Daann
-
Items
6 -
Registratiedatum
-
Laatst bezocht
Daann's prestaties
-
ComboFix 10-07-22.01 - Daan 23-07-2010 14:20:51.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3837.2909 [GMT 2:00] Gestart vanuit: c:\users\Daan\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Daan\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Aanwezig AV is actief FILE :: "c:\windows\system32\drivers\4075300.sys" "c:\windows\system32\drivers\40753001.sys" "c:\windows\system32\drivers\40753002.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_40753001 -------\Legacy_40753002 (((((((((((((((((((( Bestanden Gemaakt van 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))) . 2010-07-23 12:28 . 2010-07-23 12:31 -------- dc----w- c:\users\Daan\AppData\Local\temp 2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Public\AppData\Local\temp 2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Myca\AppData\Local\temp 2010-07-23 12:28 . 2010-07-23 12:28 -------- dc----w- c:\users\Default\AppData\Local\temp 2010-07-22 19:12 . 2010-07-22 19:12 0 -c--a-w- c:\windows\nsreg.dat 2010-07-22 19:12 . 2010-07-22 19:12 -------- dc----w- c:\users\Daan\AppData\Local\Mozilla 2010-07-22 10:58 . 2010-07-22 16:58 -------- dc----w- c:\programdata\Kaspersky Lab 2010-07-22 10:27 . 2010-07-22 17:01 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\program files\Miro 2010-07-20 10:35 . 2010-07-20 13:31 -------- d-----w- c:\program files\iPod(3) 2010-07-20 10:35 . 2010-07-20 10:37 -------- d-----w- c:\program files\iTunes(4) 2010-07-20 10:25 . 2010-07-20 19:19 -------- d-----w- c:\program files\Bonjour 2010-07-19 18:52 . 2010-07-19 18:52 -------- dc----w- c:\users\Daan\AppData\Roaming\.BitTornado 2010-07-19 16:50 . 2010-07-20 18:22 -------- dc----w- c:\users\Daan\AppData\Roaming\Vso 2010-07-19 16:50 . 2010-07-19 16:50 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys 2010-07-19 16:50 . 2010-02-09 14:37 65602 -c--a-w- c:\windows\system32\cook3260.dll 2010-07-19 16:50 . 2010-02-09 14:37 217127 -c--a-w- c:\windows\system32\drv43260.dll 2010-07-19 16:50 . 2010-02-09 14:37 208935 -c--a-w- c:\windows\system32\drv33260.dll 2010-07-19 16:50 . 2010-02-09 14:37 176165 -c--a-w- c:\windows\system32\drv23260.dll 2010-07-19 16:50 . 2010-02-09 14:37 102439 -c--a-w- c:\windows\system32\sipr3260.dll 2010-07-19 16:50 . 2010-02-09 14:37 626688 -c--a-w- c:\windows\system32\vp7vfw.dll 2010-07-19 16:50 . 2010-02-09 14:37 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll 2010-07-19 16:50 . 2010-07-20 18:23 -------- d-----w- c:\program files\VSO 2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\users\Daan\AppData\Roaming\Canneverbe Limited 2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\programdata\Canneverbe Limited 2010-07-16 19:46 . 2010-07-16 19:46 -------- d-----w- c:\program files\CDBurnerXP 2010-07-16 19:22 . 2010-07-16 19:22 715248 -c--a-w- c:\windows\system32\drivers\sptd.sys 2010-07-16 17:37 . 2010-07-16 17:46 -------- dc----w- c:\users\Daan\AppData\Local\Ahead 2010-07-16 17:32 . 2010-07-16 18:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Ahead 2010-07-16 17:31 . 2010-07-16 17:31 -------- dc----w- c:\programdata\Ahead 2010-07-16 16:29 . 2010-07-16 16:29 -------- dc----w- c:\programdata\NCH Software 2010-07-16 12:07 . 2010-07-16 12:07 -------- dc----w- c:\users\Daan\AppData\Roaming\gtk-2.0 2010-06-30 14:46 . 2010-07-20 19:23 -------- d-----w- c:\program files\iPod 2010-06-30 14:46 . 2010-07-22 15:36 -------- d-----w- c:\program files\iTunes 2010-06-24 14:41 . 2009-11-08 08:55 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-24 14:41 . 2009-11-08 08:55 49472 -c--a-w- c:\windows\system32\netfxperf.dll 2010-06-24 14:41 . 2009-11-08 08:55 297808 -c--a-w- c:\windows\system32\mscoree.dll 2010-06-24 14:41 . 2009-11-08 08:55 295264 -c--a-w- c:\windows\system32\PresentationHost.exe 2010-06-24 14:41 . 