojangles

Hier is het logbestandje van combofix :

ComboFix 11-12-27.01 - Dirk 31/12/2011 15:43:51.1.4 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3069.2028 [GMT 1:00]

Gestart vanuit: c:\users\Dirk\Desktop\ComboFix.exe

AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AutocompletePro

c:\program files\AutocompletePro\AcRemoteUpdate.exe

c:\program files\AutocompletePro\InstTracker.exe

c:\program files\AutocompletePro\support@predictad.com\chrome.manifest

c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js

c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js

c:\program files\AutocompletePro\support@predictad.com\install.rdf

c:\program files\AutocompletePro\TaskScheduler.dll

c:\program files\AutocompletePro\unins000.dat

c:\program files\AutocompletePro\unins000.exe

c:\users\Dirk\AppData\Roaming\AD ON Multimedia

c:\users\Dirk\AppData\Roaming\Local

c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr

c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Dirk\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx

c:\users\Dirk\Documents\~WRL0002.tmp

c:\users\Dirk\Documents\~WRL2605.tmp

c:\windows\IsUn0413.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-31 ))))))))))))))))))))))))))))))

.

.

2011-12-31 14:56 . 2011-12-31 15:00 -------- d-----w- c:\users\Dirk\AppData\Local\temp

2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Laura\AppData\Local\temp

2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Joke\AppData\Local\temp

2011-12-31 14:56 . 2011-12-31 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-31 12:04 . 2011-12-31 12:04 -------- d-----w- c:\users\Dirk\.swt

2011-12-31 11:07 . 2011-12-31 11:07 -------- d-----w- c:\users\Dirk\AppData\Roaming\Malwarebytes

2011-12-31 11:06 . 2011-12-31 11:06 -------- d-----w- c:\programdata\Malwarebytes

2011-12-31 11:06 . 2011-12-31 11:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-31 11:06 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-27 22:12 . 2011-12-27 22:12 388096 ----a-r- c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-27 22:12 . 2011-12-27 22:12 -------- d-----w- c:\program files\Trend Micro

2011-12-24 13:27 . 2011-12-24 13:27 -------- d-----w- c:\program files\iPod

2011-12-24 13:24 . 2011-12-24 13:24 -------- d-----w- c:\program files\Bonjour

2011-12-15 11:28 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 11:28 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 11:28 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 11:28 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 11:28 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-12-15 11:28 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 11:28 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-27 20:36 . 2011-06-02 06:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 04:06 . 2010-05-18 17:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]

"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2008-07-21 87336]

"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2008-05-14 62760]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"TrayServer"="c:\program files\MAGIX\Film_op_DVD_7\TrayServer.exe" [2008-01-30 90112]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-26 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-11-03 07:31 135664 ----atw- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-02-07 13:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2886177340-1827027794-3278676110-1000]

"EnableNotificationsRef"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9892bbfcd4fb8;Google Update Service (gupdate1c9892bbfcd4fb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

R3 EraserUtilDrv11110;EraserUtilDrv11110;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

R3 ldiskl;ldiskl;c:\users\Dirk\AppData\Local\Temp\ldiskl.sys [x]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-26 721904]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [2011-11-14 819320]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111228.001\IDSvix86.sys [2011-08-18 368248]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-31 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 15:06]

.

2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 13:55]

.

2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000Core.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886177340-1827027794-3278676110-1000UA.job

- c:\users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 07:31]

.

2011-12-30 c:\windows\Tasks\Norton Security Scan for Dirk.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-14 07:48]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

TCP: DhcpNameServer = 192.168.2.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)

HKCU-Run-fsm - (no file)

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0413.EXE

AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe

AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-31 15:59

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_USERS\S-1-5-21-2886177340-1827027794-3278676110-1000\Software\SecuROM\License information*]

"datasecu"=hex:6a,9a,b0,f4,4a,4e,75,08,d5,c5,0e,04,74,21,76,7c,17,4b,23,e1,65,

b9,bc,81,30,70,d2,5a,92,17,42,0a,d1,c9,6a,c5,e2,59,f9,fe,0f,65,87,45,f5,95,\

"rkeysecu"=hex:26,4d,df,47,23,04,f6,8f,e5,2e,64,be,2b,21,79,f7

.

