sers
-
Items
337 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door sers
-
Nu staat er een icoontje rechtsonder van Solution. Betekent dit nu dat Solution in mijn startup zit? If so moet ik dan nu het programma verwijderen? Alvast bedankt voor de moeite
-
Bedankt voor uw advies. Ik heb het e.e.a. uitgevoerd. Hij is iets sneller met opstarten nu. Ik zag dat het een Beta versie was. De removable heb ik allemaal gehad. de zg Potentiable removable heb ik allemaal bekeken maar ik heb er niet 1 behandeld omdat de adviezen nog niet duidelijk waren. Zal wel een tijdje duren voordat de adviezen compleet zullen zijn. Laatste vraag omtrent dit onderwerp: Nu staat er een icoontje rechtsonder van Solution. Betekent dit nu dat Solution in mijn startup zit? If so moet ik dan nu het programma verwijderen? Alvast bedankt voor de moeite
-
Hi allemaal Mijn computer start wat traag op. Ik had wat drivers voor een HP gedelete en opnieuw installed. Maar die heb ik allemaal uit het startmenu gehaald. Zou iemand willen kijken wat er nog meer op NEE gezet kan worden: Alvast bedankt a HKCU:Run swg "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" Ja HKCU:Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe Nee HKCU:Run ares "C:\Program Files\Ares\Ares.exe" -h Ja HKLM:Run LVCOMS C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE Ja HKLM:Run IgfxTray C:\WINDOWS\system32\igfxtray.exe Ja HKLM:Run HotKeysCmds C:\WINDOWS\system32\hkcmd.exe Ja HKLM:Run SoundMAXPnP C:\Program Files\Analog Devices\Core\smax4pnp.exe Ja HKLM:Run avast "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui Nee HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Ja HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Nee HKLM:Run HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Nee HKLM:Run hpqSRMon C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe Nee HKLM:Run mxomssmenu "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" Nee HKLM:Run Nikon Transfer Monitor C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe Nee HKLM:Run RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER Nee Startup Common Nee Startup Common HP Digital Imaging Monitor.lnk C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe Nee Startup User hpqtra08.exe C:\Documents and Settings\Eigenaar.DELL\Menu Start\Programma's\Opstarten\hpqtra08.exe Nee Startup User ---------- Post toegevoegd om 20:01 ---------- Vorige post was om 20:00 ---------- De eerste regel is ook een ja (staat nu a)
-
Ben naar de winkel gegaan. Gezocht naar refill package. Die had je vroeger toch. Was nergens meer te koop dus maar relatief dure "We Care"cartridges gekocht. Was euro 50 kwijt terwijl ze een aanbieding hadden van een nieuwe scanner/printer voor euro 60. (met hele kleine cartridges). Alles werkt weer perfect. Sry dat ik jullie lastig gevallen heb met zo'n stomme vraag
-
Beetje stom dat ik daaraan niet heb gedacht. Sry Ga ik doen Bedankt
-
Alle twee de cartridges zijn zo goed als leeg. De afdruk van de foto was slecht. ---------- Post toegevoegd om 21:53 ---------- Vorige post was om 21:51 ---------- 4 regels in word gaf 2 lege paginas ---------- Post toegevoegd om 21:53 ---------- Vorige post was om 21:53 ---------- 4 regels in word gaf 2 lege paginas
-
Ik krijg geen foutmelding. Als ik een bv een word doc open en dan op afdrukken druk krijg ik twee blanco pagina's eruit. Als ik een foto open en ik druk op afdrukken dank komt de foto er uit Net zoals een testpagina
-
Hallo allemaal, Ik heb een HP printer HP Deskjet F4210. Het probleem is als volgt: Ik kan een test pagina afdrukken Ik kan een foto afdrukken Maar ik kan geen tekst (uit mijn inbox, Word of kladblok) afrdrukken Het zal wel aan instellingen liggen maar ik weet niet waar. Ik heb zoveel mogelijk de software en drivers weggehaald en opnieuw installed. Wie kan mij helpen. Vroeger had HP een online chatservice maar tegenwoordig is dat alleen mogelijk binnen de garantietermijn. Jammer maar waar Alvast bedankt
-
Ok gedaan. Ik denk dat we nu wer moeten afwachten hoe het gaat? Hartelijk dank voor de hulp mvg
-
sry maar ik kom niet verder dan Java SE Downloads Daar ben ik de weg kwijt
-
Neen niks recentelijk geupdated Ik kan het programma niet vinden maar wel een update versie 6.0.290 ---------- Post toegevoegd om 13:20 ---------- Vorige post was om 13:16 ---------- gevonden ! Java SE6 update 29
-
hallo, Eigenlijk met geen enkel specifiek programma. mijn mail en een beetje surfen op internet. (zover ik mij kan herinneren)
-
Nadat Kape mij veleden week zo goed had geholpen met het zelfde probleem krijg ik nu weer een berichte op mijn desktop. Wat kunnen we nu nog doen??? # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c919af2, pid=3236, tid=3400 # # JRE version: 6.0_29-b11 # Java VM: Java HotSpot Client VM (20.4-b02 mixed mode, sharing windows-x86 ) # Problematic frame: # C [ntdll.dll+0x19af2] # # If you would like to submit a bug report, please visit: # HotSpot Virtual Machine Error Reporting Page # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- T H R E A D --------------- Current thread (0x0331c400): JavaThread "AWT-Windows" daemon [_thread_in_native, id=3400, stack(0x009d0000,0x00ad0000)] siginfo: ExceptionCode=0xc0000005, writing address 0x00000010 Registers: EAX=0x00000000, EBX=0x00000000, ECX=0x00000100, EDX=0x03371698 ESP=0x00acfa6c, EBP=0x00acfae0, ESI=0x03371688, EDI=0x00000000 EIP=0x7c919af2, EFLAGS=0x00010246 Top of Stack: (sp=0x00acfa6c) 