2009-11-08 08:55 1130824 -c--a-w- c:\windows\system32\dfshim.dll 2010-06-24 13:23 . 2010-04-16 16:43 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll 2010-06-24 13:23 . 2010-04-16 14:39 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-23 12:33 . 2009-12-15 19:44 -------- dc----w- c:\users\Daan\AppData\Roaming\LimeWire 2010-07-23 12:32 . 2010-01-25 15:09 -------- dc----w- c:\users\Daan\AppData\Roaming\DNA 2010-07-23 12:32 . 2010-01-25 15:09 -------- d-----w- c:\program files\DNA 2010-07-23 12:30 . 2009-09-11 05:37 31776 -c--a-w- c:\programdata\nvModes.dat 2010-07-23 05:46 . 2010-05-26 19:25 -------- dc----w- c:\users\Daan\AppData\Roaming\PCF-VLC 2010-07-22 19:15 . 2010-06-01 17:08 256 -c--a-w- c:\windows\system32\pool.bin 2010-07-22 19:07 . 2006-11-02 16:11 670308 -c--a-w- c:\windows\system32\perfh013.dat 2010-07-22 19:07 . 2006-11-02 16:11 127900 -c--a-w- c:\windows\system32\perfc013.dat 2010-07-22 12:37 . 2010-07-22 12:37 53248 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe 2010-07-22 12:17 . 2008-02-17 18:44 -------- dc----w- c:\programdata\Google Updater 2010-07-21 11:24 . 2010-07-21 11:24 970504 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-20 20:21 . 2009-08-27 16:03 104408 -c--a-w- c:\users\Daan\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-20 19:32 . 2009-09-01 14:20 -------- dc----w- c:\users\Daan\AppData\Roaming\Nero 2010-07-20 19:32 . 2009-08-27 16:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Roxio 2010-07-20 19:32 . 2009-09-13 19:20 -------- dc----w- c:\users\Daan\AppData\Roaming\HpUpdate 2010-07-20 19:30 . 2009-08-28 17:18 -------- d-----w- c:\program files\vlc-0.8.5 2010-07-20 19:29 . 2008-11-07 15:28 -------- dc----w- c:\program files\TuneUp Utilities 2008 2010-07-20 19:28 . 2010-03-31 15:05 -------- d-----w- c:\program files\QuickTime 2010-07-20 19:27 . 2008-02-08 16:09 -------- dc----w- c:\program files\Microsoft Works 2010-07-20 19:24 . 2008-02-11 15:39 -------- dc----w- c:\program files\Messenger Plus! Live 2010-07-20 19:24 . 2009-07-04 16:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-20 19:21 . 2008-02-08 17:26 -------- d-----w- c:\program files\HP 2010-07-20 19:21 . 2008-04-24 18:29 -------- d-----w- c:\program files\Euroglot Professional 4.5 2010-07-20 19:19 . 2008-02-08 17:50 -------- d-----w- c:\program files\CCleaner 2010-07-20 19:19 . 2009-09-11 05:34 -------- d-----w- c:\program files\AGEIA Technologies 2010-07-20 19:17 . 2009-08-15 19:25 -------- dc----w- c:\program files\Microsoft Silverlight 2010-07-20 19:17 . 2008-02-17 19:45 -------- d-----w- c:\program files\Java 2010-07-20 19:17 . 2008-02-17 18:44 -------- d-----w- c:\program files\Google 2010-07-20 18:22 . 2010-07-19 16:50 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys 2010-07-20 18:22 . 2010-07-19 16:50 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys 2010-07-20 13:30 . 2010-03-31 14:49 -------- dc----w- c:\programdata\PMB Files 2010-07-20 13:30 . 2009-08-27 19:55 -------- dc----w- c:\programdata\HP Product Assistant 2010-07-20 13:30 . 2008-02-11 15:09 -------- d-----w- c:\program files\Common Files\Apple 2010-07-20 12:19 . 2009-12-15 19:42 -------- d-----w- c:\program files\LimeWire 2010-07-16 20:34 . 2009-09-01 14:14 -------- d-----w- c:\program files\Nero 2010-07-16 20:33 . 2009-09-01 14:14 -------- dc----w- c:\programdata\Nero 2010-07-16 10:24 . 2008-02-08 16:00 -------- dc----w- c:\programdata\Roxio 2010-07-16 10:24 . 2008-02-08 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-07-16 10:24 . 2008-02-08 15:57 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-16 10:24 . 2009-10-04 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-07-16 10:08 . 2010-06-01 17:05 -------- dc----w- c:\programdata\Research In Motion 2010-07-14 18:04 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail 2010-07-14 18:02 . 