Voltooingstijd: 2011-12-31 16:02:32

ComboFix-quarantined-files.txt 2011-12-31 15:02

.

Pre-Run: 55.362.121.728 bytes beschikbaar

Post-Run: 63.669.473.280 bytes beschikbaar

.

- - End Of File - - E4CFB8DA139D3F1844CB1BAA59A309BF

P.S. de map .swt met inhoud stond er weer (voor ik combofix uitvoerde). Blijkbaar komt ze er vanzelf van zodra ik op het internet ga.

P.S.2 ik zou echt niet weten waar ik die widgets vandaan gehaald heb. Heb zelfs even moeten googelen wat widgets precies zijn. Blijkbaar zijn het kleine programmaatjes zoals kalenders met een eigen functie.

OK, bedankt. Heb alles uitgevoerd zoals gevraagd. Hier zijn de logfiles :

1. Logfile Malwarebytes :

Malwarebytes Anti-Malware 1.60.0.1800

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2011.12.31.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Dirk :: PCDIRK [administrator]

31/12/2011 12:10:16

mbam-log-2011-12-31 (12-10-16).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 222048

Verstreken tijd: 13 minuut/minuten, 19 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 4

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\MySearch (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 33

C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MySearch (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 104

C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Dirk\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

2. Logfile HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:57:57, on 31/12/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 9873 bytes

P.S. Ik heb de swt-map en inhoud verwijderd. Ik heb dit vroeger nog gedaan, maar ze komt telkens terug.

Eclipse staat niet tussen mijn geïnstalleerde programma's.

Hier is de logfile van HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:13:27, on 27/12/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Azureus\Azureus.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\Dirk\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Film_op_DVD_7\TrayServer.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Dirk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.be/s/v/50.14/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9892bbfcd4fb8) (gupdate1c9892bbfcd4fb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--

End of file - 10810 bytes

P.S. Ik gebruik Norton Internet Security Online als virusbeveiliging.

Sedert enige tijd heb ik een .swt-map op mijn pc op de locatie C:\Users\ikke\.swt\lib\win32\x86. Daarin zitten 2 dll-files : swt-gdip-win32-3802.dll en swt-win32-3802.dll.

Als ik alles verwijder (mappen en dll-files) dan komt alles terug na enige tijd.

Vind ik zeer vervelend, vermits dit mapje op een locatie staat waarin ik als user alle ander mappen heb gezet waarin ik allerlei topics bewaar.

Hoe komt deze map daar en hoe geraak ik daar van af ?

Ik heb de instellingen (eindelijk) kunnen wijzigen, maar het lukt me nog steeds niet om verbinding te maken mijn router. Ik zie mijn verbinding te staan, maar krijg telkens de melding "er kan geen verbinding worden gemaakt met ... "

Om die wijzigingen aan te brengen moet ik administrator rechten hebben, en die heb ik momenteel niet. ('t is een nieuwe laptop van mijn werkgever). Ik zal die moeten aanvragen. Dat wordt wachten tot na nieuwjaar. Tommetoch ...

Ik heb Windows 7 op de nieuwe laptop.

Ik heb de beveiliging eens op WEP gezet (met een paswoord) i.p.v. WAP en ik kreeg nu wel verbinding met de router, maar met status "geen internettoegang". Even ge-googeld en gevonden dat het iets met de DNS zou kunnen te maken hebben. Ben er niet wijzer uit geworden.

Neen, lukt mij ook niet. "Enable Mac Filtering" stond trouwens op NO.

Is het mogelijk dat mijn nieuwe laptop geen WPA ondersteunt ? Hoe kan ik dit weten ?

