Ga naar inhoud

daverend

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    23

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door daverend

  1. daverend
    Mijn broer heeft de stroom even ervan af moeten halen, waardoor mijn pc uitging en deze startte daarna helaas weer niet goed op. Wilt u deze topic alstublieft nog niet sluiten, want zodra mijn pc weer normaal start kan ik pas uw instructie uitvoeren. Dank u!
  2. daverend
    Bedankt voor uw reactie! Ik heb geluk, de computer startte eindelijk weer eens gewoon op! Nu kan ik gaan uitvoeren wat u mij adviseerde. Hier heb ik morgenavond hoogstwaarschijnlijk de tijd voor. Ik zal het resultaat van de test daarna hier posten.
  3. daverend
    Goedendag, Ik heb een Compaq uit 2006 met Windows XP en als ik mijn pc aan zet dan krijg ik wel het beginscherm van Compaq te zien,maar daarna start mijn pc niet meer verder op. Ik moest mijn pc lang aan laten staan om erop te kunnen blijven werken, maar na lange tijd wordt deze trager en moet ik ook wel eens updates doen voor mijn pc-beveiliging dus moet af en toe toch opnieuw starten. Soms doet hij ineens wel verder opstarten, maar meestal niet. Eerst dacht ik dat het batterij-tje die in de pc zit, leeg was waardoor de pc niet verder opstartte, maar deze is inmiddels vervangen en het probleem blijft nog steeds. Toen de pc de laatste keer wel verder opstartte, kon ik er niet goed op werken omdat deze steeds terugkerend na enkele minuten even een paar seconden bleef hangen. Dus wilde ik voor de zekerheid een virusscan doen. Deze scan bleef hangen bij 17%. Op dat moment was hij bezig de opstartsectie (Bios?) te scannen. Zou het met een defect in de bios te maken kunnen hebben? Of zijn er nog andere mogelijke problemen? B.v. defect in de harde schijf? Om deze vraag te stellen, maak ik momenteel tijdelijk gebruik van de laptop van een familielid. Maar zou graag zo snel mogelijk weer mijn eigen pc willen gebruiken. Kunt u mij inlichten over wat de oorzaak kan zijn en hoe ik dit dien op te lossen? Bij voorbaat dank. Vriendelijke groeten, D. Meuleberg
  4. daverend
    Het probleem is opgelost. Heb na defogger en een reboot, AVG nogmaals laten scannen, hij geeft de 2 bestanden niet meer weer als zogenaamde bedreiging. Mijn dank is zeer groot!!!
  5. daverend
    Als reactie op Maxstar: ik heb een aantal onderdelen van DVDVideoSoft geinstalleerd. Dit is wel al lang geleden, ik weet niet eens meer wanneer. (Ik heb van de meeste onderdelen al lang geen software-update meer heb uitgevoerd). Maar heb er eigenlijk nooit problemen mee gehad wat betreft detectie-meldingen van AVG. Kan dit misschien toch nu de veroorzaker zijn? Zo ja, hoe kan ik dat met zekerheid vaststellen? En is het noodzakelijk dit uit te schakelen/ te verwijderen? Want ik gebruik het programma op regelmatige basis.
  6. daverend
    Bij het opstarten van Combofix geeft het de volgende melding weer: "ComboFix heeft vastgesteld dat de volgende real time scanner(s) actief zijn: antivirus: AVG update module" Toch heb ik voordat ik ComboFix opstartte, volgens de instructies op de betreffende website van bleepingcomputer.com, AVG uitgeschakeld via rechtermuisknop, vervolgens geklikt op: "Beveiliging door AVG uitschakelen". Als ik er nog eens op zou klikken staat er "Beveiliging door AVG inschakelen". Dus AVG is inderdaad uitgeschakeld. Maar wat moet ik dan nog meer doen om de update module uit te schakelen?
  7. daverend
    Helaas geeft AVG na een nieuwe virusscan deze twee bestanden nog steeds weer. Het vreemde is ook, dat als ik naar de betreffende map ga waar deze bestanden in zouden moeten staan, ze niet te vinden zijn. En ik heb 'verborgen mappen weergeven' aan staan
  8. daverend
    Zoek.exe Version 4.0.0.2 Updated 02-March-2013 Tool run by Administrator on za 02-03-2013 at 20:26:26,73. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Desktop Tray Clock\DTClock.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor zoek.zip\zoek.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{76CFD0CD-240B-4447-B616-94783628092D} deleted successfully HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{D565ACA0-4530-4596-9DF1-88146F4F0050} deleted successfully HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{ECE851C0-0209-4725-B086-94D050FCA641} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default user.js not found ---- Lines OneClickDownload removed from prefs.js ---- ---- Lines OneClickDownload modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_02-03-2013_2032_.backup ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default user.js not found ---- Lines OneClickDownload removed from prefs.js ---- user_pref("network.protocol-handler.warn-external.oneclickdownload", false); ---- Lines OneClickDownload modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_02-03-2013_2032_.backup ProfilePath: C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default user.js not found ---- Lines OneClickDownload removed from prefs.js ---- user_pref("network.protocol-handler.warn-external.oneclickdownload", false); ---- Lines OneClickDownload modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_02-03-2013_2032_.backup ==== System Specs ====================== Windows: Windows XP Professional Service Pack 3 (Build 2600) Internet Explorer: 7.0.5730.13 Memory (RAM): 960 MB CPU Info: Intel® Pentium® D CPU 2.66GHz CPU Speed: 2603,0 MHz Sound Card: Realtek HD Audio rear output | Display Adapters: ATI RADEON XPRESS 200 Series | ATI RADEON XPRESS 200 Series | NetMeeting driver | RDPDD Chained DD Monitors: 1x; V201LZ201942MD20666 | V201LZ201942MD20666 | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SH-222BB | F: IDE-DVD DROM6216 Ports: COM Ports NOT Present. LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 97,7GB | D: 181,8GB | L: 1396,9GB Hard Disks - Free: C: 49,4GB | D: 173,6GB | L: 594,2GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/17/06 | HP-CPC - 8000617 Time Zone: West-Europa (standaardtijd) Motherboard *: Hewleet-Packard Asterope2 Sun Java version: 1.6.0_07 Country: Nederland Language: NLD ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Documents and Settings\Administrator\Application Data ====== ====== C:\Documents and Settings\Administrator ====== ====== C: exe-files == 2013-02-28 23:31:05 0415AB744E0BE99287ABAFE434365346 1931088 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\FixTDSS.exe === C: other files == 2013-03-01 17:44:55 833A32C63F92724611EDA5F6854F7B63 902863 ----a-w- C:\WINDOWS\Temp\avgdiag2\28525365-80a7-4816-8f7d-25387d22e720\out\28525365-80a7-4816-8f7d-25387d22e720[0cccbbfc-27ef-47d6-8256-d15067a3a010].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" [HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "ehTray"="C:\WINDOWS\ehome\ehtray.exe" "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SilverCrest PH 1012B"="C:\WINDOWS\Silvercrest PH 1012B.exe" "Launch SilverCrest DMTS2017-K"="C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe" "Launch SilverCrest DMTS2017-M"="C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin" ==== Startup Folders ====================== 2012-07-29 12:06:51 1007 ----a-w- C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Wuala.lnk 2012-05-31 12:25:45 1815 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk 2012-05-31 12:27:27 805 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk 2010-11-13 03:13:27 1725 ----a-r- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\RocketDock.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500Core.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [21-09-2012 22:08] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500UA.