Ga naar inhoud

Exe-bestanden

Door Ricardo
22 december 2009 in Archief Bestrijding malware & virussen

Delen

Aanbevolen berichten

Vaste Klant

Ricardo

Geplaatst: 23 december 2009

Auteur

- Delen

Geplaatst: 23 december 2009 (aangepast)

ik heb de scan nog een keer laten lopen en nu geeft hij dit aan.Op een of andere manier heeft hij geen geinfecteerde bestanden gevonden .

Malwarebytes' Anti-Malware 1.36

Database versie: 2138

Windows 5.1.2600 Service Pack 3

23-12-2009 22:59:19

mbam-log-2009-12-23 (22-59-19).txt

Scan type: Snelle Scan

Objecten gescand: 122972

Verstreken tijd: 3 minute(s), 57 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

========================================================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:19:58, on 23-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\system32\rundll32.exe

L:\yntaa foto\YuntaaManager.exe

I:\WINDOWS\Explorer.EXE

I:\Program Files\Bonjour\mDNSResponder.exe

I:\WINDOWS\eHome\ehRecvr.exe

I:\WINDOWS\eHome\ehSched.exe

I:\WINDOWS\system32\gearsec.exe

I:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

I:\Program Files\Java\jre6\bin\jqs.exe

I:\Program Files\Common Files\LightScribe\LSSrvc.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE

I:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe

I:\Program Files\Cyberlink\Shared Files\RichVideo.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe

I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

I:\Program Files\SPAMfighter\sfus.exe

I:\WINDOWS\system32\svchost.exe

L:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe

I:\WINDOWS\system32\SearchIndexer.exe

I:\WINDOWS\system32\wscntfy.exe

I:\WINDOWS\system32\dllhost.exe

I:\WINDOWS\ehome\ehtray.exe

I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

I:\WINDOWS\eHome\ehmsas.exe

I:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

I:\Program Files\PC Connectivity Solution\ServiceLayer.exe

I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

I:\WINDOWS\RTHDCPL.EXE

I:\WINDOWS\tsnpstd3.exe

I:\Program Files\iTunes\iTunesHelper.exe

I:\WINDOWS\PixArt\PAC207\Monitor.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE

I:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE

I:\PROGRA~1\QUICKH~1\QUICKH~1\QuickUp.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\scanmsg.exe

I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE

I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

I:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe

I:\Program Files\Canon\MyPrinter\BJMyPrt.exe

I:\Program Files\iPod\bin\iPodService.exe

I:\Program Files\SPAMfighter\SFAgent.exe

I:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\backup K Schijf applicaties\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

L:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe

I:\Program Files\Windows Desktop Search\WindowsSearch.exe

L:\limewire\LimeWire.exe

I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

I:\WINDOWS\system32\msiexec.exe

I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tropal.net/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\bestanden en set ups\C3 adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - E:\backup G Schijf bestuuring\Program Files\jZip\WebmailPlugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\bestanden en set ups\C3 adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NSLauncher] I:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [tsnpstd3] I:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PAC207_Monitor] I:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE

O4 - HKLM\..\Run: [update Scheduler] I:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK

O4 - HKLM\..\Run: [startup Scan] I:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /LOADRUN

O4 - HKLM\..\Run: [ResumeQuickupDownload] I:\PROGRA~1\QUICKH~1\QUICKH~1\acappaa.exe

O4 - HKLM\..\Run: [Quick Heal Monitor] I:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [storageGuard] "I:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Resume Quickup] I:\PROGRA~1\QUICKH~1\QUICKH~1\QuickUp.exe /resumei /silent /show

O4 - HKLM\..\Run: [On-Line Protection] I:\PROGRA~1\QUICKH~1\QUICKH~1\cateye.exe

O4 - HKLM\..\Run: [Messenger] I:\PROGRA~1\QUICKH~1\QUICKH~1\scanmsg.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [NokiaMServer] I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [NokiaMusic FastStart] "L:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [PhilipsDM\SA1916] I:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] I:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CanonMyPrinter] I:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] I:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [Yuntaa] L:\yntaa foto\YuntaaManager.exe

O4 - HKLM\..\RunOnce: [startup Scan] I:\PROGRA~1\QUICKH~1\QUICKH~1\Sensor.EXE /check

O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [swg] "I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\backup K Schijf applicaties\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "L:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe" -s

O4 - HKCU\..\Run: [AdobeUpdater6] "I:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = L:\limewire\LimeWire.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) -

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - I:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: gearsec - GEAR Software - I:\WINDOWS\system32\gearsec.exe

O23 - Service: Google Updateservice (gupdate1ca2d47d79bc69e) (gupdate1ca2d47d79bc69e) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - I:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod-service (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe

O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Quick Heal Antivirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE

O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe

O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - I:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: TomTomHOMEService - TomTom - L:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe

End of file - 14902 bytes

23 december 2009 aangepast door Ricardo
was niet compleet

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

16
14

Populaire dagen

Beste reacties in dit topic

Ricardo 16 berichten
kape 14 berichten

Populaire dagen

Grootmeester

kape

Geplaatst: 24 december 2009

- Delen

Geplaatst: 24 december 2009

Ziet er prima uit nu Maar zijn we hier nu ook de problemen mee kwijt ? Of wat loopt er (eventueel) nog mis ?