0x00acfa6c: 03371688 03371558 00000001 002e002c 0x00acfa7c: 6d0c76d4 0017025c 0000982c 00acfa78 0x00acfa8c: 00000000 0000c04b 00acfa64 00000000 0x00acfa9c: 00acfb1c 7c809ad8 7c800c98 ffffffff 0x00acfaac: 7c800c90 7c804ed8 6d062a8c 6d062b18 0x00acfabc: 6d102d8c 6d102d6c 6d102d70 6d06426c 0x00acfacc: 7e3ad312 03371558 7e398b8c 00000000 0x00acfadc: 00000100 00acfb28 7c901046 00371688 Instructions: (pc=0x7c919af2) 0x7c919ad2: 97 7c f6 d8 57 1b c0 f7 d0 25 e0 e1 97 7c 8b f8 0x7c919ae2: 8b 46 10 3b c3 89 45 fc 0f 84 9e 00 00 00 8b 06 0x7c919af2: ff 40 10 8b 45 fc 83 e0 01 89 45 e8 8b 06 ff 40 0x7c919b02: 14 f6 05 f0 02 fe 7f 01 0f 85 16 9d 02 00 39 5d Register to memory mapping: EAX=0x00000000 is an unknown value EBX=0x00000000 is an unknown value ECX=0x00000100 is an unknown value EDX=0x03371698 is an unknown value ESP=0x00acfa6c is pointing into the stack for thread: 0x0331c400 EBP=0x00acfae0 is pointing into the stack for thread: 0x0331c400 ESI=0x03371688 is an unknown value EDI=0x00000000 is an unknown value Stack: [0x009d0000,0x00ad0000], sp=0x00acfa6c, free space=1022k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C [ntdll.dll+0x19af2] RtlpWaitForCriticalSection+0x5b C [ntdll.dll+0x1046] RtlEnterCriticalSection+0x46 C [uSER32.dll+0x8734] GetDC+0x6d C [uSER32.dll+0x8816] GetDC+0x14f C [uSER32.dll+0x89cd] GetWindowLongW+0x127 C [uSER32.dll+0x8a10] DispatchMessageW+0xf Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.awt.windows.WToolkit.eventLoop()V+0 j sun.awt.windows.WToolkit.run()V+52 v ~StubRoutines::call_stub --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x07362c00 JavaThread "Thread-3" daemon [_thread_in_native, id=3920, stack(0x07ca0000,0x07cf0000)] 0x07362400 JavaThread "Image Animator 0" daemon [_thread_blocked, id=3776, stack(0x03bb0000,0x03c00000)] 0x00d94000 JavaThread "Image Animator 3" daemon [_thread_blocked, id=4016, stack(0x06ac0000,0x06b10000)] 0x033c4c00 JavaThread "Image Animator 2" daemon [_thread_blocked, id=2980, stack(0x05ef0000,0x05f40000)] 0x071fcc00 JavaThread "Image Animator 1" daemon [_thread_blocked, id=3144, stack(0x03c00000,0x03c50000)] 0x03ee9800 JavaThread "Image Animator 0" daemon [_thread_blocked, id=476, stack(0x031d0000,0x03220000)] 0x03e1ac00 JavaThread "IRCClient.SocketListener" daemon [_thread_in_native, id=3588, stack(0x06c50000,0x06ca0000)] 0x03402400 JavaThread "IRCClient.Checker" [_thread_blocked, id=2040, stack(0x06b60000,0x06bb0000)] 0x0410e400 JavaThread "NetworkMonitor" daemon [_thread_blocked, id=732, stack(0x06a70000,0x06ac0000)] 0x033ea400 JavaThread "Client Listener" [_thread_blocked, id=2716, stack(0x06a20000,0x06a70000)] 0x03ec4400 JavaThread "ThreadObserver" daemon [_thread_blocked, id=3720, stack(0x06980000,0x069d0000)] 0x04111800 JavaThread "GSConnection-PingTask" daemon [_thread_blocked, id=2836, stack(0x069d0000,0x06a20000)] 0x03412c00 JavaThread "GSConnection-MsgReader" daemon [_thread_in_native, id=2680, stack(0x06930000,0x06980000)] 0x04111400 JavaThread "GSConnection-IQ-Worker-0" daemon [_thread_blocked, id=296, stack(0x068e0000,0x06930000)] 0x03df6c00 JavaThread "AWT-EventQueue-3" [_thread_in_native, id=2992, stack(0x06010000,0x06060000)] 0x034b1000 JavaThread "ThreadMonitor" daemon [_thread_blocked, id=3736, stack(0x05f40000,0x05f90000)] 0x0346b400 JavaThread "EventDispatchThreadHangMonitor" daemon [_thread_blocked, id=3104, stack(0x05ea0000,0x05ef0000)] 0x00db8800 JavaThread "APlayer-31" daemon [_thread_blocked, id=2240, stack(0x05e50000,0x05ea0000)] 0x00db7400 JavaThread "APlayer-30" daemon [_thread_blocked, id=3456, stack(0x05e00000,0x05e50000)] 0x00db4800 JavaThread "APlayer-29" daemon [_thread_blocked, id=1496, stack(0x05db0000,0x05e00000)] 0x00d88400 JavaThread "APlayer-28" daemon [_thread_blocked, id=1004, stack(0x05d60000,0x05db0000)] 0x00d86000 JavaThread "APlayer-27" daemon [_thread_blocked, id=2096, stack(0x05d10000,0x05d60000)] 0x00dce000 JavaThread "APlayer-26" daemon [_thread_blocked, id=3500, stack(0x05cc0000,0x05d10000)] 0x00d61400 JavaThread "APlayer-25" daemon [_thread_blocked, id=2596, stack(0x05c70000,0x05cc0000)] 0x00d60800 JavaThread "APlayer-24" daemon [_thread_blocked, id=1400, stack(0x05c20000,0x05c70000)] 0x03481800 JavaThread "APlayer-23" daemon [_thread_blocked, id=3496, stack(0x05bd0000,0x05c20000)] 0x03e83000 JavaThread "APlayer-22" daemon [_thread_blocked, id=3844, stack(0x05b80000,0x05bd0000)] 0x03e81c00 JavaThread "APlayer-21" daemon [_thread_blocked, id=2508, stack(0x05b30000,0x05b80000)] 0x0344ec00 JavaThread "APlayer-20" daemon [_thread_blocked, id=372, stack(0x05ae0000,0x05b30000)] 0x03f00000 JavaThread "APlayer-19" daemon [_thread_blocked, id=3584, stack(0x05a90000,0x05ae0000)] 0x03efec00 JavaThread "APlayer-18" daemon [_thread_blocked, id=1056, stack(0x05a40000,0x05a90000)] 0x00dca800 JavaThread "APlayer-17" daemon [_thread_blocked, id=2608, stack(0x051f0000,0x05240000)] 0x00dd2c00 JavaThread "APlayer-16" daemon [_thread_blocked, id=164, stack(0x051a0000,0x051f0000)] 0x03349800 JavaThread "APlayer-15" daemon [_thread_blocked, id=3872, stack(0x05150000,0x051a0000)] 0x03427c00 JavaThread "APlayer-14" daemon [_thread_blocked, id=3428, stack(0x05100000,0x05150000)] 0x0347d400 JavaThread "APlayer-13" daemon [_thread_blocked, id=2884, stack(0x050b0000,0x05100000)] 0x03e70800 JavaThread "APlayer-12" daemon [_thread_blocked, id=1364, stack(0x05060000,0x050b0000)] 0x00db6400 JavaThread "APlayer-11" daemon [_thread_blocked, id=2156, stack(0x05010000,0x05060000)] 