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [21-09-2012 22:08] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default - DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 - LavaFox V2-Blue - %ProfilePath%\extensions\djziggy@gmail.com - FT SleekDark - %ProfilePath%\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} - Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default E0FF893763BA82BAABB869A351F0C455 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update A3E477ACDA2C5A427E56FB075ADEB536 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll - Shockwave Flash 21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat 9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9 C41576CBD076B6895C20B465CDC26958 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9 D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9 7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9 D9F5A433758BC151850E53690D57663A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9 2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9 8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9 15A40ADA2CFCC400348E37A40237337E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM B3EFFE7C6EDBA9A754158B8EA2BF7BBA - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9 C41576CBD076B6895C20B465CDC26958 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9 D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9 7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9 D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9 2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9 8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9 21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat BF2AD333C79072EEBE5AE0D72670E64E - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 14:13] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft\dvsYoutubeDownload.crx[26-09-2012 18:56] AVG Safe Search - Administrator - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" "Default_Search_URL"="http://www.google.nl" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" "Start Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{76CFD0CD-240B-4447-B616-94783628092D}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76CFD0CD-240B-4447-B616-94783628092D}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C09ED1D4-B134-4F60-8B26-5E6FF788D1F7} Google Zoeken Url="http://www.google.nl/search?hl=nl&q={searchTerms}&meta=" ==== Silent Runners ====================== "Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} SkinClock = C:\Program Files\Desktop Tray Clock\DTClock.exe [null data] Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] KiesHelper = C:\Program Files\Samsung\Kies\KiesHelper.exe /s [null data] KiesTrayAgent = C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [samsung Electronics Co., Ltd.] KiesPDLR = C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [null data] Google Update = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [Google Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDCPL = RTHDCPL.EXE [Realtek Semiconductor Corp.] Alcmtr = ALCMTR.EXE [Realtek Semiconductor Corp.] ehTray = C:\WINDOWS\ehome\ehtray.exe [MS] SkinClock = C:\Program Files\Desktop Tray Clock\DTClock.exe [null data] NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh] StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] SilverCrest PH 1012B = C:\WINDOWS\Silvercrest PH 1012B.exe [null data] Launch SilverCrest DMTS2017-K = C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [siliten] Launch SilverCrest DMTS2017-M = C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [siliten] DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data] HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Development Company, L.P.] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] AVG_UI = "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = IE7Pro -> {HKLM.CLSID} = IE7Pro BHO \InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM.CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video> -> {HKLM.CLSID} = DivX Plus Web Player HTML5 <video> \InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = WormRadar.com IESiteBlocker.NavFilter -> {HKLM.CLSID} = AVG Safe Search \InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgssie.dll [file not found] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM.CLSID} = SSVHelper Class \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [sun Microsystems, Inc.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM.CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM.CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 0WualaOverlayIcon1\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM.CLSID} = WualaOverlayIcon 1 \InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG] 0WualaOverlayIcon2\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM.CLSID} = WualaOverlayIcon 2 \InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG] 0WualaOverlayIcon3\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM.CLSID} = WualaOverlayIcon 3 \InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG] 0WualaOverlayIcon4\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM.CLSID} = WualaOverlayIcon 4 \InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG] 1EldosIconOverlay\(Default) = {20D9C431-26EC-4A8A-96B5-ECF7528E2F0A} -> {HKLM.CLSID} = 1EldosIconOverlay \InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation] EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} -> {HKLM.CLSID} = VSMntNtfOverlayIcon Class \InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42071714-76d4-11d1-8b24-00a0c9068ff3} = Configuratiescherm-uitbreiding Beeldscherm-panning -> {HKLM.CLSID} = Configuratiescherm-uitbreiding Beeldscherm-panning \InProcServer32\(Default) = deskpan.dll [file not found] {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding -> {HKLM.CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {8A56567E-A333-4843-B6E1-C3A262E41D8C} = HashTab Property Page -> {HKLM.CLSID} = HashPage Class \InProcServer32\(Default) = C:\Program Files\HashTab Shell Extension\HashTab32.dll [beeblebrox.org] {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension -> {HKLM.CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM.CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Advanced Micro Devices, Inc.] {0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler -> {HKLM.CLSID} = CLSID_WLMCMimeFilter \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM.CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM.CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM.CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM.CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> {HKLM.CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> BootExecute = autocheck autochk *|pgdfgsvc C 1 [sysinternals - www.sysinternals.com]|C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> linkscanner\CLSID = {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -> {HKLM.CLSID} = XPLPPFilter Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgpp.dll [file not found] <<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM.CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM.CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] <<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM.CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies] <<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM.CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM.CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ HashTab\(Default) = {8A56567E-A333-4843-B6E1-C3A262E41D8C} -> {HKLM.CLSID} = HashPage Class \InProcServer32\(Default) = C:\Program Files\HashTab Shell Extension\HashTab32.dll [beeblebrox.org] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM.CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM.CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM.CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM.CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM.CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Advanced Micro Devices, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM.CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM.CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM.CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM.CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoUserNameInStartMenu = (REG_DWORD) dword:0x00000001 {unrecognized setting} NoSaveSettings = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Desktop| Don't save settings at exit} NoRecentDocsMenu = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoRemoteRecursiveEvents = (REG_DWORD) dword:0x00000001 {unrecognized setting} NoRecentDocsMenu = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ InstallVisualStyle = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Inspirat\Inspirat.msstyles {unrecognized setting} InstallTheme = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Ultimate.theme {unrecognized setting} NoInternetOpenWith = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = %APPDATA%\Mozilla\Firefox\Bureaubladachtergrond.