Ga naar inhoud

ilse1987

Lid
  • Items

    8
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door ilse1987

  1. tis al in orde:-) moest gewoon internet explorer 8 downloade blijkbaar heb geen meldingen meer nu dusjah
  2. ik ga meteen eens piepen op die pagina ik heb echter nog 1 klein vraagje... mijn pc geeft sinds enkele dagen de melding: de opgevraagde webpagina is offline niet beschikbaar. klik op verbinding maken als u deze pagina wil zien (verbinding maken - off line blijven) terwijl mijn internet continue aan staat :s dit zegt hij zowel bij deze site als bij mijn startpagina enzo... dus wou hier toch ook nog snel even hulp over vragen... alvast bedankt!
  3. ik heb geen virussen meer ontdekt dus dat is al goed alleen gaat m'n pc nog steeds vrij traag maar dat zal dan een andere oorzaak hebben waarschijnlijk. Bedankt voor de hulp!
  4. hey! hier hebt u de resultaten van de combofix scan en de hijackthis scan: combofix: ComboFix 09-09-06.06 - Gebruiker 07/09/2009 17:44.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.479.173 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\GEBRUI~1\APPLIC~1\DealAssistant c:\docume~1\GEBRUI~1\APPLIC~1\DealAssistant\config.cfg c:\docume~1\GEBRUI~1\APPLIC~1\DealAssistant\DAUninstall.exe c:\program files\iWin Games c:\program files\iWin Games\AdminWorker.exe c:\program files\iWin Games\firefox\chrome.manifest c:\program files\iWin Games\firefox\chrome\iwinarcade.jar c:\program files\iWin Games\firefox\install.rdf c:\program files\iWin Games\firefox\version c:\program files\iWin Games\ftdownload.dat c:\program files\iWin Games\host.cfg c:\program files\iWin Games\iWinGames.exe c:\program files\iWin Games\iWinGamesInstaller.exe c:\program files\iWin Games\iWinInfo.dll c:\program files\iWin Games\iWinTrusted.exe c:\program files\iWin Games\pages\alert32x32.gif c:\program files\iWin Games\pages\arcadeCheck.js c:\program files\iWin Games\pages\blank.html c:\program files\iWin Games\pages\blank2.html c:\program files\iWin Games\pages\error.html c:\program files\iWin Games\pages\error404.css c:\program files\iWin Games\pages\iwin_logo.gif c:\program files\iWin Games\pages\login.html c:\program files\iWin Games\pages\maintenance.html c:\program files\iWin Games\pages\offline.css c:\program files\iWin Games\pages\offline.html c:\program files\iWin Games\pages\offline.jpg c:\program files\iWin Games\pages\offline_tag.gif c:\program files\iWin Games\pages\offlineBg.gif c:\program files\iWin Games\pages\orange-im-connected-60.gif c:\program files\iWin Games\pages\terrie404.gif c:\program files\iWin Games\pages\test.html c:\program files\iWin Games\sounds\animation.wav c:\program files\iWin Games\sounds\animationBack.wav c:\program files\iWin Games\sounds\button_click.wav c:\program files\iWin Games\sounds\download_completed.wav c:\program files\iWin Games\sounds\slidebackin.wav c:\program files\iWin Games\sounds\slideout.wav c:\program files\iWin Games\sounds\start.wav c:\program files\iWin Games\Uninstall.exe c:\program files\iWin Games\WebInstaller.exe c:\program files\iWin Games\WebUpdater.bmp c:\program files\iWin.com c:\program files\iWin.com\Holly A Christmas Tale\Alawar_eula.txt c:\program files\iWin.com\Holly A Christmas Tale\bass.dll c:\program files\iWin.com\Holly A Christmas Tale\eng.lng c:\program files\iWin.com\Holly A Christmas Tale\GameLauncher.exe c:\program files\iWin.com\Holly A Christmas Tale\gamepage\buynow.html c:\program files\iWin.com\Holly A Christmas Tale\gamepage\common.js c:\program files\iWin.com\Holly A Christmas Tale\gamepage\css\offline.css c:\program files\iWin.com\Holly A Christmas Tale\gamepage\end.html c:\program files\iWin.com\Holly A Christmas Tale\gamepage\expired.html c:\program files\iWin.com\Holly A Christmas Tale\gamepage\images\alert32x32.gif c:\program files\iWin.com\Holly A Christmas Tale\gamepage\images\bg_header.gif c:\program files\iWin.com\Holly A Christmas Tale\gamepage\images\continuefreetrial-32.gif c:\program files\iWin.com\Holly A Christmas Tale\gamepage\images\logo.jpg c:\program files\iWin.com\Holly A Christmas Tale\gamepage\images\product\feature.jpg c:\program files\iWin.com\Holly A Christmas Tale\gamepage\open.html c:\program files\iWin.com\Holly A Christmas Tale\gamepage\operationfailed.html c:\program files\iWin.com\Holly A Christmas Tale\gamepage\success.html c:\program files\iWin.com\Holly