0x03e7c400 JavaThread "APlayer-10" daemon [_thread_blocked, id=2432, stack(0x04fc0000,0x05010000)] 0x00d85c00 JavaThread "APlayer-9" daemon [_thread_blocked, id=2804, stack(0x04f70000,0x04fc0000)] 0x00d62400 JavaThread "APlayer-8" daemon [_thread_blocked, id=124, stack(0x04f20000,0x04f70000)] 0x034f6400 JavaThread "APlayer-7" daemon [_thread_blocked, id=2676, stack(0x04ed0000,0x04f20000)] 0x03ef6400 JavaThread "APlayer-6" daemon [_thread_blocked, id=324, stack(0x04a80000,0x04ad0000)] 0x00d5f400 JavaThread "APlayer-5" daemon [_thread_blocked, id=2208, stack(0x04a30000,0x04a80000)] 0x03450400 JavaThread "APlayer-4" daemon [_thread_blocked, id=828, stack(0x049e0000,0x04a30000)] 0x034f3400 JavaThread "APlayer-3" daemon [_thread_blocked, id=1196, stack(0x04990000,0x049e0000)] 0x03496400 JavaThread "APlayer-2" daemon [_thread_blocked, id=2284, stack(0x04940000,0x04990000)] 0x034e0400 JavaThread "APlayer-1" daemon [_thread_blocked, id=3100, stack(0x046f0000,0x04740000)] 0x00dcc400 JavaThread "APlayer-0" daemon [_thread_blocked, id=452, stack(0x046a0000,0x046f0000)] 0x03e7d800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3244, stack(0x04550000,0x045a0000)] 0x03e71000 JavaThread "JSThread" daemon [_thread_blocked, id=2516, stack(0x042d0000,0x04320000)] 0x034f7400 JavaThread "Surface" daemon [_thread_blocked, id=1164, stack(0x04280000,0x042d0000)] 0x03e65000 JavaThread "Win32Granularity" daemon [_thread_blocked, id=3656, stack(0x04230000,0x04280000)] 0x034e1400 JavaThread "SystemTimer" daemon [_thread_blocked, id=2916, stack(0x041e0000,0x04230000)] 0x03493000 JavaThread "LogTimer" daemon [_thread_blocked, id=2832, stack(0x04190000,0x041e0000)] 0x034fe400 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=4084, stack(0x03d40000,0x03d90000)] 0x034fa000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3960, stack(0x03cf0000,0x03d40000)] 0x034f8c00 JavaThread "TimerQueue" daemon [_thread_blocked, id=3160, stack(0x03ca0000,0x03cf0000)] 0x03372000 JavaThread "thread applet-games.klaverjassen.client.KJClient.class-1" [_thread_blocked, id=3444, stack(0x03a70000,0x03ac0000)] 0x03324400 JavaThread "AWT-Shutdown" [_thread_blocked, id=2568, stack(0x032c0000,0x03310000)] 0x03363c00 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=3596, stack(0x03ac0000,0x03b10000)] 0x0331ac00 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=2288, stack(0x03a20000,0x03a70000)] 0x03376400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3356, stack(0x036e0000,0x03730000)] 0x03351000 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=1016, stack(0x037d0000,0x03820000)] 0x03350400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3156, stack(0x03780000,0x037d0000)] 0x0332a400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2620, stack(0x03730000,0x03780000)] 0x03321c00 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=1688, stack(0x03690000,0x036e0000)] =>0x0331c400 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3400, stack(0x009d0000,0x00ad0000)] 0x03316800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4044, stack(0x03560000,0x035b0000)] 0x00dd4c00 JavaThread "Timer-0" [_thread_blocked, id=924, stack(0x03270000,0x032c0000)] 0x00d6dc00 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=4076, stack(0x03220000,0x03270000)] 0x00d51800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1564, stack(0x00fc0000,0x01010000)] 0x00d42c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=3536, stack(0x00f70000,0x00fc0000)] 0x00d41400 JavaThread "Attach Listener" daemon [_thread_blocked, id=1852, stack(0x00f20000,0x00f70000)] 0x00d40000 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2196, stack(0x00ed0000,0x00f20000)] 0x00d3c800 JavaThread "Finalizer" daemon [_thread_blocked, id=2772, stack(0x00e80000,0x00ed0000)] 0x00d37c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=3468, stack(0x00e30000,0x00e80000)] 0x008d8000 JavaThread "main" [_thread_blocked, id=2816, stack(0x00960000,0x009b0000)] Other Threads: 0x00cfbc00 VMThread [stack: 0x00de0000,0x00e30000] [id=3060] 0x00d65000 WatcherThread [stack: 0x01010000,0x01060000] [id=1560] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 28864K, used 7137K [0x269e0000, 0x28930000, 0x2a9e0000) eden space 25664K, 15% used [0x269e0000, 0x26db9d60, 0x282f0000) from space 3200K, 99% used [0x282f0000, 0x2860e9c8, 0x28610000) to space 3200K, 0% used [0x28610000, 0x28610000, 0x28930000) tenured generation total 63996K, used 58392K [0x2a9e0000, 0x2e85f000, 0x329e0000) the space 63996K, 91% used [0x2a9e0000, 0x2e2e6098, 0x2e2e6200, 0x2e85f000) compacting perm gen total 12288K, used 11079K [0x329e0000, 0x335e0000, 0x369e0000) the space 12288K, 90% used [0x329e0000, 0x334b1da0, 0x334b1e00, 0x335e0000) ro space 10240K, 51% used [0x369e0000, 0x36f0d0b8, 0x36f0d200, 0x373e0000) rw space 12288K, 54% used [0x373e0000, 0x37a79570, 0x37a79600, 0x37fe0000) Code Cache [0x010d0000, 0x01650000, 0x030d0000) total_blobs=2992 nmethods=2720 adapters=206 free_code_cache=27811392 largest_free_block=192 Dynamic libraries: 0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe 0x7c900000 - 0x7c9b8000 C:\WINDOWS\system32\ntdll.dll 0x7c7d0000 - 0x7c8d0000 C:\WINDOWS\system32\kernel32.dll 0x64d00000 - 0x64d34000 C:\Program Files\AVAST Software\Avast\snxhk.dll 0x77f40000 - 0x77feb000 C:\WINDOWS\system32\ADVAPI32.dll 0x77da0000 - 0x77e33000 C:\WINDOWS\system32\RPCRT4.dll 0x77f10000 - 0x77f21000 C:\WINDOWS\system32\Secur32.dll 0x5cfa0000 - 0x5cfc6000 C:\WINDOWS\system32\ShimEng.dll 0x71600000 - 0x71679000 C:\WINDOWS\AppPatch\AcLayers.DLL 0x7e390000 - 0x7e421000 C:\WINDOWS\system32\USER32.dll 0x77e40000 - 0x77e89000 C:\WINDOWS\system32\GDI32.dll 0x7c9c0000 - 0x7d1e2000 C:\WINDOWS\system32\SHELL32.dll 0x77be0000 - 0x77c38000 C:\WINDOWS\system32\msvcrt.dll 0x77e90000 - 0x77f06000 C:\WINDOWS\system32\SHLWAPI.dll 0x774a0000 - 0x775de000 C:\WINDOWS\system32\ole32.dll 0x76970000 - 0x76a25000 C:\WINDOWS\system32\USERENV.dll 0x72f70000 - 0x72f96000 C:\WINDOWS\system32\WINSPOOL.DRV 0x76330000 - 0x7634d000 C:\WINDOWS\system32\IMM32.DLL 0x77390000 - 0x77493000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll 0x6d7f0000 - 0x6da9f000 C:\Program Files\Java\jre6\bin\client\jvm.dll 0x76af0000 - 0x76b1e000 C:\WINDOWS\system32\WINMM.dll 0x5d1a0000 - 0x5d1a7000 C:\WINDOWS\system32\serwvdrv.dll 0x5b4c0000 - 0x5b4c7000 C:\WINDOWS\system32\umdmxfrm.dll 0x6d7a0000 - 0x6d7ac000 C:\Program Files\Java\jre6\bin\verify.dll 0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll 0x6d000000 - 0x6d14c000 C:\Program Files\Java\jre6\bin\awt.dll 0x5b190000 - 0x5b1c8000 C:\WINDOWS\system32\uxtheme.dll 0x6d7e0000 - 0x6d7ef000 C:\Program Files\Java\jre6\bin\zip.dll 0x6d420000 - 0x6d426000 C:\Program Files\Java\jre6\bin\jp2native.dll 0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll 0x77a40000 - 0x77ad6000 C:\WINDOWS\system32\CRYPT32.dll 0x77ae0000 - 0x77af2000 C:\WINDOWS\system32\MSASN1.dll 0x770e0000 - 0x7716b000 C:\WINDOWS\system32\OLEAUT32.dll 0x40ca0000 - 0x40d86000 C:\WINDOWS\system32\WININET.dll 0x01060000 - 0x01069000 C:\WINDOWS\system32\Normaliz.dll 0x456d0000 - 0x45803000 C:\WINDOWS\system32\urlmon.dll 0x41340000 - 0x4152b000 C:\WINDOWS\system32\iertutil.dll 0x6d6a0000 - 0x6d6e6000 C:\Program Files\Java\jre6\bin\regutils.dll 0x77bd0000 - 0x77bd8000 C:\WINDOWS\system32\VERSION.dll 0x6d600000 - 0x6d613000 C:\Program Files\Java\jre6\bin\net.dll 0x71a30000 - 0x71a47000 C:\WINDOWS\system32\WS2_32.dll 0x71a20000 - 0x71a28000 C:\WINDOWS\system32\WS2HELP.dll 0x6d620000 - 0x6d629000 C:\Program Files\Java\jre6\bin\nio.dll 0x746a0000 - 0x746ec000 C:\WINDOWS\system32\MSCTF.dll 0x77b00000 - 0x77b22000 C:\WINDOWS\system32\apphelp.dll 0x75250000 - 0x7527e000 C:\WINDOWS\system32\msctfime.ime 0x6d230000 - 0x6d27f000 C:\Program Files\Java\jre6\bin\fontmanager.dll 0x719d0000 - 0x71a10000 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 - 0x76f07000 C:\WINDOWS\system32\DNSAPI.dll 0x76d20000 - 0x76d39000 C:\WINDOWS\system32\iphlpapi.dll 0x76f70000 - 0x76f78000 C:\WINDOWS\System32\winrnr.dll 0x76f20000 - 0x76f4d000 C:\WINDOWS\system32\WLDAP32.dll 0x76f80000 - 0x76f86000 C:\WINDOWS\system32\rasadhlp.dll 0x61200000 - 0x61259000 C:\WINDOWS\system32\hnetcfg.dll 0x71a10000 - 0x71a18000 C:\WINDOWS\System32\wshtcpip.dll 0x6d510000 - 0x6d535000 C:\Program Files\Java\jre6\bin\jsound.dll 0x6d540000 - 0x6d548000 C:\Program Files\Java\jre6\bin\jsoundds.dll 0x73e80000 - 0x73edc000 C:\WINDOWS\system32\DSOUND.dll 0x76bf0000 - 0x76c1e000 C:\WINDOWS\system32\WINTRUST.dll 0x76c50000 - 0x76c78000 C:\WINDOWS\system32\IMAGEHLP.dll 0x72c90000 - 0x72c99000 C:\WINDOWS\system32\wdmaud.drv 0x72c80000 - 0x72c88000 C:\WINDOWS\system32\msacm32.drv 0x77bb0000 - 0x77bc5000 C:\WINDOWS\system32\MSACM32.dll 0x77ba0000 - 0x77ba7000 C:\WINDOWS\system32\midimap.dll 0x73e50000 - 0x73e54000 C:\WINDOWS\system32\KsUser.dll 0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll 0x6ff20000 - 0x6ff75000 C:\WINDOWS\system32\netapi32.dll 0x6d550000 - 0x6d559000 C:\Program Files\Java\jre6\bin\management.dll 0x6d440000 - 0x6d465000 C:\Program Files\Java\jre6\bin\jpeg.dll 0x6d1a0000 - 0x6d1c3000 C:\Program Files\Java\jre6\bin\dcpr.dll 0x76bb0000 - 0x76bbb000 C:\WINDOWS\system32\PSAPI.DLL VM Arguments: jvm_args: -D__jvm_launched=2775417224 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Dsun.awt.warmup=true -Xmx192m java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2232_pipe3,read_pipe_name=jpi2_pid2232_pipe2 Launcher Type: SUN_STANDARD Environment Variables: PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\WINDOWS\system32\WindowsPowerShell\v1.0 USERNAME=Eigenaar OS=Windows_NT PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel --------------- S Y S T E M --------------- OS: Windows XP Build 2600 Service Pack 3 CPU:total 1 (1 cores per cpu, 1 threads per core) family 15 model 2 stepping 9, cmov, cx8, fxsr, mmx, sse, sse2 Memory: 4k page, physical 2619376k(1925052k free), swap 3999400k(3534660k free) vm_info: Java HotSpot Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003) time: Tue Jan 03 17:02:03 2012 elapsed time: 2600 seconds
-
Ik heb geprobeerd op andere locaties te kijken zonder results Via HijakThis lukt het ook niet. Ik stel voor tenzij het voor u een echte uitdaging wordt om het e.e.a. te laten zoals het nu is. U zei dat het geen schade kon veroorzaken. Uiteraard ben ik bereid door te gaan als u dit zou willen. In ieder geval::::zeer bedankt voor de moeite die u gedaan heeft mvg
-
goede morgen: 1) Het CLSID nummer gevonden en gedelete 2) CCleaner laten schoonmaken en het register ook 3) Voor alle zekerheid nog even Eusing free registry cleaner gedraaid. Daar komen dan altijd weer nieuwe fouten uit (een stuk of 40) 4) alle programma's laten draaien tot dat ze zeiden dat er geen fouten meer gevonden waren 5) Hijacked gedraaid en .....het staat er nog steeds. Zou het kunnen dat het e.e.a nog op mijn F schijf (externe schijf) staat?