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Bureaubladachtergrond.bmp Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ EHomeMusicDropTarget\ Provider = Media Center InvokeProgID = EHomeDropTarget.EHomeMusicDropTarget InvokeVerb = play HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = {ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C} -> {HKLM.CLSID} = EHomeMusicDropTarget Class \InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS] EHomePhotosHandler\ Provider = Media Center InvokeProgID = EHomeDropTarget.EHomePhotosHandler InvokeVerb = play HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = {4b7601c1-d292-4902-89f4-583a5ce0c535} -> {HKLM.CLSID} = EHomePhotosHandler Class \InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS] EHomeVideoDropTarget\ Provider = Media Center InvokeProgID = EHomeDropTarget.EHomeVideoDropTarget InvokeVerb = play HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = {A48E70A4-8E15-4465-9D85-CCE9E63F8AAB} -> {HKLM.CLSID} = EHomeVideoDropTarget Class \InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS] EHomeVideosHandler\ Provider = Media Center InvokeProgID = EHomeDropTarget.EHomeVideosHandler InvokeVerb = play HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = {4f61ec50-acef-4ae7-b4c6-b19bddc0f745} -> {HKLM.CLSID} = EHomeVideosHandler Class \InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS] HPAutoplayExpress\ Provider = HP Photosmart Express-software InvokeProgID = HpqUnApl.Autoplay InvokeVerb = Express HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Express\DropTarget\CLSID = {57FA3F08-E36E-4820-9CC4-122D46114993} -> {HKLM.CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard] HPUnloadAutoplay\ Provider = HP Photosmart Overbrengen-software InvokeProgID = HpqUnApl.Autoplay InvokeVerb = Play HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0} -> {HKLM.CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM.CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten {++} Wuala -> shortcut to: C:\Documents and Settings\Administrator\Application Data\Wuala\Roaming\Wuala.exe -silent [LaCie] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++} HP Digital Imaging Monitor -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Development Company, L.P.] HP Photosmart Premier Snelstart -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s [null data] RocketDock -> shortcut to: C:\Program Files\RocketDock\RocketDock.exe [null data] Enabled Scheduled Tasks: {++} ------------------------ GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500Core -> launches: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500UA -> launches: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SmartDefrag -> launches: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule [iObit] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {000002A3-84FE-43F1-B958-F2C3CA804F1A}\ ButtonText = IE7Pro Grab and Drag MenuText = IE7Pro Grab and Drag CLSIDExtension = {CD275D4E-791A-4993-9D4D-6A071EDD2709} -> {HKLM.CLSID} = IE7Pro GrabDragBtn \InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com] {0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\ ButtonText = IE7Pro Preferences MenuText = IE7Pro Preferences CLSIDExtension = {B119EB0C-C021-46CF-85B0-34A760E0D5FE} -> {HKLM.CLSID} = IE7Pro ToolsExt \InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ MenuText = Sun Java Console CLSIDExtension = {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} -> {HKCU.CLSID} = Java Plug-in 1.6.0_07 \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [sun Microsystems, Inc.] -> {HKLM.CLSID} = Java Plug-in 1.6.0_07 \InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Microsystems, Inc.] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM.CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {8B2D996F-B7D1-4961-A929-414D9CF5BA7B}\ ButtonText = MS-KB MenuText = MS-KB Exec = Microsoft Support [file not found] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] Media Center Extender Service, McrdSvc, C:\WINDOWS\ehome\mcrdsvc.exe [MS] Media Center Receiver Service, ehRecvr, C:\WINDOWS\eHome\ehRecvr.exe [MS] Media Center Scheduler-service, ehSched, C:\WINDOWS\eHome\ehSched.exe [MS] Mobiel Apple apparaat, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] User Profile Hive Cleanup, UPHClean, C:\Program Files\UPHClean\uphclean.exe [MS] Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = HpTcpMon.dll [Hewlett Packard] PCL hpz3l054\Driver = hpz3l054.dll [Hewlett-Packard Company] ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found After Reboot ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
  9. daverend
    Ik heb op 01 maart j.l. een virusscan gedaan met AVG 2013. Hier kwamen 5 (volgens AVG) geïnfecteerde bestanden uit naar voren, waarvan ik bij 2 bestanden mijn twijfels heb of ik deze zomaar kan verwijderen of dat dit gevolgen zal hebben voor de werking van mijn pc met Windows xp. Het gaat om de volgende meldingen: "";"atapi.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> spgm.sys +0x2040, C:\WINDOWS\system32\drivers\spgm.sys";"Geïnfecteerd" "";"atapi.sys, koppelpunt import HAL.dll READ_PORT_BUFFER_USHORT -> spgm.sys +0x213C, C:\WINDOWS\system32\drivers\spgm.sys";"Geïnfecteerd" Via Google heb ik zelf al op een forum vernomen, hiervoor mijn pc eens te scannen met FixTDSS.exe. Dit heb ik gedaan, daarna mijn pc opnieuw opgestart en nogmaals gescand met AVG 2013. Hieruit bleek dat de betreffende geïnfecteerde bestanden nog steeds op mijn pc staan. Dus dit hielp niet. Wat te doen? Bij voorbaat hartelijk dank. Met vriendelijke groet, David.
  10. daverend
    Hoe moet ik dan zo'n schermafbeelding maken? Is er geen andere optie dan een herstelpunt, want misschien ben ik anders dingen kwijt die ik daarna heb gedownload...of niet?
  11. daverend
    Beste, Sinds een paar weken heb ik de software + driver-installatie software cd-roms geïnstalleerd op mijn pc van een Voip-telefoon van Silvercrest. Een dag of 2 later heb ik schijfopruiming gedaan met CCleaner en daarna AVG Virussoftware mijn computer laten scannen, wat ik regelmatig doe. Er waren een paar bestanden gevonden die mogelijk een gevaar zouden vormen voor mijn pc. Deze heb ik dus verwijderd. Op een gegeven ogenblik kreeg ik een foutmelding in beeld. Namelijk: "Silvercrest PH1012B.exe werd vernietigd. Gelieve het bestand opnieuw te installeren." Naar alle waarschijnlijkheid, heb ik door het virusprogramma te laten scannen mogelijk dit bestand wat nodig is om de Voip-telefoon te kunnen gebruiken, verwijderd. Dus heb ik natuurlijk alle software helemaal verwijderd en alles opnieuw geïnstalleerd. De telefoon werkt prima. Toch krijg ik nog steeds de foutmelding in mijn scherm telkens als ik de computer opnieuw opstart. Hoe krijg ik dat verwijderd en opgelost? Heb ik daar Killbox voor nodig of kan het ook op een minder rigoureuze manier? Ik heb overigens ook een Silvercrest toetsenbord en muis. Deze werken naar behoren. Zou het misschien ook hiermee te maken kunnen hebben? Graag uitleg en evt. stappenplan. Bij voorbaat dank voor al uw moeite. Met vriendelijke groet, D.M.