Ik probeer met mijn nieuwe laptop verbinding te maken met mijn router, maar als ik klik op "verbinding maken" dan krijg ik telkens ik het paswoord ingeef van mijn netwerk-beveiliging de melding "er kan geen verbinding worden gemaakt ...". Het paswoord is nochtans correct. Op de laptop van mijn zoon lukt het wel om verbinding te maken. Beide laptops zijn Dell-laptops en hebben allebei Windows 7 als operating system.

Mijn router (U.S. Robotics Wireless 54Mbps ADSL router) is ingesteld met WPA security.

Als ik de instelling van mijn routere op "No WEP, no WPA" zet dan kan ik op mijn laptop wel verbinding maken met mijn router en op het internet gaan, maar dan heb ik een onbeveiligd netwerk en dat is niet wat ik wil.

Wie weet raad ?

Heb zonet eens de beide DVD's op mijn pc afgespeeld en de onderbreking doet zich niet voor. Dat wil zeggen dat de dvd toch in orde is, maar dat een gewone dvd-speler aangesloten op een tv er blijkbaar anders mee omgaat dan een dvd-speler in een pc.

Toch bedankt voor de reactie.

Bij het afspelen van een DVD9 die ik gebrand heb met Nero 8 ontdek ik dat er zich een kleine hapering voordoet ergens middenin de weergave. Beeld en geluid stokken een seconde. Met een andere gebrande DVD9 had ik dat ook al. Als ik de vob-file op mijn pc afspeel (met powerdvd) dan speelt ie dat stuk perfect af. Als ik de gebrande dvd met een andere dvd-speler afspeel merk ik ook een lichte hapering. Het probleem ligt dus bij de dvd. Met gewone dvd's (DVD5) heb ik dat nog nooit voorgehad.

Iemand een idee hoe dit komt en of ik het kan probleem kan voorkomen. Ik gebruik DVD9's van EMTEC (DVD+R double layer 8.5 Gb).

Heeft iemand ervaring met Net2Plug, het systeem om computers te verbinden via het elektriciteitsnet. Wat kost dat ongeveer ? Werkt dat goed en snel ? Kan je internet ook delen op die manier ? Zijn er bepaalde voorwaarden waar je rekening mee moet houden om dit systeem toe te passen ?

Ik wil in 4 kamers in ons huis een pc (of laptop) aansluiten op het internet, zonder gebruik te maken van een draadloos internet-signaal. Ik dacht dat Net2Plug daarvoor geschikt zou zijn. Maar misschien bestaat er nog iets anders ?

Er zijn er waarschijnlijk nog veel, maar het klein maar fijn Multiquence gebruik ik nu al jaren. Hier te downloaden : MULTIQUENCE Download

Hallo,

Ik kocht onlangs een DVD met regio-code 1 die ik niet kon afspelen op mijn gewone dvd-speler die aangesloten is op mijn TV. Met DVD-Shrink kon ik een backup-nemen en hem weer branden als regiocode vrij. Het afspelen van deze gebrande dvd lukte nu wel, maar op een bepaald punt slaat ie plots af. Diezelfde dvd speelt wel op mijn pc-dvd speler en slaat niet af. Ik dacht eerst dat het aan de schijf (een dvd-rw) lag, maar ook met een gewone dvd-r sloeg hij af op hetzelfde punt. Ik heb daarna de backup-bestanden die DVDShrink tijdelijk aanmaakt op de pc nog eens gebrand met Nero 8 en nu slaat de dvd niet meer af als ik hem afspeel op mijn gewone dvd-speler.

Weet iemand hoe dat komt ? Ik dacht dat DVD-Shrink eigenlijk Nero op de achtergrond gebruikt om te branden, maar blijkbaar gebeurt dit toch op een andere manier, vermits het resultaat met het ene programma fouten oplevert bij het lezen en met het andere programma er geen fouten optreden.

En een bijkomend vraagje : is het mogelijk om de regio-code met Nero te wijzigen ?