-
Ok. Babylon verwijderd! Als u de "Imesh" problemen bedoeld. Die heb ik allemaal kunnen verwijderen. Blijft er eigelijk nog maar een ding over en dat is dat 03 (no file) Toolbar item. Als u zegt dat het verder geen kwaad kan zou alles opgelost zijn. (zoals gewoonlijk met jullie helpdesk!) Ik wacht nog even op uw commentaar inz. dit item voordat ik deze tread afsluit. (voor alle zekerheid) Het rare met dit soort problemen is dat ik niet weet hoe het e.e.a. ontstaat. Ik ben geen downloader van allerlei items. Ik gebruik de computer hoofdzakelijk om een beetje te surfen, foto en video's te bewerken en onderhoud van een website. Ik ruim regelmatig op via CCleaner en Eusing free registry cleaner en af en toe draai ik ook nog Anti Malware. Eigelijk is de vraag aan u: Wat kan ik nou nog meer doen om het e.e.a. netjes op orde te houden. Blijft over u nogmaals hartelijk te danken voor uw grote hulp mvg Jacques
-
Allereerst de beste wensen voor 2012. Moge al uw wensen uitkomen. hier de log file. Hijjack komt erachter aan ComboFix 11-12-31.03 - Eigenaar 01/01/2012 2:33.8.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2558.2093 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar.DELL\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar.DELL\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . F:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))) . . 2012-01-01 01:14 . 2001-09-06 20:26 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2012-01-01 01:14 . 2001-09-06 20:26 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2012-01-01 01:14 . 2001-09-06 20:26 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2012-01-01 01:14 . 2001-09-06 20:26 8192 ----a-w- c:\windows\system32\kbdkor.dll 2012-01-01 01:14 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll 2012-01-01 01:14 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2012-01-01 01:14 . 2001-08-17 21:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2012-01-01 01:14 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2012-01-01 01:14 . 2001-08-17 21:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll 2012-01-01 01:14 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll 2012-01-01 01:14 . 2008-04-14 18:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2012-01-01 01:14 . 2008-04-14 18:01 6144 ----a-w- c:\windows\system32\kbd106.dll 2011-12-31 12:11 . 2012-01-01 01:27 -------- d--h--r- c:\documents and settings\Eigenaar.DELL\Onlangs geopend 2011-12-30 19:51 . 2011-12-31 08:47 -------- d-----w- c:\program files\Unlocker 2011-12-30 19:50 . 2011-12-30 19:50 -------- d-----w- c:\program files\BabylonToolbar . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2010-08-07 18:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-28 18:01 . 2011-10-03 21:23 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2011-10-03 21:23 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-10-03 21:23 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2011-10-03 21:23 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2011-10-03 21:23 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2011-10-03 21:23 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2011-10-03 21:23 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2011-10-03 21:23 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2011-10-03 21:23 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2011-10-03 21:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-26 09:53 . 2011-11-26 09:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-26 09:53 . 2010-04-15 21:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-25 22:08 . 2011-11-25 22:08 388096 ----a-r- c:\documents and settings\Eigenaar.DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 12:34 . 2011-05-19 09:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-04 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2004-08-04 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-01-18 14:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 1999-05-03 14:01 . 1999-05-03 14:01 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL 1998-12-08 23:53 . 1998-12-08 23:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL 1998-12-08 23:53 . 1998-12-08 23:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL 2011-09-29 07:28 . 2011-10-05 09:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-06 94208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Poort voor Symantec Fax Starter Edition.lnk] backup=c:\windows\pss\Poort voor Symantec Fax Starter Edition.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^hpqtra08.exe] path=c:\documents and settings\Eigenaar.DELL\Menu Start\Programma's\Opstarten\hpqtra08.exe backup=c:\windows\pss\hpqtra08.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^Secunia PSI.lnk] backup=c:\windows\pss\Secunia PSI.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-10-27 09:00 1015808 ----a-w- c:\program files\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-02-10 09:51 118784 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-06-02 07:28 81920 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-10 09:55 155648 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2003-12-06 00:12 102400 ----a-w- c:\program files\Common Files\Logitech\PDDriver\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2008-07-21 15:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor] 2008-09-30 12:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2010-12-20 21:18 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-03-10 22:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Ares\\Ares.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/3/2011 10:23 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2011 10:23 PM 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2011 10:23 PM 20568] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38 PM 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/21/2008 10:56 AM 20160] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38 PM 136176] S3 netr73;Sitecom RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [9/3/2011 2:04 PM 256000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . 2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003Core.job - c:\documents and settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 21:10] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003UA.job - c:\documents and settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 21:10] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ mSearch Bar = hxxp://www.google.com IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://gocanaria.ath.cx:8000/kxhcm10.ocx DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://83.84.124.118:9999/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Eigenaar.DELL\Application Data\Mozilla\Firefox\Profiles\qpn01x6z.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-01-01 02:49 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1177238915-484061587-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Voltooingstijd: 2012-01-01 02:54:48 ComboFix-quarantined-files.txt 2012-01-01 01:54 ComboFix2.txt 2011-12-31 13:05 ComboFix3.txt 2011-10-02 11:25 ComboFix4.txt 2010-08-08 10:25 . Pre-Run: 34,694,963,200 bytes beschikbaar Post-Run: 34,704,039,936 bytes beschikbaar . - - End Of File - - BB59FC8B47010188A11695E5ECD84C91 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:58:03 AM, on 1/1/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Golden Tiger Casino - {75AABD81-2A24-404E-8389-067312F231D7} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://gocanaria.ath.cx:8000/kxhcm10.ocx O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://www.bartboos.com:88/JpegInst.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sers10.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://83.84.124.118:9999/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://rivernile.microgaming.com/rivernile/FlashAX2.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe -- End of file - 8887 bytes
-
Ter info Ik heb (voordat ik Hijacked and Combofix draaide) wel CCleaner gedraaid en Eusingfree register. Misschien dat het daardoor komt dat er nu 1 file weg is? ---------- Post toegevoegd om 14:47 ---------- Vorige post was om 14:34 ---------- Ik moet helaas voor de rest van dit jaar weg. Ik wens u allen een prettige jaarwisseling toe en al het goede voor 2012 mvg
-