  12. daverend
    Ik had vanmiddag een heel aantal programma's lopen op de pc. Toen bleef hij hangen. Nadat ik ctrl-alt-del intoetste kreeg ik een foutmelding dat hij de taskmanager niet eens meer kon opstarten. Dus heb pc handmatig uit moeten zetten. Toen ik hem weer opstartte kreeg ik een zwart scherm met verschillende opstartmogelijkheden, te weten in 'veilige modus', 'laatst bekende juiste configuratie' etc. Al deze opties (incl. de extra opties onder F8) werken geen van alle. Hij blijft opnieuw opstarten nadat het windows-logo 2 seconden in beeld komt. Als ik het 'opnieuw opstarten' uitschakel bij de F8 optie, krijg ik het gevreesde blauwe scherm met onderaan de technische info: ***STOP: 0x00000024 (0x00190203, 0x857CA008, 0xC0000102, 0x00000000) Wat moet ik nu doen???? Op internet staat iets beschreven over checkdisk (CHKDSK/F) maar dit kan ik niet toepassen aangezien ik niet meer in Windows XP kom en hij steeds opnieuw opstart en heb geen mogelijkheid meer tegenwoordig om in DOS te komen op mijn PC. Ik heb trouwens geen installatie-cdROM bijgeleverd gekregen toen ik deze pc nieuw gekocht heb. En ik heb ook nog iets gelezen over knoppix, is dat een optie? En hoe moet dat dan? Ik ben op pc-technisch gebied een leek, dus in begrijpelijke termen uitleggen svp. Bij voorbaat hartelijk dank. Ik hoop snel reactie van u te mogen ontvangen. Gr David
  13. daverend
    Ik heb laatst het Antimalware Doctor virus op pc met Windows XP gehad en met succes met jullie hulp verwijderd. Het geval is nu dat i-Tunes bij opstarten de volgende melding geeft: "De registerinstellingen die door de iTunes-stuurprogramma's worden gebruikt voor het importeren en branden van cd's en dvd's ontbreken. Mogelijk hebt u andere software voor het branden van cd's geinstalleerd." (Dit is niet het geval!) "Installeer iTunes opnieuw." Als ik op "ok" druk start iTunes gewoon op en werkt (behalve bovenstaand onderdeel) verder wel alles. Als ik vervolgens naar updates zoek om het probleem op te lossen, krijg ik de mogelijkheid om versie 9.2.1 te downloaden. Als ik daarna de nieuwe setup wil doen, lijkt het erop dat iTunes VOLLEDIG opnieuw geinstalleerd gaat worden. Ik heb geen optie om alleen een update te doen en mijn bestaande iTunes inclusief de muziekafspeellijsten indeling te behouden. Dus heb de installatie afgebroken, met als gevolg dat ik geen nieuwe versie heb en bij opstarten van iTunes de bovenstaande melding blijft terug komen. Wil iemand mij helpen om hier iets aan te doen?? Bij voorbaat dank
  14. daverend
    c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh Dit bestand is niet te vinden. (Heb verborgen mappen weergegeven). Als ik met 'Zoeken' probeer geeft deze ook geen resultaten weer. Wat nu? Moet ik Combofix en HJT weer verwijderen van mijn pc? U heeft nog geen antwoord gegeven op mijn vraag of ik er goed aan doe om een programma als bv. Rootkit Revealer om de zoveel tijd mijn pc te laten scannen. Ik ben u nogmaals zeer dankbaar voor uw hulp en medewerking!! (PS. Olivier1991: je kunt beter een nieuwe eigen topic aanmaken. De medewerkers van deze site helpen je dan verder). EDIT : eigen topic aangemaakt voor Olivier1991 !
  15. daverend
    ComboFix 10-07-21.01 - Compaq_Eigenaar 22-07-2010 3:22.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.439 [GMT 2:00] Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} FILE :: "c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ask.com c:\program files\Ask.com\btn_search.png c:\program files\Ask.com\limewire_logo.png . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ewznc (((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))) . 2010-07-22 01:07 . 2010-07-22 01:07 -------- d--h--r- c:\documents and settings\Compaq_Eigenaar\Onlangs geopend 2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\TeamViewer 2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\program files\TeamViewer 2010-07-20 07:49 . 2010-07-20 07:49 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\ProgSense 2010-07-20 07:37 . 2010-07-20 07:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\GrabPro 2010-07-19 19:26 . 2010-07-19 19:55 -------- d-----w- c:\program files\1-Click YouTube Downloader 2010-07-19 14:23 . 2010-07-19 14:23 -------- d-----w- c:\program files\Trend Micro 2010-07-19 13:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-19 13:38 . 2010-07-19 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 13:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-18 21:01 . 2010-07-19 11:36 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh 2010-07-18 16:09 . 2010-07-18 16:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 10:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 00:56 . 2010-07-12 00:56 322352 ----a-w- c:\program files\utorrent.exe 2010-07-11 23:13 . 2010-07-11 23:13 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free YouTube Downloader 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free MP3 Cutter 2010-07-11 17:53 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll 2010-07-11 17:53 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll 2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll 2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll 2010-07-11 17:53 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll 2010-07-11 17:53 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll 2010-07-11 17:53 . 2005-03-29 05:57 2084864 ----a-w- c:\windows\system32\NCTAudioDesign2.dll 2010-07-11 17:53 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll 2010-07-11 17:53 . 2005-03-28 13:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll 2010-07-11 17:53 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll 2010-07-11 17:53 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll 2010-07-11 17:53 . 2010-07-11 17:53 -------- d-----w- c:\program files\All Free MP3 Cutter 2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes 2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-05 18:02 . 2010-07-05 18:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-05 18:02 . 2010-07-15 14:19 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\skypePM 2010-07-05 18:01 . 2010-07-15 15:30 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Skype 2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\program files\Common Files\Skype 2010-07-05 18:00 . 2010-07-05 18:01 -------- d-----r- c:\program files\Skype 2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 17:01 . 2007-03-19 20:58 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\uTorrent 2010-07-19 18:41 . 2007-03-22 03:56 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\ImgBurn 2010-07-18 23:21 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire 2010-07-18 16:09 . 2008-06-18 07:42 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-18 16:09 . 2008-06-18 07:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-12 09:13 . 2007-10-21 22:16 -------- d-----w- c:\program files\MagicISO 2010-07-11 23:39 . 2009-08-25 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime 2010-07-11 23:38 . 2007-03-19 21:43 -------- d-----w- c:\program files\Yahoo! 2010-07-11 23:36 . 2006-06-29 08:11 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-11 23:36 . 