A Christmas Tale\glcfg.date c:\program files\iWin.com\Holly A Christmas Tale\GLWorker.exe c:\program files\iWin.com\Holly A Christmas Tale\Holly.ifn c:\program files\iWin.com\Holly A Christmas Tale\holly.lng c:\program files\iWin.com\Holly A Christmas Tale\Holly.vfn c:\program files\iWin.com\Holly A Christmas Tale\Holly.vgf c:\program files\iWin.com\Holly A Christmas Tale\holly.vsn c:\program files\iWin.com\Holly A Christmas Tale\icon.ico c:\program files\iWin.com\Holly A Christmas Tale\Logos\logo1.jpg c:\program files\iWin.com\Holly A Christmas Tale\Logos\logo2.jpg c:\program files\iWin.com\Holly A Christmas Tale\particles.an c:\program files\iWin.com\Holly A Christmas Tale\particles.bmp c:\program files\iWin.com\Holly A Christmas Tale\Players\dont-delete.txt c:\program files\iWin.com\Holly A Christmas Tale\Players\Player0.vrs c:\program files\iWin.com\Holly A Christmas Tale\Players\Player6.vrs c:\program files\iWin.com\Holly A Christmas Tale\stdat.dat c:\program files\iWin.com\Holly A Christmas Tale\Uninstall.exe c:\program files\iWin.com\YoudaFarmer\GameLauncher.exe c:\program files\iWin.com\YoudaFarmer\gamepage\buynow.html c:\program files\iWin.com\YoudaFarmer\gamepage\common.js c:\program files\iWin.com\YoudaFarmer\gamepage\css\offline.css c:\program files\iWin.com\YoudaFarmer\gamepage\disconnected-upsell.html c:\program files\iWin.com\YoudaFarmer\gamepage\end.html c:\program files\iWin.com\YoudaFarmer\gamepage\expired.html c:\program files\iWin.com\YoudaFarmer\gamepage\images\alert32x32.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\bg_header.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\buttons\close-blue-28.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\buttons\continue-orange-132.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\buttons\yesiwantabackupcd-orange-197.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\common\header-bg.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\common\header-small-bg.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\common\loading.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\continuefreetrial-32.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\global\logo-invis.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\global\logo.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\global\page-bg-swirly.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\global\page-bg.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\global\page-header-small-bg.jpg c:\program files\iWin.com\YoudaFarmer\gamepage\images\logo.jpg c:\program files\iWin.com\YoudaFarmer\gamepage\images\misc\blue-bottom-triangle.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\misc\information.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\ous\divider.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\ous\hotel-bg.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\ous\hotel-iwin.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\ous\opal.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\ous\ous-promo-banner.jpg c:\program files\iWin.com\YoudaFarmer\gamepage\images\plans\plan1.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\plans\plan2.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\plans\plan3.gif c:\program files\iWin.com\YoudaFarmer\gamepage\images\product\feature.jpg c:\program files\iWin.com\YoudaFarmer\gamepage\open.html c:\program files\iWin.com\YoudaFarmer\gamepage\operationfailed.html c:\program files\iWin.com\YoudaFarmer\gamepage\scripts\disconnected-upsell.js c:\program files\iWin.com\YoudaFarmer\gamepage\scripts\prototype-1.6.js c:\program files\iWin.com\YoudaFarmer\gamepage\styles\base.css c:\program files\iWin.com\YoudaFarmer\gamepage\styles\disconnected-upsell.css c:\program files\iWin.com\YoudaFarmer\gamepage\styles\shoppingcart.css c:\program files\iWin.com\YoudaFarmer\gamepage\success.html c:\program files\iWin.com\YoudaFarmer\glcfg.date c:\program files\iWin.com\YoudaFarmer\GLWorker.exe c:\program files\iWin.com\YoudaFarmer\icon.ico c:\program files\iWin.com\YoudaFarmer\stdat.dat c:\program files\iWin.com\YoudaFarmer\Uninstall.exe c:\program files\iWin.com\YoudaFarmer\YoudaFarmer_iWin.ifn c:\program files\iWin.com\YoudaFarmer\YoudaFarmer_iWin.ifn.lnk c:\program files\iWin.com\YoudaFarmer\YoudaGames_eula.txt . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))) . 