kets
-
Items
15 -
Registratiedatum
-
Laatst bezocht
kets's prestaties
-
Trage pc en Java.exe verbruikt veel memory(300mb)
kets reageerde op kets's topic in Archief Internet & Netwerk
Als ik systeemherstel doe wat gaat er dan allemaal verloren dat belangrijk kan zijn? -
Trage pc en Java.exe verbruikt veel memory(300mb)
kets reageerde op kets's topic in Archief Internet & Netwerk
Er is eigenlijk nog niet veel veranderd aan de situatie, we hebben enkel paar lijntjes uit Hijackthis verwijderd. En die MBAM scan deed ik zowat elke week al. Probleem is dat mijn pc vertraagd is sinds een week of zo en weet niet wat ik gedaan heb dat dit veroorzaakt. Maar dat is ook niet het grootste probleem. Grootste probleem is die Java.exe die ik eventjes wil bekijken. Die geeft in mijn taakbeheer tijdens het spelen soms waarden aan tot 400.000 kB Denk dat dit is sinds ik de nieuwste versie van Java heb, maar hier ben ik niet zeker van. Daarvoor gaf hij nooit zo'n waarden aan. Heb ergens het volgende gevonden en geprobeerd: Sun Java Plugin - How to Increase the Java Applet Memory Limit Maar dit lukte helaas niet. Enig idee? Kets -
Trage pc en Java.exe verbruikt veel memory(300mb)
kets reageerde op kets's topic in Archief Internet & Netwerk
Sorry Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 5150 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 19/11/2010 13:13:46 mbam-log-2010-11-19 (13-13-46).txt Scantype: Snelle scan Objecten gescand: 146921 Verstreken tijd: 6 minuut/minuten, 50 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Deze 2 verwijder ik maar komen precies telkens terug R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:17:29, on 19/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Kets\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = RuneScape - MMORPG - The No.1 Free Online Multiplayer Game R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9853 bytes -
Trage pc en Java.exe verbruikt veel memory(300mb)
kets reageerde op kets's topic in Archief Internet & Netwerk
Iemand? -
Trage pc en Java.exe verbruikt veel memory(300mb)
kets plaatste een topic in Archief Internet & Netwerk
Hoi, Mijn pc is laatste tijd van de tragere kant, alhoewel ik hem regelmatig probeer schoon te houden met programma's als Ccleaner en MBAM. Run die zowat elke week. Verder heb ik een probleem sinds een week ofzo dat wanneer ik het spel Runescape speel mijn Java.exe erg hoog oploopt qua memory usage.(tot wel 350mb) en daardoor mijn acties in het spel vertragen. (lag) Ik heb de allerlaatste versie van Java pas gedownload en de vorige versies verwijderd. Wat kan ik hieraan doen?? Ik zal alvast nog een post sturen met een HijackThis logje. Groeten Kets ---------- Post toegevoegd om 19:36 ---------- Vorige post was om 19:36 ---------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:29:03, on 18/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Kets\Desktop\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = RuneScape - MMORPG - The No.1 Free Online Multiplayer Game R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - Pagina niet gevonden | Facebook O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10306 bytes -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Had laatste dagen weinig tijd, maar heb ondertussen het laatste nog gedaan. Alles is goed gelukt. Lijst van software ziet er goed uit, mappen zijn allemaal weg,... In ieder geval heel erg bedankt voor al je hulp. Je doet dat goed Moest ik in de toekomst nog eens problemen hebben kom ik zeker eerst hier langs. Groeten Kets -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Ok denk dat ik alles verwijderd heb uit het register, vond wel niet hoe je een back-up maakte daar. Laatste HijackThis scan toonde ook geen bandoo meer. Denk dat alle "rommel" er zowat af is nu Verder nog iets dat er moet gebeuren? Voor ik het vergeet. Ik heb met Ccleaner nog eens een opschoning gedaan hierna, en wou ook de registerscan doen met Ccleaner maar die gaf dingen van combofix enzo weer. Wou hier nog even mee wachten dus. En ook 'ontbrekende gedeeld dll-bestand" voor die application updater. Fixt die dat dan of doet hij gewoon die waarden weg? -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Ehhhhh dat was ff dom van me. Die "administrator" ben ik telkens vergeten. Sorry daarvoor. Zoals je hieronder ziet die Bandoo op O23 enkel nog nu. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:39:46, on 5/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9e0e53a63f40f) (gupdate1c9e0e53a63f40f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8905 bytes Wat die Mirar betreft, kan hem echt nergens vinden op de pc, ook niet als ik "Inclusief niet-geindexeerde, verborgen en systeembestanden" aanvink. Hij staat dus echt enkel bij programma's en onderdelen (software) waar ik die popup krijg als ik hem daar wil verwijderen. -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