2006-06-29 08:15 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-07-11 23:30 . 2007-01-01 22:00 -------- d-----w- c:\program files\SoundSpectrum 2010-06-11 21:36 . 2006-11-30 22:54 -------- d-----w- c:\program files\LimeWire 2010-06-04 17:24 . 2009-11-22 22:01 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-03 07:01 . 2007-02-23 07:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-02 17:51 . 2010-06-02 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-02 17:51 . 2008-06-18 07:41 -------- d-----w- c:\program files\AVG 2010-05-12 09:21 . 2009-10-03 00:40 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 17:21 . 2004-08-03 21:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2009-07-24 23:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2004-08-03 21:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 08:10 . 2004-08-03 21:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2007-09-09 14:46 . 2007-09-09 14:46 1740 -c--a-w- c:\program files\WinZip.lnk 2007-08-08 09:11 . 2007-08-08 09:11 1612 -c--a-w- c:\program files\QuickTime Player.lnk 2007-07-18 06:26 . 2007-07-18 06:26 1487 -c--a-w- c:\program files\DivX Movies.lnk 2007-07-18 06:26 . 2007-07-18 06:26 803 -c--a-w- c:\program files\DivX Player.lnk 2007-07-18 06:26 . 2007-07-18 06:26 814 -c--a-w- c:\program files\DivX Converter.lnk 2007-05-14 20:11 . 2007-05-14 20:11 1049 -c--a-w- c:\program files\Octoshape Streaming Services.lnk 2007-03-27 19:55 . 2007-03-27 19:55 9187 -c--a-w- c:\program files\bin2iso.zip 2007-03-25 21:50 . 2007-03-25 21:50 44823560 -c--a-w- c:\program files\TDA2-retail-2.1.9.90-install_EN.exe 2007-03-21 17:51 . 2007-03-21 17:51 765 -c--a-w- c:\program files\dvdXsoft DVD Ripper.lnk 2007-03-06 17:36 . 2007-03-06 17:36 2726335 -c--a-w- c:\program files\XstreamRadio_3.02a.exe 2007-02-18 00:10 . 2007-02-18 00:10 1932 -c--a-w- c:\program files\HP Documentviewer.lnk 2007-02-18 00:08 . 2007-02-18 00:08 1012 -c--a-w- c:\program files\HP Solution Center.lnk 2007-02-13 17:41 . 2007-02-13 17:41 212849 -c--a-w- c:\program files\hijackthis.zip 2007-01-16 11:32 . 2007-01-16 11:32 1748 -c--a-w- c:\program files\Adobe Reader 7.0.lnk 2006-11-26 02:36 . 2006-11-25 20:49 1585 -c--a-w- c:\program files\@Home Help.lnk 2006-06-29 08:33 . 2006-11-25 20:38 1877 -c--a-w- c:\program files\Te downloaden spellen.lnk 2006-06-29 08:30 . 2006-06-29 08:30 2018 -c--a-w- c:\program files\Help en ondersteuning.lnk 2006-06-29 08:25 . 2006-11-25 20:38 731 -c--a-w- c:\program files\Wizard softwareherstel.lnk 2006-06-29 08:18 . 2006-11-25 20:38 905 -c--a-w- c:\program files\RealPlayer.lnk . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "DataCardMonitor"="c:\program files\Internet Manager\DataCardMonitor.exe" [2009-08-29 249856] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WTGU.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\WTGU.lnk backup=c:\windows\pss\WTGU.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Eigenaar^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk] path=c:\documents and settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2006-02-15 13:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 14:55 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-02-10 15:00 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-02-24 17:46 147456 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2005-07-22 13:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2004-12-13 17:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-03-08 04:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-06-29 08:18 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Compaq_Eigenaar\\OctoshapeClient.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\utorrent.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-6-2008 9:42 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-6-2008 9:42 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2-6-2010 19:53 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18-7-2010 18:09 308136] R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [15-3-2006 16:35 17664] R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [27-8-2009 23:03 53307] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592] S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [15-9-2007 11:51 171264] S3 STFSD;STFSD;\??\c:\program files\@Home\Playz Player\STFSD.SYS --> c:\program files\@Home\Playz Player\STFSD.SYS [?] . Inhoud van de 'Gedeelde Taken' map 2010-07-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll Trusted Zone: rtl.nl\www DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} - hxxp://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB FF - ProfilePath - c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\Firefox\Profiles\a008op1l.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.blackl.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Octoshape Streaming Services\Compaq_Eigenaar\octoprogram-L03-NMS0806110_SUA_000\npoctoshape.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 03:35 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DataCardMonitor = c:\program files\Internet Manager\DataCardMonitor.exe?t=c:\windo????????x+=?rogram files\Internet Manager\?TMP=c:\docume????????????rogram files\Internet Manager\DataCardMonitor.exe?genaar?USE????F?L?0?=?0?=?ments and Settings\Compaq_Eigenaar?windir=C:\WIN scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(640) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3488) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-07-22 03:47:23 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-22 01:47 ComboFix2.txt 2010-07-21 18:10 Pre-Run: 104.014.262.272 bytes beschikbaar Post-Run: 104.006.131.712 bytes beschikbaar - - End Of File - - 6AF880CCDAC2AA0C1E7B6DF645095630
  16. daverend
    Ik heb alles zoals u beschreef uitgevoerd. Tijdens de Combofix-scan bleek er inderdaad nog een rootkit: 'Kitty had a snack ' op te zitten. Wat moet ik nu nog doen? Is het overigens verstandig om af en toe mijn pc te scannen op rootkits met Combofix? Of kan ik dat beter doen met bv. Rootkit Revealer? Om nog even terug te komen op de 'All Free YouTube Downloader', die nu niet meer werkte. Ik heb verschillende andere programma's geprobeerd, zoals '1-click YouTube Downloader', 'Vdownloader' en 'Orbit', maar geen enkel programma kan een YouTube filmpje downloaden. Het lijkt erop dat ze geen verbinding kunnen maken, terwijl er wel gewoon internetverbinding is en ik ze online gewoon kan bekijken. Wat is hier aan te doen? En kan dit met de rootkit te maken hebben? Bij voorbaat dank! Hieronder de logjes van Combofix en HJT: ComboFix 10-07-20.03 - Compaq_Eigenaar 21-07-2010 19:44:31.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.959.529 [GMT 2:00] Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0 c:\documents and settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\enemies-names.txt c:\documents and settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\local.ini c:\documents and settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\lsrslt.ini c:\documents and settings\Compaq_Eigenaar\Bureaublad\[Torrentsworld.net] - VA - Popcorn Hits Zima 2009 2CDs (2008) Pop LanzamientosMp3 es.torrent c:\documents and settings\Compaq_Eigenaar\Bureaublad\[Torrentsworld.net] - VA - Popcorn Hits Zima 2009 2CDs (2008) Pop LanzamientosMp3 es.torrent D:\Autorun.inf G:\Autorun.inf Besmet exemplaar van c:\windows\system32\drivers\ohci1394.