2009-12-09 16:06 -------- dc----w- c:\programdata\Microsoft Help 2010-06-30 14:38 . 2010-06-30 14:38 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-23 12:23 . 2010-06-23 12:23 501936 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtb975.tmp.exe 2010-06-15 17:54 . 2009-08-28 18:57 -------- d-----w- c:\program files\Microsoft 2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr 2010-06-02 15:05 . 2010-06-02 15:05 -------- dc----w- c:\users\Daan\AppData\Roaming\InstallShield 2010-06-01 17:40 . 2010-06-01 17:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Research In Motion 2010-06-01 17:07 . 2010-06-01 17:05 -------- d-----w- c:\program files\Research In Motion 2010-06-01 17:05 . 2010-06-01 17:05 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-05-26 17:06 . 2010-06-10 13:26 34304 -c--a-w- c:\windows\system32\atmlib.dll 2010-05-26 15:03 . 2010-05-26 15:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Participatory Culture Foundation 2010-05-26 14:47 . 2010-06-10 13:26 289792 -c--a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-10-02 17:51 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-05-19 19:43 . 2010-05-19 19:43 680 -c--a-w- c:\users\Daan\AppData\Local\d3d9caps.dat 2010-05-11 18:34 . 2010-05-11 18:34 149132 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-05-04 05:59 . 2010-06-10 13:25 916480 -c--a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-10 13:25 71680 -c--a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-10 13:25 109056 -c--a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-10 13:25 133632 -c--a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-10 13:25 2037248 -c--a-w- c:\windows\system32\win32k.sys 2008-02-08 16:16 . 2008-02-08 16:16 76 -csh--r- c:\windows\CT4CET.bin 2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-25 323392] "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:c8,87,7e,69,a0,30,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2189767671-939685220-2883698749-1000] "EnableNotificationsRef"=dword:00000001 R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 715248] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2010-07-16 c:\windows\Tasks\Easy Onderhoud.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 14:09] 2010-07-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-17 21:33] 2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19] 2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19] 2010-07-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22] 2010-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22] 2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D68FD34-7637-4E82-939B-057DD3EE896D}.job - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30] 2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{FAE1C805-3CB6-4169-B1D7-65CBDD1C5620}.job - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\users\Daan\AppData\Roaming\Mozilla\Firefox\Profiles\5h9e251d.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*] @Class="Shell" [HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*\OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(2612) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\conime.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\rundll32.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe . ************************************************************************** . Voltooingstijd: 2010-07-23 14:39:41 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-23 12:39 Pre-Run: 89.005.019.136 bytes beschikbaar Post-Run: 88.566.059.008 bytes beschikbaar - - End Of File - - 1BB8D9E9EF94FD59524B85A74F6B16CB
-
heey Kape moet dit nog gebeuren want ik heb nergens last meer van je hebt mij in ieder geval super geholpen BEDANKT!