hier is de logfile Hijack komt eraan ComboFix 11-12-31.02 - Eigenaar 12/31/2011 13:45:35.7.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2558.2049 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar.DELL\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar.DELL\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . F:\Autorun.inf . ---- Voorgaande Run ------- . F:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))) . . 2011-12-31 12:11 . 2011-12-31 12:40 -------- d--h--r- c:\documents and settings\Eigenaar.DELL\Onlangs geopend 2011-12-30 19:51 . 2011-12-31 08:47 -------- d-----w- c:\program files\Unlocker 2011-12-30 19:50 . 2011-12-30 19:50 -------- d-----w- c:\program files\BabylonToolbar . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 14:24 . 2010-08-07 18:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-28 18:01 . 2011-10-03 21:23 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2011-10-03 21:23 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-10-03 21:23 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2011-10-03 21:23 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2011-10-03 21:23 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2011-10-03 21:23 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2011-10-03 21:23 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2011-10-03 21:23 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2011-10-03 21:23 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2011-10-03 21:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-26 09:53 . 2011-11-26 09:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-26 09:53 . 2010-04-15 21:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-25 22:08 . 2011-11-25 22:08 388096 ----a-r- c:\documents and settings\Eigenaar.DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-23 14:40 . 2004-08-04 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 12:34 . 2011-05-19 09:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-04 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2004-08-04 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2004-08-04 00:58 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-01-18 14:09 692736 ----a-w- c:\windows\system32\inetcomm.dll 1999-05-03 14:01 . 1999-05-03 14:01 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL 1998-12-08 23:53 . 1998-12-08 23:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL 1998-12-08 23:53 . 1998-12-08 23:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL 1998-12-08 23:53 . 1998-12-08 23:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL 2011-09-29 07:28 . 2011-10-05 09:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-10 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-06 94208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Poort voor Symantec Fax Starter Edition.lnk] backup=c:\windows\pss\Poort voor Symantec Fax Starter Edition.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^hpqtra08.exe] path=c:\documents and settings\Eigenaar.DELL\Menu Start\Programma's\Opstarten\hpqtra08.exe backup=c:\windows\pss\hpqtra08.exeStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^Secunia PSI.lnk] backup=c:\windows\pss\Secunia PSI.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-10-27 09:00 1015808 ----a-w- c:\program files\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-02-10 09:51 118784 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-06-02 07:28 81920 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-10 09:55 155648 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2003-12-06 00:12 102400 ----a-w- c:\program files\Common Files\Logitech\PDDriver\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2008-07-21 15:16 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor] 2008-09-30 12:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2010-12-20 21:18 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-03-10 22:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Ares\\Ares.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/3/2011 10:23 PM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2011 10:23 PM 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2011 10:23 PM 20568] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38 PM 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/21/2008 10:56 AM 20160] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38 PM 136176] S3 netr73;Sitecom RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [9/3/2011 2:04 PM 256000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38] . 2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003Core.job - c:\documents and settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 21:10] . 2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003UA.job - c:\documents and settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 21:10] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nu.nl/ mSearch Bar = hxxp://www.google.com IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://gocanaria.ath.cx:8000/kxhcm10.ocx DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://83.84.124.118:9999/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Eigenaar.DELL\Application Data\Mozilla\Firefox\Profiles\qpn01x6z.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-31 14:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1177238915-484061587-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Voltooingstijd: 2011-12-31 14:05:49 ComboFix-quarantined-files.txt 2011-12-31 13:05 ComboFix2.txt 2011-10-02 11:25 ComboFix3.txt 2010-08-08 10:25 . Pre-Run: 34,828,783,616 bytes beschikbaar Post-Run: 34,850,578,432 bytes beschikbaar . - - End Of File - - 61D86DC31EDAED000AAFCD0786777FEA ---------- Post toegevoegd om 14:11 ---------- Vorige post was om 14:09 ---------- Er is er 1 weg! Ik heb geprobeerd die andere te delete. Zonder results see logfile Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:10:07 PM, on 12/31/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Golden Tiger Casino - {75AABD81-2A24-404E-8389-067312F231D7} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://gocanaria.ath.cx:8000/kxhcm10.ocx O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://www.bartboos.com:88/JpegInst.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sers10.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://83.84.124.118:9999/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://rivernile.microgaming.com/rivernile/FlashAX2.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe -- End of file - 9476 bytes
-
ik heb op de desbetreffende file in Hijackthis ook nog even op de infoknop gedrukt en toen kwam de volgende tekst. De laatste zin is misschien belangrijk te weten voor u? Bij de andere kwam dezelfde tekst eruit. 03- Toolbar: (no name)- !{EE6C35B-6118-11DC-9C72-001320C79847} - (no file) Detailed information on item 03 IE Toolbars are part of BHO's (Browser Helper Objects) like the Google Toolbar that are helpful, but can also be anoying and malicious by tracking your behaviour and displaying popup ads. (Action taken: Registry value is deleted)
-
Hier is het log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:57:10 AM, on 12/31/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [babylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Golden Tiger Casino - {75AABD81-2A24-404E-8389-067312F231D7} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://gocanaria.ath.cx:8000/kxhcm10.ocx O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://www.bartboos.com:88/JpegInst.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sers10.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://83.84.124.118:9999/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://rivernile.microgaming.com/rivernile/FlashAX2.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe -- End of file - 9816 bytes
-
Beste mensen, Al hoewel deze tread nog open staat wilde ik toch van de gelegenheid gebruik maken om iedereen die deze site mogelijk maken hartelijk te bedanken voor hun inzet en hulp. Ik heb diverse keren dit jaar gebruik kunnen maken van jullie hulp en allemaal met een positief resultaat! Ik wens jullie veel geluk en gezondheid toe in 2012. Heel veel succes mvg
-
Ok dat is een begin. De twee files die ik via Hijjackthis moest deleten heb ik ook in de veilige modus niet kunnen deleten. Voor de goede order: Ik scan en dan vink ik de beide files aan en dan druk ik op "fix checked" Hij zegt dan iets van dat hij de files delete of repair. Dan druk ik op ok. Ik neem aan dat dit alles goed is? Unlocker heb ik installed maar is totaal onduidelijk voor me. Als ik de F schijf kiest geeft u maar twee items met iets van svhost. Hoe werkt dat programma? Alvast bedankt Ps: Ondertussen (voordat ik Combofix als laatst draaide en het logboek verzond) een tweede waarschuwing gehad inzake de java runtime error ---------- Post toegevoegd om 21:12 ---------- Vorige post was om 21:04 ---------- sry sry. ik was weer te hasstig hoe ik unlocker moet gebruiken. Blijft allen nog die 2 files met hijack mvg ---------- Post toegevoegd om 21:18 ---------- Vorige post was om 21:12 ---------- Unlocker....alle files inz Imesh opgeruimd met unlocker. bedankt voor uw hulp Nu nog die 2 files mvg