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS (((((((((((((((((((( Bestanden Gemaakt van 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))) . 2010-07-21 12:10 . 2010-07-21 12:10 -------- d--h--r- c:\documents and settings\Compaq_Eigenaar\Onlangs geopend 2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\TeamViewer 2010-07-20 22:46 . 2010-07-20 22:46 -------- d-----w- c:\program files\TeamViewer 2010-07-20 07:49 . 2010-07-20 07:49 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\ProgSense 2010-07-20 07:37 . 2010-07-20 07:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\GrabPro 2010-07-20 07:37 . 2010-07-20 08:18 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Orbit 2010-07-20 07:37 . 2010-07-20 07:37 -------- d-----w- c:\program files\Orbitdownloader 2010-07-19 19:26 . 2010-07-19 19:55 -------- d-----w- c:\program files\1-Click YouTube Downloader 2010-07-19 14:23 . 2010-07-19 14:23 -------- d-----w- c:\program files\Trend Micro 2010-07-19 13:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-19 13:38 . 2010-07-19 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 13:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-18 21:01 . 2010-07-19 11:36 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh 2010-07-18 16:09 . 2010-07-18 16:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 10:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-12 00:56 . 2010-07-12 00:56 322352 ----a-w- c:\program files\utorrent.exe 2010-07-11 23:13 . 2010-07-11 23:13 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free YouTube Downloader 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\All Free MP3 Cutter 2010-07-11 17:53 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll 2010-07-11 17:53 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll 2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll 2010-07-11 17:53 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll 2010-07-11 17:53 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll 2010-07-11 17:53 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll 2010-07-11 17:53 . 2005-03-29 05:57 2084864 ----a-w- c:\windows\system32\NCTAudioDesign2.dll 2010-07-11 17:53 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll 2010-07-11 17:53 . 2005-03-28 13:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll 2010-07-11 17:53 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll 2010-07-11 17:53 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll 2010-07-11 17:53 . 2010-07-11 17:53 -------- d-----w- c:\program files\All Free MP3 Cutter 2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes 2010-07-11 09:54 . 2010-07-11 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-09 12:45 . 2010-07-09 12:45 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-05 18:02 . 2010-07-05 18:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-07-05 18:02 . 2010-07-15 14:19 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\skypePM 2010-07-05 18:01 . 2010-07-15 15:30 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\Skype 2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\program files\Common Files\Skype 2010-07-05 18:00 . 2010-07-05 18:01 -------- d-----r- c:\program files\Skype 2010-07-05 18:00 . 2010-07-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 17:01 . 2007-03-19 20:58 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\uTorrent 2010-07-19 18:41 . 2007-03-22 03:56 -------- d--h--w- c:\documents and settings\Compaq_Eigenaar\Application Data\ImgBurn 2010-07-18 23:21 . 2010-06-11 21:37 -------- d-----w- c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire 2010-07-18 16:09 . 2008-06-18 07:42 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-18 16:09 . 2008-06-18 07:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-12 09:13 . 2007-10-21 22:16 -------- d-----w- c:\program files\MagicISO 2010-07-11 23:39 . 2009-08-25 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime 2010-07-11 23:38 . 2007-03-19 21:43 -------- d-----w- c:\program files\Yahoo! 2010-07-11 23:36 . 2006-06-29 08:11 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-11 23:36 . 2006-06-29 08:15 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-07-11 23:30 . 2007-01-01 22:00 -------- d-----w- c:\program files\SoundSpectrum 2010-06-11 21:58 . 2010-03-09 09:01 -------- d-----w- c:\program files\Ask.com 2010-06-11 21:36 . 2006-11-30 22:54 -------- d-----w- c:\program files\LimeWire 2010-06-04 17:24 . 2009-11-22 22:01 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-03 07:01 . 2007-02-23 07:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-02 17:51 . 2010-06-02 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-06-02 17:51 . 2008-06-18 07:41 -------- d-----w- c:\program files\AVG 2010-05-12 09:21 . 2009-10-03 00:40 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 17:21 . 2004-08-03 21:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2009-07-24 23:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2004-08-03 21:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 08:10 . 2004-08-03 21:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2007-09-09 14:46 . 2007-09-09 14:46 1740 -c--a-w- c:\program files\WinZip.lnk 2007-08-08 09:11 . 2007-08-08 09:11 1612 -c--a-w- c:\program files\QuickTime Player.lnk 2007-07-18 06:26 . 2007-07-18 06:26 1487 -c--a-w- c:\program files\DivX Movies.lnk 2007-07-18 06:26 . 2007-07-18 06:26 803 -c--a-w- c:\program files\DivX Player.lnk 2007-07-18 06:26 . 2007-07-18 06:26 814 -c--a-w- c:\program files\DivX Converter.lnk 2007-05-14 20:11 . 2007-05-14 20:11 1049 -c--a-w- c:\program files\Octoshape Streaming Services.lnk 2007-03-27 19:55 . 2007-03-27 19:55 9187 -c--a-w- c:\program files\bin2iso.zip 2007-03-25 21:50 . 2007-03-25 21:50 44823560 -c--a-w- c:\program files\TDA2-retail-2.1.9.90-install_EN.exe 2007-03-21 17:51 . 2007-03-21 17:51 765 -c--a-w- c:\program files\dvdXsoft DVD Ripper.lnk 2007-03-06 17:36 . 2007-03-06 17:36 2726335 -c--a-w- c:\program files\XstreamRadio_3.02a.exe 2007-02-18 00:10 . 2007-02-18 00:10 1932 -c--a-w- c:\program files\HP Documentviewer.lnk 2007-02-18 00:08 . 2007-02-18 00:08 1012 -c--a-w- c:\program files\HP Solution Center.lnk 2007-02-13 17:41 . 2007-02-13 17:41 212849 -c--a-w- c:\program files\hijackthis.zip 2007-01-16 11:32 . 2007-01-16 11:32 1748 -c--a-w- c:\program files\Adobe Reader 7.0.lnk 2006-11-26 02:36 . 2006-11-25 20:49 1585 -c--a-w- c:\program files\@Home Help.lnk 2006-06-29 08:33 . 2006-11-25 20:38 1877 -c--a-w- c:\program files\Te downloaden spellen.lnk 2006-06-29 08:30 . 2006-06-29 08:30 2018 -c--a-w- c:\program files\Help en ondersteuning.lnk 2006-06-29 08:25 . 2006-11-25 20:38 731 -c--a-w- c:\program files\Wizard softwareherstel.lnk 2006-06-29 08:18 . 2006-11-25 20:38 905 -c--a-w- c:\program files\RealPlayer.lnk . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "DataCardMonitor"="c:\program files\Internet Manager\DataCardMonitor.exe" [2009-08-29 249856] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-18 2065760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WTGU.