De 1e O23 stond er niet tussen de 2 ander wel. De mappen zijn ook verwijderd. De pc ziet er al terug een heel stuk properder uit Enkel bij die Mirar krijg ik nog een pop up als ik die uit de lijst van software wil verwijderen. Die staat er al het langst op en wil er maar niet afgaan. Hier staat ie in de lijst. En dit krijg ik als ik op wijzigen/verwijderen klik Bij O23 zie ik hier in dit logje weer die Bandoo verschijnen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:06, on 3/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~1\Bandoo\BndCore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\msfeedssync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [steam] "c:\program files\steam\steam.exe" -silent (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9e0e53a63f40f) (gupdate1c9e0e53a63f40f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11549 bytes Deze onderste 3 blijven precies terugkomen in het logje! van HijackThis. Maar wanneer ik een scan doe staan die 2 eerste er niet meer tussen, de laatste wel. Vind ik wat vreemd. O15 - Trusted Zone: http: //software.kuaiche.com O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
-
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
ComboFix 10-11-03.03 - Wil 04/11/2010 15:18:37.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.2028 [GMT 1:00] Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Wil\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\Application Updater\ApplicationUpdater.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Application Updater\ApplicationUpdater.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Application Updater (((((((((((((((((((( Bestanden Gemaakt van 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))) . 2010-11-04 14:26 . 2010-11-04 14:29 -------- d-----w- c:\users\Wil\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\Yentl\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\TEMP.BUREAU\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\TEMP.BUREAU.002\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\Jesse\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\Jens\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\Jelle\AppData\Local\temp 2010-11-04 14:26 . 2010-11-04 14:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-04 05:18 . 2010-11-04 05:19 -------- d-----w- c:\users\Yentl\Later 2010-11-02 13:35 . 2010-11-02 13:36 -------- d-----w- c:\users\Jelle\AppData\Local\Microsoft Games 2010-11-02 13:26 . 2010-11-02 13:32 -------- d-----w- c:\users\Wil\AppData\Roaming\IObit 2010-11-02 13:26 . 2010-11-02 13:26 -------- d-----w- c:\program files\IObit 2010-11-02 04:50 . 2010-11-02 04:50 -------- d-----w- c:\users\Jelle\AppData\Local\Google 2010-11-02 04:49 . 2010-11-02 04:49 -------- d-----w- c:\users\Jelle\AppData\Local\ArcSoft 2010-11-01 11:34 . 2010-11-01 11:34 -------- d-----w- c:\program files\AAALOGO2010 2010-10-28 04:02 . 2010-10-28 04:02 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\f264ef151cb76542b\InstallManager_WLE_WLE.exe 2010-10-28 04:02 . 2010-10-28 04:02 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e45451451cb76541f\MeshBetaRemover.exe 2010-10-28 04:01 . 2010-10-28 04:01 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\DSETUP.dll 2010-10-28 04:01 . 2010-10-28 04:01 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\DXSETUP.exe 2010-10-28 04:01 . 2010-10-28 04:01 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\dsetup32.dll 2010-10-28 04:01 . 2010-10-28 04:01 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\DSETUP.dll 2010-10-28 04:01 . 2010-10-28 04:01 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\DXSETUP.exe 2010-10-28 04:01 . 2010-10-28 04:01 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\dsetup32.dll 2010-10-27 00:06 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-27 00:06 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-27 00:06 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-23 04:41 . 2010-10-23 04:41 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live 2010-10-23 04:33 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2010-10-16 18:32 . 2010-10-16 18:32 -------- d-----w- c:\users\Jens\AppData\Roaming\pickname 2010-10-07 02:27 . 2010-10-07 02:27 -------- d-----w- C:\filmtype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-26 16:33 . 2010-10-27 00:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:33 . 2010-10-27 00:06 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-26 16:33 . 2010-10-27 00:06 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:33 . 2010-10-27 00:06 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-17 14:11 . 2010-09-15 17:42 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-03-19 11:25 . 2009-12-31 00:18 977816 ----a-w- c:\program files\HyCam2.exe 2010-03-12 09:50 . 2009-12-31 00:18 173992 ----a-w- c:\program files\UnHyCam2.exe 2010-03-11 17:16 . 2009-12-31 00:18 132608 ----a-w- c:\program files\CamRes2.dll 2009-12-31 15:03 . 2009-12-31 00:18 44032 ----a-w- c:\program files\MClick2.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-30 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-29 328056] "Google Update"="c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-29 135664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] c:\users\Yentl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Wil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr] 2010-02-24 10:07 184768 ----a-w- c:\progra~1\WI9130~1\DataMngr\DataMngrUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera] 2007-01-30 15:50 20480 ----a-w- c:\windows\FixCamera.