-
ComboFix 10-07-21.04 - Daan 22-07-2010 18:31:19.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3837.2849 [GMT 2:00] Gestart vanuit: c:\users\Daan\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\system volume information\SystemRestore c:\users\Daan\AppData\Roaming\inst.exe c:\windows\Hgadoa.exe c:\windows\system32\AutoRun.inf c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))) . 2010-07-22 16:42 . 2010-07-22 16:44 -------- dc----w- c:\users\Daan\AppData\Local\temp 2010-07-22 16:42 . 2010-07-22 16:42 -------- dc----w- c:\users\Default\AppData\Local\temp 2010-07-22 12:37 . 2010-07-22 12:37 53248 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe 2010-07-22 10:58 . 2010-07-22 14:41 -------- dc----w- c:\programdata\Kaspersky Lab 2010-07-22 10:57 . 2009-10-22 11:54 37392 -c--a-w- c:\windows\system32\drivers\40753002.sys 2010-07-22 10:57 . 2009-10-09 21:31 311312 -c--a-w- c:\windows\system32\drivers\4075300.sys 2010-07-22 10:57 . 2009-09-25 15:59 128016 -c--a-w- c:\windows\system32\drivers\40753001.sys 2010-07-22 10:27 . 2010-07-22 10:30 -------- dc----w- c:\programdata\Spybot - Search & Destroy 2010-07-22 10:27 . 2010-07-22 10:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-07-22 10:01 . 2010-07-22 10:01 388096 -c--a-r- c:\users\Daan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\program files\Miro 2010-07-21 11:24 . 2010-07-21 11:24 970504 -c--a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-07-20 10:35 . 2010-07-20 13:31 -------- d-----w- c:\program files\iPod(3) 2010-07-20 10:35 . 2010-07-20 10:37 -------- d-----w- c:\program files\iTunes(4) 2010-07-20 10:25 . 2010-07-20 19:19 -------- d-----w- c:\program files\Bonjour 2010-07-19 18:52 . 2010-07-19 18:52 -------- dc----w- c:\users\Daan\AppData\Roaming\.BitTornado 2010-07-19 16:50 . 2010-07-20 18:22 -------- dc----w- c:\users\Daan\AppData\Roaming\Vso 2010-07-19 16:50 . 2010-07-20 18:22 47360 -c--a-w- c:\users\Daan\AppData\Roaming\pcouffin.sys 2010-07-19 16:50 . 2010-07-19 16:50 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys 2010-07-19 16:50 . 2010-02-09 14:37 65602 -c--a-w- c:\windows\system32\cook3260.dll 2010-07-19 16:50 . 2010-02-09 14:37 217127 -c--a-w- c:\windows\system32\drv43260.dll 2010-07-19 16:50 . 2010-02-09 14:37 208935 -c--a-w- c:\windows\system32\drv33260.dll 2010-07-19 16:50 . 2010-02-09 14:37 176165 -c--a-w- c:\windows\system32\drv23260.dll 2010-07-19 16:50 . 2010-02-09 14:37 102439 -c--a-w- c:\windows\system32\sipr3260.dll 2010-07-19 16:50 . 2010-02-09 14:37 626688 -c--a-w- c:\windows\system32\vp7vfw.dll 2010-07-19 16:50 . 2010-02-09 14:37 1184984 -c--a-w- c:\windows\system32\wvc1dmod.dll 2010-07-19 16:50 . 2010-07-20 18:23 -------- d-----w- c:\program files\VSO 2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\users\Daan\AppData\Roaming\Canneverbe Limited 2010-07-16 19:46 . 2010-07-16 19:46 -------- dc----w- c:\programdata\Canneverbe Limited 2010-07-16 19:46 . 2010-07-16 19:46 -------- d-----w- c:\program files\CDBurnerXP 2010-07-16 19:22 . 2010-07-16 19:22 715248 -c--a-w- c:\windows\system32\drivers\sptd.sys 2010-07-16 17:37 . 2010-07-16 17:46 -------- dc----w- c:\users\Daan\AppData\Local\Ahead 2010-07-16 17:32 . 2010-07-16 18:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Ahead 2010-07-16 17:31 . 2010-07-16 17:31 -------- dc----w- c:\programdata\Ahead 2010-07-16 16:29 . 