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\WTGU.lnk backup=c:\windows\pss\WTGU.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Eigenaar^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk] path=c:\documents and settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2006-02-15 13:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-09-07 14:55 267064 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-02-10 15:00 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-02-24 17:46 147456 ----a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] 2005-07-22 13:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2004-12-13 17:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-03-08 04:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2006-06-29 08:18 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Octoshape Streaming Services\\Compaq_Eigenaar\\OctoshapeClient.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\utorrent.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18-6-2008 9:42 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18-6-2008 9:42 243024] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2-6-2010 19:53 921952] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [18-7-2010 18:09 308136] R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [15-3-2006 16:35 17664] R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [27-8-2009 23:03 53307] S0 ewznc;ewznc; [x] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592] S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [15-9-2007 11:51 171264] S3 STFSD;STFSD;\??\c:\program files\@Home\Playz Player\STFSD.SYS --> c:\program files\@Home\Playz Player\STFSD.SYS [?] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - GTNDIS5 . Inhoud van de 'Gedeelde Taken' map 2010-07-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll Trusted Zone: rtl.nl\www DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} - hxxp://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB FF - ProfilePath - c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\Firefox\Profiles\a008op1l.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.blackl.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\Compaq_Eigenaar\Application Data\Mozilla\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Octoshape Streaming Services\Compaq_Eigenaar\octoprogram-L03-NMS0806110_SUA_000\npoctoshape.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe MSConfigStartUp-ISUSScheduler - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe MSConfigStartUp-M5T8QL3YW3 - c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Gfx.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-21 19:57 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DataCardMonitor = c:\program files\Internet Manager\DataCardMonitor.exe?t=c:\windo????????x+=?rogram files\Internet Manager\?TMP=c:\docume????????????rogram files\Internet Manager\DataCardMonitor.exe?genaar?USE????F?L?0?=?0?=?ments and Settings\Compaq_Eigenaar?windir=C:\WIN scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2436) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2010-07-21 20:10:27 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-21 18:10 Pre-Run: 103.710.527.488 bytes beschikbaar Post-Run: 104.009.203.712 bytes beschikbaar - - End Of File - - A49184949DB0387A4E50ECE4AAFCA2B6 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:42:18, on 21-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\Internet Manager\DataCardMonitor.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: RTL.NL O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ievooooo.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} (SFAutoInstall Class) - http://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -- End of file - 10012 bytes
  17. daverend
    Beste kape, Mijn probleem was goed opgelost, maar ik zat vandaag aan de pc en kreeg rechtsonder in lopende programma's-balk weer een icoontje wat precies hetzelfde eruitzag als het Antimalware Doctor icoontje. Er kwam een ballon bij waar in stond dat mijn pc mogelijk besmet zou zijn en moest erop klikken om het probleem op te lossen. Dat heb ik natuurlijk niet gedaan. Ik heb alle lopende programma's en internetverbinding afgesloten, vervolgens Malware Bytes weer laten scannen, deze heeft niets gevonden. Maar blijkbaar zit er toch nog iets op pc wat ervoor zorgde dat het Ant. Doctor icoon terug kwam. Hoe krijg ik dit eruit? Heb voor de zekerheid maar weer Hijackthis gedownload. Zie logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:51:38, on 21-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Manager\DataCardMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\Program Files\utorrent.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\Internet Manager\DataCardMonitor.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: RTL.NL O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ievooooo.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc O16 - DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} (SFAutoInstall Class) - http://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -- End of file - 11157 bytes
  18. daverend
    U bedoeld via internet op Youtube clipjes bekijken? Ja dat gaat wel gewoon. Als u zou willen kunt u met Teamviewer inloggen op mijn pc om te zoeken waar het aan ligt. Laat het even weten, dan zet ik het aan. Bij voorbaat dank.
  19. daverend
    Heb Orbit gedownload, maar hij kan geen verbinding maken, geeft hij aan. Volgens mij was dat ook het probleem bij de andere YouTube downloadprogramma's. Terwijl mijn internetverbinding gewoon aan staat. Ik kan surfen op elke site. Hoe kan dat? Ander bijkomend probleem van Orbit: als ik de nog niet gedownloade URL wil verwijderen, geeft hij aan dat er een fout is opgetreden in Orbit en wordt dan vervolgens afgesloten :-{
  20. daverend
    Ik heb net met hulp van een van jullie medewerkers 'kape' het Antimalware Doctor Virus verwijderd met groot succes. Nu doet alleen mijn 'All Free YouTube Downloader' het niet meer. Hij beweerde dat er iets fundamenteels mis mee is of er is door de besmetting iets gewijzigd. Dus heb deze gedeinstalleerd en opnieuw geinstalleerd. Maar dit werkt niet, het probleem blijft. Hij download niet, maar gaat direct naar het vervolgscherm alsof hij al klaar is met downloaden maar in werkelijkheid is er niets gedownload. Ik dacht er slim aan te doen om dan maar een ander type YouTube downloader te installeren. Ik heb het geprobeerd met de welbekende standaard 'YouTube Downloader' en met '1-Click YouTube Downloader'. Deze doen het allemaal niet, ze downloaden niks. Kan het zijn dat YouTube mij heeft getraceerd en alle URL's voor mij heeft geblokkeerd zodat ik met welk programma dan ook niet meer kan downloaden? Of is dit te ver gezocht?
  21. daverend
    Alles is gelukt! Hoe kan ik u bedanken? Ben zeer content! Heb alleen nog 1 vraag. Mijn All Free YouTube Downloader werkt nu niet meer. Heb hem gedeinstalleerd en opnieuw geinstalleerd, maar dit werkt niet. Het probleem blijft. Hij begint niet met downloaden, maar gaat meteen naar het vervolgscherm, alsof hij al klaar is, maar heeft in werkelijkheid gewoon niets gedownload. Wat nu?