-
voor alle zekerheid. Ik heb het mapje CFScript naar het icoon van Combofix op mijn desktop versleept en toen starte het programma. Hieronder het logfile Verder>>>ik zal nog een keer proberen de 2 items van Hijackthis te deleten. Daar kom ik zsm op terug ComboFix 11-12-29.05 - Eigenaar 12/30/2011 17:03:41.6.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2558.2071 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Eigenaar.DELL\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: C:\Documents and Settings\Eigenaar.DELL\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) F:\Autorun.inf ---- Voorgaande Run ------- F:\autorun.inf (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))) 2011-12-26 09:56:17 . 2011-12-30 16:00:31 -------- d--h--r- C:\Documents and Settings\Eigenaar.DELL\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-12-10 14:24:06 . 2010-08-07 18:12:37 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-11-28 18:01:25 . 2011-10-03 21:23:35 41184 ----a-w- C:\WINDOWS\avastSS.scr 2011-11-28 18:01:23 . 2011-10-03 21:23:33 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe 2011-11-28 17:53:53 . 2011-10-03 21:23:53 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys 2011-11-28 17:53:35 . 2011-10-03 21:23:56 314456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys 2011-11-28 17:52:19 . 2011-10-03 21:23:54 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys 2011-11-28 17:52:16 . 2011-10-03 21:23:53 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys 2011-11-28 17:52:02 . 2011-10-03 21:23:52 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys 2011-11-28 17:51:59 . 2011-10-03 21:23:52 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys 2011-11-28 17:51:50 . 2011-10-03 21:23:56 20568 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011-11-28 17:48:49 . 2011-10-03 21:23:52 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys 2011-11-26 09:53:27 . 2011-11-26 09:53:48 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2011-11-26 09:53:26 . 2010-04-15 21:42:06 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-11-25 22:08:34 . 2011-11-25 22:08:34 388096 ----a-r- C:\Documents and Settings\Eigenaar.DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-23 14:40:48 . 2004-08-04 12:00:00 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys 2011-11-20 12:34:10 . 2011-05-19 09:06:30 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13:23 . 2004-08-04 12:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll 2011-11-04 19:13:22 . 2004-08-04 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll 2011-11-04 19:13:22 . 2004-08-04 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl 2011-11-04 11:25:39 . 2004-08-04 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec 2011-11-01 16:07:16 . 2004-08-04 12:00:00 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll 2011-10-28 05:32:20 . 2004-08-04 12:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll 2011-10-26 10:50:04 . 2004-08-04 12:00:00 2197120 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe 2011-10-26 10:50:04 . 2004-08-04 00:58:08 2073728 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe 2011-10-18 11:13:37 . 2004-08-04 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll 2011-10-10 14:22:51 . 2008-01-18 14:09:04 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll 1999-05-03 14:01:18 . 1999-05-03 14:01:18 99840 ----a-w- C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 70144 ----a-w- C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 48640 ----a-w- C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 31744 ----a-w- C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 186368 ----a-w- C:\Program Files\Common Files\IRAREG.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 17920 ----a-w- C:\Program Files\Common Files\IRASRIAL.DLL 2011-09-29 07:28:21 . 2011-10-05 09:04:18 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((( SnapShot@2011-12-30_11.51.09 ))))))))))))))))))))))))))))))))))))))))) + 2011-12-30 15:56:46 . 2011-12-30 15:56:46 16384 C:\WINDOWS\Temp\Perflib_Perfdata_424.dat ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-10 22:04:25 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-06 17:10:12 94208] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 09:55:32 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 09:51:30 118784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:42:54 1404928] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Poort voor Symantec Fax Starter Edition.lnk] backup=C:\WINDOWS\pss\Poort voor Symantec Fax Starter Edition.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^hpqtra08.exe] path=C:\Documents and Settings\Eigenaar.DELL\Menu Start\Programma's\Opstarten\hpqtra08.exe backup=C:\WINDOWS\pss\hpqtra08.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^Secunia PSI.lnk] backup=C:\WINDOWS\pss\Secunia PSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-10-27 09:00:02 1015808 ----a-w- C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-02-10 09:51:30 118784 ----a-w- C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27:58 49152 -c--a-w- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-06-02 07:28:22 81920 ----a-w- C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-10 09:55:32 155648 ----a-w- C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2003-12-06 00:12:12 102400 ----a-w- C:\Program Files\Common Files\Logitech\PDDriver\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2008-07-21 15:16:06 169312 ----a-w- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor] 2008-09-30 12:06:50 485208 ----a-w- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2010-12-20 21:18:16 20480 ----a-w- C:\Program Files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-03-10 22:04:25 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [10/3/2011 10:23:53 PM 435032] R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [10/3/2011 10:23:56 PM 314456] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [10/3/2011 10:23:56 PM 20568] S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38:26 PM 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\drivers\ADM8511.SYS [1/21/2008 10:56:44 AM 20160] S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38:26 PM 136176] S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\WINDOWS\system32\drivers\netr73.sys [9/3/2011 2:04:05 PM 256000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper Inhoud van de 'Gedeelde Taken' map 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38:26 . 2010-08-20 14:38:02] 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38:26 . 2010-08-20 14:38:02] 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003Core.job - C:\Documents and Settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 15:04:24 . 2011-10-28 21:10:21] 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003UA.job - C:\Documents and Settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 15:04:24 . 2011-10-28 21:10:21] ------- Bijkomende Scan ------- uStart Page = hxxp://www.nu.nl/ mSearch Bar = hxxp://www.google.com IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://gocanaria.ath.cx:8000/kxhcm10.ocx DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://83.84.124.118:9999/activex/AMC.cab FF - ProfilePath - C:\Documents and Settings\Eigenaar.DELL\Application Data\Mozilla\Firefox\Profiles\qpn01x6z.default\ FF - prefs.js: network.proxy.type - 0 - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
-