2010-07-16 16:29 -------- dc----w- c:\programdata\NCH Software 2010-07-16 12:07 . 2010-07-16 12:07 -------- dc----w- c:\users\Daan\AppData\Roaming\gtk-2.0 2010-06-30 14:46 . 2010-07-20 19:23 -------- d-----w- c:\program files\iPod 2010-06-30 14:46 . 2010-07-22 15:36 -------- d-----w- c:\program files\iTunes 2010-06-30 14:38 . 2010-06-30 14:38 72504 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-24 14:41 . 2009-11-08 08:55 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-24 14:41 . 2009-11-08 08:55 49472 -c--a-w- c:\windows\system32\netfxperf.dll 2010-06-24 14:41 . 2009-11-08 08:55 297808 -c--a-w- c:\windows\system32\mscoree.dll 2010-06-24 14:41 . 2009-11-08 08:55 295264 -c--a-w- c:\windows\system32\PresentationHost.exe 2010-06-24 14:41 . 2009-11-08 08:55 1130824 -c--a-w- c:\windows\system32\dfshim.dll 2010-06-24 13:23 . 2010-04-16 16:43 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll 2010-06-24 13:23 . 2010-04-16 14:39 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-23 12:23 . 2010-06-23 12:23 501936 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtb975.tmp.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-22 16:25 . 2009-09-11 05:37 31776 -c--a-w- c:\programdata\nvModes.dat 2010-07-22 16:23 . 2010-01-25 15:09 -------- dc----w- c:\users\Daan\AppData\Roaming\DNA 2010-07-22 14:42 . 2009-12-15 19:44 -------- dc----w- c:\users\Daan\AppData\Roaming\LimeWire 2010-07-22 14:39 . 2010-01-25 15:09 -------- d-----w- c:\program files\DNA 2010-07-22 12:45 . 2010-06-01 17:08 256 -c--a-w- c:\windows\system32\pool.bin 2010-07-22 12:30 . 2006-11-02 16:11 670308 -c--a-w- c:\windows\system32\perfh013.dat 2010-07-22 12:30 . 2006-11-02 16:11 127900 -c--a-w- c:\windows\system32\perfc013.dat 2010-07-22 12:17 . 2008-02-17 18:44 -------- dc----w- c:\programdata\Google Updater 2010-07-21 14:38 . 2010-05-26 19:25 -------- dc----w- c:\users\Daan\AppData\Roaming\PCF-VLC 2010-07-20 20:21 . 2009-08-27 16:03 104408 -c--a-w- c:\users\Daan\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-20 19:32 . 2009-09-01 14:20 -------- dc----w- c:\users\Daan\AppData\Roaming\Nero 2010-07-20 19:32 . 2009-08-27 16:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Roxio 2010-07-20 19:32 . 2009-09-13 19:20 -------- dc----w- c:\users\Daan\AppData\Roaming\HpUpdate 2010-07-20 19:30 . 2009-08-28 17:18 -------- d-----w- c:\program files\vlc-0.8.5 2010-07-20 19:29 . 2008-11-07 15:28 -------- dc----w- c:\program files\TuneUp Utilities 2008 2010-07-20 19:28 . 2010-03-31 15:05 -------- d-----w- c:\program files\QuickTime 2010-07-20 19:27 . 2008-02-08 16:09 -------- dc----w- c:\program files\Microsoft Works 2010-07-20 19:24 . 2008-02-11 15:39 -------- dc----w- c:\program files\Messenger Plus! Live 2010-07-20 19:24 . 2009-07-04 16:23 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-20 19:21 . 2008-02-08 17:26 -------- d-----w- c:\program files\HP 2010-07-20 19:21 . 2008-04-24 18:29 -------- d-----w- c:\program files\Euroglot Professional 4.5 2010-07-20 19:19 . 2008-02-08 17:50 -------- d-----w- c:\program files\CCleaner 2010-07-20 19:19 . 2009-09-11 05:34 -------- d-----w- c:\program files\AGEIA Technologies 2010-07-20 19:17 . 2009-08-15 19:25 -------- dc----w- c:\program files\Microsoft Silverlight 2010-07-20 19:17 . 2008-02-17 19:45 -------- d-----w- c:\program files\Java 2010-07-20 19:17 . 