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-10-29 20:09 135664 ----atw- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-12-02 16:04 6695456 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2008-12-02 16:05 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 11:21 675840 ----a-w- c:\windows\vsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] 2010-04-14 14:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-30 05:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] 2006-11-29 14:11 258048 ----a-w- c:\windows\tsnp2std.exe R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R2 gupdate1c9e0e53a63f40f;Google Updateservice (gupdate1c9e0e53a63f40f);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104] R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-02-11 92672] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2009-01-30 137728] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-02-05 98304] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-20 3813096] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map 2010-11-04 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-11-02 20:33] 2010-11-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-08-26 08:32] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 05:12] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 05:12] 2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543919595-616552816-3086994397-1000Core.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 20:09] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543919595-616552816-3086994397-1000UA.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 20:09] 2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{16B0AA5A-4669-4F7C-8E78-52CFC06D54E7}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] 2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{E5C2EE66-CE7F-4C30-8A46-4DE180E2A3B9}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] 2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{F2A536CF-E7EB-4759-898F-8FF508BFE270}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Trusted Zone: kuaiche.com\software . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-04 15:28 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\Ati2evxx.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Cyberlink\Shared files\RichVideo.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\conime.exe c:\program files\AVG\AVG9\avgtray.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2010-11-04 15:35:41 - machine werd herstart ComboFix-quarantined-files.txt 2010-11-04 14:35 ComboFix2.txt 2010-11-04 08:16 Pre-Run: 658.702.442.496 bytes beschikbaar Post-Run: 658.715.111.424 bytes beschikbaar - - End Of File - - 4290E8AD2ECFD8245CA7EF16127D0B4F @@@@@@@@@@@@@@@@@@@@@@@@@@@ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:06, on 3/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~1\Bandoo\BndCore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\msfeedssync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [steam] "c:\program files\steam\steam.exe" -silent (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9e0e53a63f40f) (gupdate1c9e0e53a63f40f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11549 bytes -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Even melden, ik heb perongeluk de eerste maal op uitvoeren geklikt (uit gewoonte) om combofix te downloaden. Daarna heb ik de link nog eens geklikt en gedownload op bureaublad. Geeft dit problemen? Dan de eerste scan die ik deed had die geen logje gemaakt. (wel verschillende bestanden en mappen verwijderd) Tweede scan maakte hij het logje wel goed aan. Heb de toolbars ook wel kunnen verwijderen uit software. ------------------------------------- ComboFix 10-11-03.01 - Wil 04/11/2010 9:08.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3325.2192 [GMT 1:00] Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini c:\program files\FlashGet Network\FlashGet 3\pup.dat c:\program files\YouTube Downloader Toolbar\IE\1.0\yoUTubedownloadertoolbarie.dll c:\users\Wil\AppData\Roaming\BITS\BITS.ini c:\users\Wil\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll c:\users\Wil\AppData\Roaming\FlashGetBHO\FlashGetHook.dll c:\users\Wil\AppData\Roaming\FlashGetBHO\GetAllUrl.htm c:\users\Wil\AppData\Roaming\FlashGetBHO\GetUrl.htm c:\users\Yentl\AppData\Local\Windows Server\flags.ini c:\users\Yentl\AppData\Local\Windows Server\hlp.dat c:\users\Yentl\AppData\Local\Windows Server\server.dat c:\users\Yentl\AppData\Local\Windows Server\uses32.dat c:\users\Yentl\AppData\Roaming\34FAB4B8D4A0FFB91D8C569916572B02\enemies-names.txt c:\users\Yentl\AppData\Roaming\34FAB4B8D4A0FFB91D8C569916572B02\local.ini c:\users\Yentl\AppData\Roaming\34FAB4B8D4A0FFB91D8C569916572B02\lsrslt.ini c:\windows\libem.INI . (((((((((((((((((((( Bestanden Gemaakt van 2010-10-04 to 2010-11-04 )))))))))))))))))))))))))))))) . 2010-11-04 08:15 . 2010-11-04 08:15 -------- d-----w- c:\users\Yentl\AppData\Local\temp 2010-11-04 08:15 . 2010-11-04 08:15 -------- d-----w- c:\users\Jesse\AppData\Local\temp 2010-11-04 08:15 . 2010-11-04 08:15 -------- d-----w- c:\users\Jens\AppData\Local\temp 2010-11-04 08:15 . 2010-11-04 08:15 -------- d-----w- c:\users\Jelle\AppData\Local\temp 2010-11-04 08:15 . 2010-11-04 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-04 07:58 . 2010-11-04 08:15 -------- d-----w- c:\users\Wil\AppData\Local\temp 2010-11-04 05:18 . 