2009-09-03 16:58 . 2009-09-03 16:58 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu 2009-09-03 16:57 . 2009-09-03 16:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2009-09-03 16:57 . 2009-09-04 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-09-03 16:53 . 2009-09-03 16:53 -------- d-----w- c:\program files\Common Files\CANON 2009-09-03 16:46 . 2009-09-03 16:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2009-09-03 16:44 . 2008-10-08 20:00 230912 ----a-w- c:\windows\system32\CNMLM9E.DLL 2009-09-03 16:44 . 2009-09-03 16:44 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-09-03 16:43 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC540O.DLL 2009-09-03 16:43 . 2008-05-30 00:27 270336 ----a-w- c:\windows\system32\CNC540L.DLL 2009-09-03 16:43 . 2008-04-07 05:58 1339392 ----a-w- c:\windows\system32\CNC540C.DLL 2009-09-03 16:43 . 2008-04-07 05:58 98304 ----a-w- c:\windows\system32\CNC540I.DLL 2009-09-03 16:42 . 2009-09-03 16:42 -------- d--h--w- c:\program files\CanonBJ 2009-09-03 16:35 . 2009-09-03 17:22 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-03 16:31 . 2009-09-03 16:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-02 17:29 . 2009-09-02 17:29 -------- d-----w- c:\program files\Trend Micro 2009-09-02 16:08 . 2009-09-04 16:57 -------- d--h--w- C:\$AVG8.VAULT$ 2009-09-02 16:04 . 2009-09-02 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-02 16:04 . 2009-09-02 16:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-02 16:04 . 2009-09-02 16:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-02 16:04 . 2009-09-02 16:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-02 16:01 . 2009-09-07 15:29 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-02 16:01 . 2009-09-02 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-02 15:59 . 2009-09-02 15:59 -------- d-----w- c:\program files\AVG 2009-09-02 15:59 . 2009-09-03 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-02 15:47 . 2009-09-02 15:47 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG8 2009-08-31 15:17 . 2009-08-31 14:38 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-31 14:38 . 2009-08-31 14:37 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-08-31 14:35 . 2009-08-31 14:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-08-31 14:34 . 2009-08-31 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-31 14:34 . 2009-08-31 14:34 -------- d-----w- c:\program files\Lavasoft 2009-08-26 14:56 . 2009-08-26 14:56 -------- d--h--w- c:\windows\PIF 2009-08-26 14:55 . 2009-08-26 14:55 532480 ----a-w- c:\windows\system32\win5e78.dll 2009-08-26 11:47 . 2009-08-26 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze 2009-08-25 12:07 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 16:57 . 2008-11-18 14:41 -------- d-----w- c:\program files\Canon 2009-09-03 14:16 . 2008-11-27 15:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-03 12:20 . 2008-10-05 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-02 17:16 . 2008-10-05 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-01 12:33 . 2009-03-24 14:57 -------- d-----w- c:\program files\RealArcade 2009-08-27 15:44 . 2008-11-27 14:03 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\FrostWire 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:46 . 2009-07-10 12:46 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Home Sweet Home 2009-06-29 16:01 . 2006-03-02 12:00 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:01 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:01 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2008-09-25 15:18 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 39408] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-31 520024] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-02 2007832] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Ashampoo Magic Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe [2008-10-6 4149361] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-02 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk] backup=c:\windows\pss\Utility Tray.lnkCommon Startup path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31/08/2009 16:38 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/09/2009 18:04 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/09/2009 18:04 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/09/2009 18:00 