2008-02-17 18:44 -------- d-----w- c:\program files\Google 2010-07-20 13:30 . 2010-03-31 14:49 -------- dc----w- c:\programdata\PMB Files 2010-07-20 13:30 . 2009-08-27 19:55 -------- dc----w- c:\programdata\HP Product Assistant 2010-07-20 13:30 . 2008-02-11 15:09 -------- d-----w- c:\program files\Common Files\Apple 2010-07-20 12:19 . 2009-12-15 19:42 -------- d-----w- c:\program files\LimeWire 2010-07-16 20:34 . 2009-09-01 14:14 -------- d-----w- c:\program files\Nero 2010-07-16 20:33 . 2009-09-01 14:14 -------- dc----w- c:\programdata\Nero 2010-07-16 10:24 . 2008-02-08 16:00 -------- dc----w- c:\programdata\Roxio 2010-07-16 10:24 . 2008-02-08 15:58 -------- d-----w- c:\program files\Common Files\Sonic Shared 2010-07-16 10:24 . 2008-02-08 15:57 -------- d-----w- c:\program files\Common Files\Roxio Shared 2010-07-16 10:24 . 2009-10-04 10:01 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-07-16 10:08 . 2010-06-01 17:05 -------- dc----w- c:\programdata\Research In Motion 2010-07-14 18:04 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail 2010-07-14 18:02 . 2009-12-09 16:06 -------- dc----w- c:\programdata\Microsoft Help 2010-06-15 17:54 . 2009-08-28 18:57 -------- d-----w- c:\program files\Microsoft 2010-06-03 02:41 . 2010-06-03 02:41 3600384 -c--a-w- c:\windows\system32\GPhotos.scr 2010-06-02 15:05 . 2010-06-02 15:05 -------- dc----w- c:\users\Daan\AppData\Roaming\InstallShield 2010-06-01 17:40 . 2010-06-01 17:08 -------- dc----w- c:\users\Daan\AppData\Roaming\Research In Motion 2010-06-01 17:07 . 2010-06-01 17:05 -------- d-----w- c:\program files\Research In Motion 2010-06-01 17:05 . 2010-06-01 17:05 -------- d-----w- c:\program files\Common Files\Research In Motion 2010-05-26 17:06 . 2010-06-10 13:26 34304 -c--a-w- c:\windows\system32\atmlib.dll 2010-05-26 15:03 . 2010-05-26 15:03 -------- dc----w- c:\users\Daan\AppData\Roaming\Participatory Culture Foundation 2010-05-26 14:47 . 2010-06-10 13:26 289792 -c--a-w- c:\windows\system32\atmfd.dll 2010-05-21 12:14 . 2009-10-02 17:51 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-05-19 19:43 . 2010-05-19 19:43 680 -c--a-w- c:\users\Daan\AppData\Local\d3d9caps.dat 2010-05-11 18:34 . 2010-05-11 18:34 149132 -c-ha-w- c:\windows\system32\mlfcache.dat 2010-05-04 05:59 . 2010-06-10 13:25 916480 -c--a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-10 13:25 71680 -c--a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:55 . 2010-06-10 13:25 109056 -c--a-w- c:\windows\system32\iesysprep.dll 2010-05-04 04:31 . 2010-06-10 13:25 133632 -c--a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-10 13:25 2037248 -c--a-w- c:\windows\system32\win32k.sys 2008-02-08 16:16 . 2008-02-08 16:16 76 -csh--r- c:\windows\CT4CET.bin 2007-02-26 18:59 . 2007-02-26 18:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-17 68856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-25 323392] "DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-31 2937528] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-08-19 92704] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\users\Daan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808] setup_9.0.0.722_22.07.2010_13-32[1].lnk - c:\users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe [2010-7-22 