2010-11-04 05:19 -------- d-----w- c:\users\Yentl\Later 2010-11-02 13:35 . 2010-11-02 13:36 -------- d-----w- c:\users\Jelle\AppData\Local\Microsoft Games 2010-11-02 13:26 . 2010-11-02 13:32 -------- d-----w- c:\users\Wil\AppData\Roaming\IObit 2010-11-02 13:26 . 2010-11-02 13:26 -------- d-----w- c:\program files\IObit 2010-11-02 04:50 . 2010-11-02 04:50 -------- d-----w- c:\users\Jelle\AppData\Local\Google 2010-11-02 04:49 . 2010-11-02 04:49 -------- d-----w- c:\users\Jelle\AppData\Local\ArcSoft 2010-11-01 11:34 . 2010-11-01 11:34 -------- d-----w- c:\program files\AAALOGO2010 2010-10-28 04:02 . 2010-10-28 04:02 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\f264ef151cb76542b\InstallManager_WLE_WLE.exe 2010-10-28 04:02 . 2010-10-28 04:02 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e45451451cb76541f\MeshBetaRemover.exe 2010-10-28 04:01 . 2010-10-28 04:01 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\DSETUP.dll 2010-10-28 04:01 . 2010-10-28 04:01 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\DXSETUP.exe 2010-10-28 04:01 . 2010-10-28 04:01 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7e3f5f51cb765418\dsetup32.dll 2010-10-28 04:01 . 2010-10-28 04:01 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\DSETUP.dll 2010-10-28 04:01 . 2010-10-28 04:01 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\DXSETUP.exe 2010-10-28 04:01 . 2010-10-28 04:01 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\d64c3ef51cb765417\dsetup32.dll 2010-10-27 00:06 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-27 00:06 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-27 00:06 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-23 04:41 . 2010-10-23 04:41 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live 2010-10-23 04:33 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll 2010-10-16 18:32 . 2010-10-16 18:32 -------- d-----w- c:\users\Jens\AppData\Roaming\pickname 2010-10-07 02:27 . 2010-10-07 02:27 -------- d-----w- C:\filmtype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-26 16:33 . 2010-10-27 00:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:33 . 2010-10-27 00:06 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-26 16:33 . 2010-10-27 00:06 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:33 . 2010-10-27 00:06 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-17 14:11 . 2010-09-15 17:42 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-03-19 11:25 . 2009-12-31 00:18 977816 ----a-w- c:\program files\HyCam2.exe 2010-03-12 09:50 . 2009-12-31 00:18 173992 ----a-w- c:\program files\UnHyCam2.exe 2010-03-11 17:16 . 2009-12-31 00:18 132608 ----a-w- c:\program files\CamRes2.dll 2009-12-31 15:03 . 2009-12-31 00:18 44032 ----a-w- c:\program files\MClick2.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] 2010-02-28 08:09 2085888 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-30 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-29 328056] "Google Update"="c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-29 135664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] c:\users\Yentl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Bandoo\BndHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Wil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incognito [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2009-04-02 16:05 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataMngr] 2010-02-24 10:07 184768 ----a-w- c:\progra~1\WI9130~1\DataMngr\DataMngrUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera] 2007-01-30 15:50 20480 ----a-w- c:\windows\FixCamera.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-10-29 20:09 135664 ----atw- c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-12-02 16:04 6695456 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] 2010-02-19 18:27 974848 ----a-w- c:\program files\YouTube Downloader Toolbar\SearchSettings.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-03-09 09:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2008-12-02 16:05 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 11:21 675840 ----a-w- c:\windows\vsnp2std.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] 2010-04-14 14:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-30 05:11 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] 2006-11-29 14:11 258048 ----a-w- c:\windows\tsnp2std.exe R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R2 gupdate1c9e0e53a63f40f;Google Updateservice (gupdate1c9e0e53a63f40f);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104] R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2009-02-11 92672] R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2009-01-30 137728] R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2009-02-05 98304] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-06-20 3813096] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-17 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-17 243024] S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map 2010-11-04 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-11-02 20:33] 2010-11-04 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-08-26 08:32] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 05:12] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 05:12] 2010-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543919595-616552816-3086994397-1000Core.