Ik heb met Hijakthis de 2 files geprobeerd te deleten maar ze bleven gewoon staan! Heb de vakjes ervoor aangevinkt en toen op fixed check gedrukt. Er kwam een popup met de vraag of ik ze inderdaad wilde deleten en ik heb ok gedrukt. hieronder de combofix file ComboFix 11-12-29.05 - Eigenaar 12/30/2011 12:34:33.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2558.2096 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Eigenaar.DELL\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\All Users\Application Data\TEMP F:\autorun.inf (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))) 2011-12-26 09:56:17 . 2011-12-30 10:58:34 -------- d--h--r- C:\Documents and Settings\Eigenaar.DELL\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-12-10 14:24:06 . 2010-08-07 18:12:37 20464 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-11-28 18:01:25 . 2011-10-03 21:23:35 41184 ----a-w- C:\WINDOWS\avastSS.scr 2011-11-28 18:01:23 . 2011-10-03 21:23:33 199816 ----a-w- C:\WINDOWS\system32\aswBoot.exe 2011-11-28 17:53:53 . 2011-10-03 21:23:53 435032 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys 2011-11-28 17:53:35 . 2011-10-03 21:23:56 314456 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys 2011-11-28 17:52:19 . 2011-10-03 21:23:54 34392 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys 2011-11-28 17:52:16 . 2011-10-03 21:23:53 52952 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys 2011-11-28 17:52:02 . 2011-10-03 21:23:52 111320 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys 2011-11-28 17:51:59 . 2011-10-03 21:23:52 105176 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys 2011-11-28 17:51:50 . 2011-10-03 21:23:56 20568 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011-11-28 17:48:49 . 2011-10-03 21:23:52 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys 2011-11-26 09:53:27 . 2011-11-26 09:53:48 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl 2011-11-26 09:53:26 . 2010-04-15 21:42:06 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll 2011-11-25 22:08:34 . 2011-11-25 22:08:34 388096 ----a-r- C:\Documents and Settings\Eigenaar.DELL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-23 14:40:48 . 2004-08-04 12:00:00 1859712 ----a-w- C:\WINDOWS\system32\win32k.sys 2011-11-20 12:34:10 . 2011-05-19 09:06:30 414368 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:13:23 . 2004-08-04 12:00:00 916992 ----a-w- C:\WINDOWS\system32\wininet.dll 2011-11-04 19:13:22 . 2004-08-04 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll 2011-11-04 19:13:22 . 2004-08-04 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl 2011-11-04 11:25:39 . 2004-08-04 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec 2011-11-01 16:07:16 . 2004-08-04 12:00:00 1288192 ----a-w- C:\WINDOWS\system32\ole32.dll 2011-10-28 05:32:20 . 2004-08-04 12:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll 2011-10-26 10:50:04 . 2004-08-04 12:00:00 2197120 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe 2011-10-26 10:50:04 . 2004-08-04 00:58:08 2073728 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe 2011-10-18 11:13:37 . 2004-08-04 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll 2011-10-10 14:22:51 . 2008-01-18 14:09:04 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll 1999-05-03 14:01:18 . 1999-05-03 14:01:18 99840 ----a-w- C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 70144 ----a-w- C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 48640 ----a-w- C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 31744 ----a-w- C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 186368 ----a-w- C:\Program Files\Common Files\IRAREG.DLL 1998-12-08 23:53:54 . 1998-12-08 23:53:54 17920 ----a-w- C:\Program Files\Common Files\IRASRIAL.DLL 2011-09-29 07:28:21 . 2011-10-05 09:04:18 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-10 22:04:25 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-06 17:10:12 94208] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 09:55:32 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 09:51:30 118784] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:42:54 1404928] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-11-28 18:01:24 3744552] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Poort voor Symantec Fax Starter Edition.lnk] backup=C:\WINDOWS\pss\Poort voor Symantec Fax Starter Edition.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Reality Fusion GameCam SE.lnk] backup=C:\WINDOWS\pss\Reality Fusion GameCam SE.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^hpqtra08.exe] path=C:\Documents and Settings\Eigenaar.DELL\Menu Start\Programma's\Opstarten\hpqtra08.exe backup=C:\WINDOWS\pss\hpqtra08.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.DELL^Menu Start^Programma's^Opstarten^Secunia PSI.lnk] backup=C:\WINDOWS\pss\Secunia PSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2010-10-27 09:00:02 1015808 ----a-w- C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-02-10 09:51:30 118784 ----a-w- C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-03-25 20:27:58 49152 -c--a-w- C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-06-02 07:28:22 81920 ----a-w- C:\Program Files\Hp\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2004-02-10 09:55:32 155648 ----a-w- C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2003-12-06 00:12:12 102400 ----a-w- C:\Program Files\Common Files\Logitech\PDDriver\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] 2008-07-21 15:16:06 169312 ----a-w- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor] 2008-09-30 12:06:50 485208 ----a-w- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2010-12-20 21:18:16 20480 ----a-w- C:\Program Files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-03-10 22:04:25 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office\\1043\\WFXMSRVR.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"= "C:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"= "C:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [10/3/2011 10:23:53 PM 435032] R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [10/3/2011 10:23:56 PM 314456] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [10/3/2011 10:23:56 PM 20568] S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38:26 PM 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\drivers\ADM8511.SYS [1/21/2008 10:56:44 AM 20160] S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [8/20/2010 3:38:26 PM 136176] S3 netr73;Sitecom RT73 Wireless Driver for Vista;C:\WINDOWS\system32\drivers\netr73.sys [9/3/2011 2:04:05 PM 256000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper Inhoud van de 'Gedeelde Taken' map 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38:26 . 2010-08-20 14:38:02] 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 14:38:26 . 2010-08-20 14:38:02] 2011-12-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003Core.job - C:\Documents and Settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 15:04:24 . 2011-10-28 21:10:21] 2011-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-484061587-839522115-1003UA.job - C:\Documents and Settings\Eigenaar.DELL\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-10 15:04:24 . 2011-10-28 21:10:21] ------- Bijkomende Scan ------- uStart Page = hxxp://www.nu.nl/ mSearch Bar = hxxp://www.google.com IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.0.1 DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://gocanaria.ath.cx:8000/kxhcm10.ocx DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://83.84.124.118:9999/activex/AMC.cab FF - ProfilePath - C:\Documents and Settings\Eigenaar.DELL\Application Data\Mozilla\Firefox\Profiles\qpn01x6z.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=1&sr=0&q= FF - prefs.js: network.proxy.type - 0 - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-Wincore MediaBar - C:\Program Files\iMesh Applications\MediaBar\uninstall.exe ---------- Post toegevoegd om 13:06 ---------- Vorige post was om 13:03 ---------- Wat mij ook opviel is toen ik de computer herstartte hij vroeg of ik i.e. explorer als standaar wilde. Die had ik altijd al als standaard. ---------- Post toegevoegd om 13:07 ---------- Vorige post was om 13:06 ---------- voor alle zekerheid hier nog de laatste file hijacked Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:06:48 PM, on 12/30/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Microsoft Office\Office\1043\wfxmsrvr.exe C:\PROGRA~1\MICROS~2\Office\1043\OLFMOD32.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = nu.nl | Het laatste nieuws het eerst op nu.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Golden Tiger Casino - {75AABD81-2A24-404E-8389-067312F231D7} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://gocanaria.ath.cx:8000/kxhcm10.ocx O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://www.bartboos.com:88/JpegInst.cab O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://online-virusscan.casema.nl/systemcheck/PlaNetSysInfo.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sers10.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://83.84.124.118:9999/activex/AMC.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://rivernile.microgaming.com/rivernile/FlashAX2.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe -- End of file - 9154 bytes