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/09/2009 18:00 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] S2 gupdate1c9b83d16e7dc9;Google Updateservice (gupdate1c9b83d16e7dc9);c:\program files\Google\Update\GoogleUpdate.exe [8/04/2009 13:26 133104] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [29/05/2009 11:48 31872] . Inhoud van de 'Gedeelde Taken' map 2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:37] 2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 11:26] 2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 11:26] 2009-04-20 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-09-07 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0914 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-09-07 17:49 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-09-07 17:50 ComboFix-quarantined-files.txt 2009-09-07 15:50 ComboFix2.txt 2009-09-04 15:44 Pre-Run: 30.069.932.032 bytes beschikbaar Post-Run: 30.030.733.312 bytes beschikbaar 325 --- E O F --- 2009-09-02 21:36 en hier de resultaten van hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:06:58, on 7/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate1c9b83d16e7dc9) (gupdate1c9b83d16e7dc9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\SPTISRV.exe -- End of file - 8179 bytes alvast bedankt voor de hulp!
  5. ComboFix 09-09-03.02 - Gebruiker 04/09/2009 17:36.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.479.162 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\GEBRUI~1\APPLIC~1\.# c:\documents and settings\Gebruiker\Menu Start\Programma's\PlayMP3z c:\documents and settings\Gebruiker\Menu Start\Programma's\PlayMP3z\Run PlayMP3z.pif c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\Uninstall Fun Web Products.dll . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))) . 2009-09-03 16:58 . 2009-09-03 16:58 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu 2009-09-03 16:57 . 2009-09-03 16:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2009-09-03 16:57 . 2009-09-04 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-09-03 16:53 . 2009-09-03 16:53 -------- d-----w- c:\program files\Common Files\CANON 2009-09-03 16:46 . 2009-09-03 16:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2009-09-03 16:44 . 2008-10-08 20:00 230912 ----a-w- c:\windows\system32\CNMLM9E.DLL 2009-09-03 16:44 . 2009-09-03 16:44 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-09-03 16:43 . 2007-03-15 05:12 188416 ----a-w- c:\windows\system32\CNC540O.DLL 2009-09-03 16:43 . 2008-05-30 00:27 270336 ----a-w- c:\windows\system32\CNC540L.DLL 2009-09-03 16:43 . 2008-04-07 05:58 1339392 ----a-w- c:\windows\system32\CNC540C.DLL 2009-09-03 16:43 . 2008-04-07 05:58 98304 ----a-w- c:\windows\system32\CNC540I.DLL 2009-09-03 16:42 . 2009-09-03 16:42 -------- d--h--w- c:\program files\CanonBJ 2009-09-03 16:35 . 2009-09-03 17:22 -------- d-----w- c:\program files\IKEA HomePlanner 2009-09-03 16:31 . 2009-09-03 16:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-02 17:29 . 2009-09-02 17:29 -------- d-----w- c:\program files\Trend Micro 2009-09-02 16:08 . 2009-09-03 16:24 -------- d--h--w- C:\$AVG8.VAULT$ 2009-09-02 16:04 . 2009-09-02 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-02 16:04 . 2009-09-02 16:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-02 16:04 . 2009-09-02 16:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-02 16:04 . 2009-09-02 16:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-02 16:01 . 2009-09-04 15:12 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-02 16:01 . 2009-09-02 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-02 15:59 . 2009-09-02 15:59 -------- d-----w- c:\program files\AVG 2009-09-02 15:59 . 2009-09-03 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-02 15:47 . 2009-09-02 15:47 -------- d-----w- c:\docume~1\GEBRUI~1\APPLIC~1\AVG8 2009-08-31 15:17 . 2009-08-31 14:38 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-31 14:38 . 2009-08-31 14:37 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-08-31 14:35 . 2009-08-31 14:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-08-31 14:34 . 2009-08-31 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-31 14:34 . 2009-08-31 14:34 -------- d-----w- c:\program files\Lavasoft 2009-08-26 14:56 . 2009-08-26 14:56 -------- d--h--w- c:\windows\PIF 2009-08-26 14:55 . 