  22. daverend
    Ik had zelf op andere forums gezien dat ze ook verwezen om Malwarebytes te gebruiken, dus ik veronderstelde al vóórdat ik uw reactie las dat het virus dus niets met dit programma te maken kon hebben, maar dat het deze juist detecteerd. Dus had dit al opnieuw gedownload en hij was bezig met de scan. Tijdens deze scan zag ik uw bericht en heb de stappen die u vóór het scannen met Malwarebytes heeft beschreven, dus uitgevoerd TIJDENS deze scan. Is dat een probleem? Heb na de scan pc opnieuw opgestart en alle infecties verwijderd zoals u beschreef. Het ziet er naar uit dat alles nu weer oké is en van het virus verlost ben. Heb voor de zekerheid nog een keer een snelle scan gedaan. Geen infecties meer :-D MIJN DANK IS ZEER GROOT!!! 1e + 2e Malwarebytes scan-log en nieuwe Hijackthis log staan onderaan. Zou u hierbij nog even willen controleren of nu alles goed is of dat ik nog iets moet doen? Hoop snel van u te horen. Alvast bedankt hiervoor. Vriendelijke groeten 1e scan: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4326 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 19-7-2010 17:40:12 mbam-log-2010-07-19 (17-40-12).txt Scantype: Volledige scan (C:\|D:\|) Objecten gescand: 268436 Verstreken tijd: 1 uur/uren, 43 minuut/minuten, 37 seconde(n) Geheugenprocessen geïnfecteerd: 3 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 30 Registerwaarden geïnfecteerd: 4 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 5 Bestanden geïnfecteerd: 18 Geheugenprocessen geïnfecteerd: C:\WINDOWS\Gxulua.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Documents and Settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\070700Setup.exe (Trojan.Agent.Gen) -> Unloaded process successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\Gfx.exe (Trojan.Downloader) -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e952582e-bed7-48f1-a7ee-08333198ae49} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e952582e-bed7-48f1-a7ee-08333198ae49} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e952582e-bed7-48f1-a7ee-08333198ae49} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\W34BCG2GRJ (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\070700setup.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jdk5swfmzy (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: C:\Documents and Settings\Compaq_Eigenaar\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\Gxulua.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\070700Setup.exe (Trojan.Agent.Gen) -> Delete on reboot. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\Gfx.exe (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\cfmcp.exe (Trojan.Adware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pfmcp.dll (Adware.EZlife) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\rropyvnl.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\rsxnoaemwc.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\uhedyvt.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\13C.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\Gfv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Temp\Gfw.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-595996349-1671989793-3502333187-1008\Dc7.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-8851166397-6272767414-005447604-0328\mgrls32.exe (Worm.Autorun. -> Delete on reboot. C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. 2e scan: Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4326 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 19-7-2010 18:01:51 mbam-log-2010-07-19 (18-01-51).txt Scantype: Snelle scan Objecten gescand: 151556 Verstreken tijd: 12 minuut/minuten, 32 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:16:53, on 19-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Manager\DataCardMonitor.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Zoeken - zoeken op het web R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Zoeken - zoeken op het web R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\Internet Manager\DataCardMonitor.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: RTL.NL O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ievooooo.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - Adobe - Adobe Acrobat: Create PDF file, edit PDF file, convert PDF to word, convert PDF to doc O16 - DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} (SFAutoInstall Class) - http://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -- End of file - 10322 bytes
  23. daverend
    Sinds gisteravond heeft zich het Antimalware Doctor virus op mijn pc zich kenbaar gemaakt. En hoe..Ik word er gek van. Hij gaf tevens meldingen van Antivir Solution Pro. Maar volgens mij heb ik dit al verwijderd in de WINDOWS map, want komt niet meer in beeld maar weet niet zeker of er nog iets van op pc zit. Antimalware Doctor blijft actief. Ik heb op alle pop-up vragen en waarschuwingen ervan met nee en ignore beantwoord. Ik heb na opnieuw opstarten pc in Windows Taakbeheer bij 'processen' die bij het opstarten worden geactiveerd, de bestanden eindigend op tssd (bv. hypgkxytssd.exe) gedeactiveerd en proberen te verwijderen in de WINDOWS map, deze zaten in de submap Prefetch. AVG gaf ook een Trojan Horse Clicker.AFJE aan in een net.net bestand in de submap 'system32'. Maar deze vind ik hier niet terug. Er stond wel een NET.NET bestand in de map Prefetch, die heb ik maar verwijderd voor de zekerheid. Bij opnieuw opstarten activeert zichzelf toch weer de -tssd waardoor de pop-up waarschuwingen van Antimalware Doctor weer beginnen. Ik heb zojuist wel een bestand met de naam: 'nypgkxytssd' gevonden in de map Local Settings/Application Data/miclfjkwh, deze heb ik verwijderd. Hoop dat ik hier goed aan heb gedaan(??) Ik weet het niet zeker, maar het is wel toevallig dat dit probleem zich voordoet een paar dagen na installeren van Anti Malware Bytes. Dus heb dit programma voor de zekerheid maar gedeinstalleerd. Kan iemand mij helpen dit gevaarlijke virus van mijn pc te verwijderen zonder dat ik format C hoef te doen? Alvast bedankt! Ik heb trouwens Windows XP. Hijakthis logbestand: Logfile of HijackThis v1.99.1 Scan saved at 12:37:13, on 19-7-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Gxulua.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Internet Manager\DataCardMonitor.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\070700Setup.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Gfx.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=63&bd=PRESARIO&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Street-Ads Browser Enhancer lfmcp - {40B434EB-F626-41C7-AA08-51DCE4BA04AA} - C:\WINDOWS\system32\lfmcp.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Sky-Banners Browser Enhancer pfmcp - {E952582E-BED7-48F1-A7EE-08333198AE49} - C:\WINDOWS\system32\pfmcp.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\Internet Manager\DataCardMonitor.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sta] rundll32 "pfmcp.dll",,Run O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\cfmcp.exe O4 - HKLM\..\Run: [vmlvkhem] C:\Documents and Settings\Compaq_Eigenaar\Local Settings\Application Data\miclfjkwh\nypgkxytssd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [070700Setup.exe] C:\Documents and Settings\Compaq_Eigenaar\Application Data\73C9B5D1BA12CDAB0FAE2016103700B0\070700Setup.exe O4 - HKCU\..\Run: [JDK5SWFMZY] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Gfx.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: http://www.rtl.nl O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ievooooo.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D6BBBC13-56A9-4E62-92AC-4DBEF6CCB38B} (SFAutoInstall Class) - http://playz.project.streamtech.nl/clientdownloads/SFAutoInstall.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.