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 20:09] 2010-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543919595-616552816-3086994397-1000UA.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 20:09] 2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{16B0AA5A-4669-4F7C-8E78-52CFC06D54E7}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] 2010-11-03 c:\windows\Tasks\User_Feed_Synchronization-{E5C2EE66-CE7F-4C30-8A46-4DE180E2A3B9}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] 2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{F2A536CF-E7EB-4759-898F-8FF508BFE270}.job - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = <local> IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Trusted Zone: kuaiche.com\software . - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{2D50C708-D53D-4B9F-9E44-F0BA633CAC26} - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file) WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file) WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-04 09:15 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2010-11-04 09:16:47 ComboFix-quarantined-files.txt 2010-11-04 08:16 Pre-Run: 519.633.080.320 bytes beschikbaar Post-Run: 519.559.892.992 bytes beschikbaar - - End Of File - - 0D05C6462275FECA3B3904E9B126BC0E ---------- Post toegevoegd om 09:30 ---------- Vorige post was om 09:27 ---------- Ik heb nu dus ook door dat uitvoeren ipv opslaan een map van combofix op de C-schijf staan met vanalles daarin. Kan dit kwaad en moet die weg? -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Dat eerste wat in je post stond lukt me precies niet. Moet dit in opdrachtprompt gebeuren, zo ja, dit heb ik geprobeerd maar dan zijn de opdrachten die je gaf onbekend, ofwel doe ik iets fout. Ik heb ze ook gewoon in zoeken ingegeven en enter gedrukt en dan verscheen de opdrachtpromt ook in een flits en dan weer weg. C:\Program Files\Windows Searchqu Toolbar --> kan ik niet verwijderen. Toegang wordt geweigerd. De andere mappen zijn wel verwijderd Mbam logje: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 5034 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 3/11/2010 16:45:48 mbam-log-2010-11-03 (16-45-48).txt Scantype: Snelle scan Objecten gescand: 211786 Verstreken tijd: 8 minuut/minuten, 58 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) HijackThis logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:06, on 3/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~1\Bandoo\BndCore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\msfeedssync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [steam] "c:\program files\steam\steam.exe" -silent (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9e0e53a63f40f) (gupdate1c9e0e53a63f40f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 11549 bytes Alle toolbars staan wel nog onder software via configuratiescherm. Is dit normaal? Alvast bedankt -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:43, on 3/11/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\PROGRA~1\Bandoo\BndCore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:10293 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O2 - BHO: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O2 - BHO: (no name) - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: PHPNukeDU Toolbar - {46735dee-f862-49d1-876d-6382794dc625} - C:\Program Files\PHPNukeDU\tbPHPN.dll O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\tbTogg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; AskTB5.6)" -"??jbc? Wintercollectie 2010" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [steam] "c:\program files\steam\steam.exe" -silent (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [{9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Jens\AppData\Roaming\pickname\fun.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jens') O4 - HKUS\S-1-5-21-1543919595-616552816-3086994397-1005\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://static.funnygames.nl/games/6/2536/2536.dcr" (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Jens') O4 - S-1-5-21-1543919595-616552816-3086994397-1005 User Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Jens') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU) O13 - Gopher Prefix: O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll avgrsstx.dll c:\progra~1\bandoo\bndhook.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9e0e53a63f40f) (gupdate1c9e0e53a63f40f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 15640 bytes -
ToggleDu, SearchQu en Conduit toolbars problemen
kets reageerde op kets's topic in Archief Internet & Netwerk
Iemand? -
ToggleDu, SearchQu en Conduit toolbars problemen
kets plaatste een topic in Archief Internet & Netwerk
Beste, Al een tijdje hebben we hier te kampen met enkele vervelende toolbars. Namelijk: Toggle, searchqu, en Conduit. Ook mirar zit nog steeds in het systeem. Vraag me soms echt af wat voor sites m'n jongere broer bezoekt om dit allemaal binnen te krijgen. Iemand een idee hoe ik deze allemaal verwijder? Waarsch Hijack logje maar dan zou ik wel wat meer uitleg moeten over hoe dat juist allemaal werkt met die Hijack this. Vriendelijke groeten Kets