2009-09-03 12:20 -------- d-----w- c:\docume~1\GEBRUI~1\APPLIC~1\DealAssistant 2009-08-26 14:55 . 2009-08-26 14:55 532480 ----a-w- c:\windows\system32\win5e78.dll 2009-08-26 11:47 . 2009-08-26 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze 2009-08-25 12:07 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 16:57 . 2008-11-18 14:41 -------- d-----w- c:\program files\Canon 2009-09-03 14:16 . 2008-11-27 15:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-03 12:20 . 2008-10-05 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-09-02 17:16 . 2008-10-05 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-01 12:34 . 2008-12-17 10:17 -------- d-----w- c:\program files\iWin.com 2009-09-01 12:33 . 2009-03-24 14:57 -------- d-----w- c:\program files\RealArcade 2009-08-31 16:30 . 2008-11-28 16:24 -------- d-----w- c:\program files\iWin Games 2009-08-27 15:44 . 2008-11-27 14:03 -------- d-----w- c:\docume~1\GEBRUI~1\APPLIC~1\FrostWire 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2006-03-02 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 12:46 . 2009-07-10 12:46 -------- d-----w- c:\docume~1\GEBRUI~1\APPLIC~1\Home Sweet Home 2009-07-08 13:16 . 2009-07-08 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom 2009-07-08 13:16 . 2009-07-08 13:16 -------- d-----w- c:\program files\Common Files\SWF Studio 2009-07-08 13:10 . 2009-05-18 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Escape From Paradise 2009-07-08 12:37 . 2009-07-08 12:37 -------- d-----w- c:\program files\Virtual Villagers 2009-07-08 12:37 . 2009-07-08 12:28 -------- d-----w- c:\program files\Wandering Willows 2009-06-29 16:01 . 2006-03-02 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:01 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:01 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2006-03-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2008-09-25 15:18 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2006-03-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{568B8CC2-DC0C-4682-9E6C-1CA537699FC5}"= "c:\windows\system32\win5e78.dll" [2009-08-26 532480] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{568b8cc2-dc0c-4682-9e6c-1ca537699fc5}] [HKEY_CLASSES_ROOT\TypeLib\{E7D7117E-9990-415A-9099-32C4EAC7467C}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 39408] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-31 520024] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-02 2007832] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Ashampoo Magic Defrag.lnk - c:\program files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe [2008-10-6 4149361] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-02 16:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Utility Tray.lnk] backup=c:\windows\pss\Utility Tray.lnkCommon Startup path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Utility Tray.lnk [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [31/08/2009 16:38 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/09/2009 18:04 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/09/2009 18:04 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/09/2009 18:00 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/09/2009 18:00 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] S2 gupdate1c9b83d16e7dc9;Google Updateservice (gupdate1c9b83d16e7dc9);c:\program files\Google\Update\GoogleUpdate.exe [8/04/2009 13:26 133104] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [29/05/2009 11:48 31872] . Inhoud van de 'Gedeelde Taken' map 2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:37] 2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 11:26] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 11:26] 2009-04-20 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-09-04 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0914 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-09-04 17:42 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-09-04 17:44 ComboFix-quarantined-files.txt 2009-09-04 15:44 Pre-Run: 27.399.565.312 bytes beschikbaar Post-Run: 29.969.453.056 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 222 --- E O F --- 2009-09-02 21:36 ps: de mirartoestande staan nog steeds in mijn software dus die zou ik er nogwel graag uit hebben. Mijn pc start al veel sneller op alleen dat kleine dingetje wilt er niet af blijkbaar.