72208] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:c8,87,7e,69,a0,30,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2189767671-939685220-2883698749-1000] "EnableNotificationsRef"=dword:00000001 R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 XDva288;XDva288;c:\windows\system32\XDva288.sys [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-16 715248] S0 40753002;40753002 Boot Guard Driver;c:\windows\system32\DRIVERS\40753002.sys [2009-10-22 37392] S1 40753001;40753001;c:\windows\system32\DRIVERS\40753001.sys [2009-09-25 128016] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2010-07-16 c:\windows\Tasks\Easy Onderhoud.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 14:09] 2010-07-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-17 21:33] 2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19] 2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 17:19] 2010-07-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22] 2010-06-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-04 11:22] 2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{3D68FD34-7637-4E82-939B-057DD3EE896D}.job - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30] 2010-07-22 c:\windows\Tasks\User_Feed_Synchronization-{FAE1C805-3CB6-4169-B1D7-65CBDD1C5620}.job - c:\windows\system32\msfeedssync.exe [2010-06-10 04:30] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 18:44 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*] @Class="Shell" [HKEY_USERS\S-1-5-21-2189767671-939685220-2883698749-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%%*+*\OpenWithList] @Class="Shell" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2010-07-22 18:48:18 ComboFix-quarantined-files.txt 2010-07-22 16:48 Pre-Run: 87.819.395.072 bytes beschikbaar Post-Run: 91.303.493.632 bytes beschikbaar - - End Of File - - BBDABEF715DBB204E7EF68FAEE23F995
-
nee gelukkig niet, maar krijg nu allemaal pop-ups van sites:bawling: hoop dat je me hieer ook mee kan helpen bij voorbaat dank:-)
-
Malwarebytes' Anti-Malware 1.38 Database version: 2373 Windows 6.0.6002 Service Pack 2 22-7-2010 15:36:41 mbam-log-2010-07-22 (15-36-41).txt Scan type: Quick Scan Objects scanned: 86172 Time elapsed: 6 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:38:38, on 22-7-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\OEM02Mon.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 11235 bytes
-
Hallo, Ik heb deze week een film gedownload, toen kreeg ik meldingen van er is een TrojanDowloader op uw computer. Meteeen verwijderd maar het kwaad was al geschied.een TrojanDownloader op mijn laptop. Hij heet TrojanDownloader:Win32/Renos.MQ Ik krijg het met geen mogelijkheid weg windows defender komt met een mededeling ervan en als ik dan zeg alles verwijderen komt die over ong. 30 minuten weer met die mededeling Heb wel een hijacklog gemaakt. Zal hem hieronder plakken. Kan iemand mij alsjeblieft helpen om het eraf te krijgen???? Gr. Daan Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:12:21, on 22-7-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\OEM02Mon.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\setup_9.0.0.722_22.07.2010_13-32[1].exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: setup_9.0.0.722_22.07.2010_13-32[1].lnk = C:\Users\Daan\Desktop\Virus Removal Tool\setup_9.0.0.722_22.07.2010_13-32[1]\startup.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 13341 bytes