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:33, on 3/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate1c9b83d16e7dc9) (gupdate1c9b83d16e7dc9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\SPTISRV.exe -- End of file - 8215 bytes ---------- Post toegevoegd om 17:20 ---------- Vorige post was om 17:12 ---------- ps: mijn mirartoolbalk is al wel uit de internet explorer verdwenen maar zit nu enkel nog in mijn software.
  7. geachte, bedankt voor u antwoord! ik vind echter de mappen megaSwellAdsForYou en dealassistent niet, ik heb het via zoeken gedaan en krijg geen resultaten... mvg Ilse ---------- Post toegevoegd om 15:34 ---------- Vorige post was om 15:31 ---------- oja en: O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\isDel.bat" stond er niet meer tussen daarnet, is dat erg?
  8. hey! ik heb reeds een week de mirartoolbalk op mijn pc staan maar krijg hem er langs geen kanten af! krijg hem niet verwijdert uit de software dus heb ik mijn spybotprogramma laten scannen maar die vind niks! toen heb ik adaware gedownload, die vond wel enkele trojans maar geen mirar te bespeuren! Nadien heb ik dan maar AVG gedownload maar die geeft nu regelmatig een melding van trojaans paard Generic14.ADVK. Ik krijg deze beide dingen dus niet van mijn pc! Ik heb reeds en Hijackthis logje gemaakt, hier onder plaats ik het even. Zou iemand mij kunnen helpen aub? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:58, on 2/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe C:\Program Files\iWin Games\iWinGamesInstaller.exe C:\Program Files\iWin Games\iWinTrusted.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Gebruiker\Application Data\DealAssistant\DealAssistant.exe C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe C:\Program Files\Winter Fun Pack 2004 for Windows XP\WinterWallToy\WinterWalltoy.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Het Nieuwsblad Online R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Mirar= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - *{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Mirar - {568B8CC3-DC0C-4682-9E6C-1CA537699FC5} - C:\WINDOWS\system32\win5e78.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: MegaSwellAdsForYou - {B8AFA6F8-90AF-2466-C153-04043912FFBC} - C:\Program Files\MegaSwellAdsForYou\MegaSwellAdsForYou.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Mirar - {568B8CC2-DC0C-4682-9E6C-1CA537699FC5} - C:\WINDOWS\system32\win5e78.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\isDel.bat" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sfKg6wIPuSpdcduD7] C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Windows\gragde.exe O4 - HKCU\..\Run: [DealAssistant] C:\Documents and Settings\Gebruiker\Application Data\DealAssistant\DealAssistant.exe O4 - Global Startup: Ashampoo Magic Defrag.lnk = C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Home%20Sweet%20Home/Images/stg_drm.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate1c9b83d16e7dc9) (gupdate1c9b83d16e7dc9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\SPTISRV.exe -- End of file - 9977 bytes MVG Ilse
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.