Link naar reactie

Delen op andere sites

Vaste Klant

Ricardo

Geplaatst: 24 december 2009

Auteur

- Delen

Geplaatst: 24 december 2009

Goede morgen,ja ik heb nu nog het probleem dat ik niet via internet explorer kan internetten.als ik op het icoontje klik dan opent hij wel en als ik dan naar jullie site wil dan geeft hij "Kan webpagina niet weergeven"

Link naar reactie

Delen op andere sites

Grootmeester

kape

Geplaatst: 24 december 2009

- Delen

Geplaatst: 24 december 2009

Daar kan die gigantische besmetting met RegTool (mogelijk) wel voor iets tussenzitten. Volgende stap dan :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie

Delen op andere sites

Vaste Klant

Ricardo

Geplaatst: 24 december 2009

Auteur

- Delen

Geplaatst: 24 december 2009

Ik kreeg mijn virus scanner niet zo snel uitgescakeld. Hier dan uiteindelijk het logje.

ComboFix 09-12-23.02 - Hill 24-12-2009 10:23:13.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1020 [GMT 1:00]

Gestart vanuit: M:\ComboFix.exe

AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}

FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

i:\docume~1\HILL~1.RIC\LOCALS~1\Temp\jna5061479913387247323.tmp

i:\documents and settings\All Users.WINDOWS\Bureaublad\AntiMalware.lnk

i:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\AntiMalware

i:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\AntiMalware\AntiMalware on the Web.lnk

i:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\AntiMalware\AntiMalware.lnk

i:\documents and settings\Hill.RICARDO\Local Settings\Application Data\lqmyic

i:\documents and settings\Hill.RICARDO\Local Settings\Application Data\lqmyic\hyqhsysguard.exe

i:\documents and settings\Hill.RICARDO\Local Settings\temp\jna5061479913387247323.tmp

i:\documents and settings\Hill.RICARDO\Menu Start\Programma's\Total Security

i:\documents and settings\Hill.RICARDO\Menu Start\Programma's\Total Security\Total Security 2009 Support.lnk

i:\program files\Downloaded Installers

i:\program files\Downloaded Installers\{555E23C8-FE55-479D-8E3E-FDDCCAA33413}\setup.msi

i:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe

i:\windows\Temp\72a4899.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-24 to 2009-12-24 ))))))))))))))))))))))))))))))

.

2009-12-22 09:29 . 2009-12-22 09:29 20480 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

2009-12-22 09:29 . 2009-12-22 09:29 18944 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

2009-12-22 09:29 . 2009-12-22 09:29 17408 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\auth.dll

2009-12-22 09:29 . 2009-12-22 09:29 8192 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

2009-12-22 09:29 . 2009-12-22 09:29 20480 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

2009-12-22 08:57 . 2009-12-22 08:57 2948 ----atw- i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool\wuasetup.exe

2009-12-22 00:44 . 2009-12-22 00:44 68096 --sha-r- i:\windows\system32\c_7758.dll

2009-12-18 21:57 . 2009-12-18 21:57 -------- d-----w- i:\program files\Safari

2009-12-17 19:32 . 2009-12-17 19:32 -------- d-----w- i:\program files\Microsoft Office Outlook Connector

2009-12-12 18:32 . 2009-12-12 18:32 152576 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-09 01:03 . 2009-12-09 01:03 152576 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-12-08 16:16 . 2009-12-22 08:57 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-24 09:50 . 2008-02-08 19:21 -------- d-----w- i:\program files\SPAMfighter

2009-12-24 09:49 . 2008-02-27 00:54 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire

2009-12-23 16:44 . 2008-02-26 02:32 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\Google Updater

2009-12-18 08:38 . 2006-04-10 12:00 545542 ----a-w- i:\windows\system32\perfh013.dat

2009-12-18 08:38 . 2006-04-10 12:00 104846 ----a-w- i:\windows\system32\perfc013.dat

2009-12-17 19:32 . 2009-08-16 21:40 -------- d-----w- i:\program files\Microsoft

2009-12-17 19:29 . 2008-05-26 14:25 -------- d-----w- i:\program files\Windows Live

2009-12-12 18:33 . 2008-02-27 00:53 -------- d-----w- i:\program files\Java

2009-12-12 18:32 . 2009-11-11 08:53 79488 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-02 11:49 . 2009-09-24 23:18 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\CanonIJPLM

2009-11-13 22:57 . 2008-07-21 15:37 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations

2009-11-13 22:57 . 2008-01-26 17:10 -------- d-----w- i:\program files\Common Files\Nokia

2009-11-13 22:57 . 2008-01-26 17:09 -------- d-----w- i:\program files\Nokia

2009-11-13 22:54 . 2009-11-13 22:54 36864 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe

2009-11-13 22:54 . 2009-11-13 22:54 3351812 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe

2009-11-13 22:54 . 2009-11-13 22:54 3203453 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe

2009-11-13 22:53 . 2009-11-13 22:56 24416992 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10NP.exe

2009-11-08 18:41 . 2009-11-01 19:06 -------- d-----w- i:\program files\Microsoft Silverlight

2009-11-05 08:52 . 2008-02-25 23:19 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\PC Suite

2009-10-26 07:39 . 2009-10-26 07:39 20299296 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\TomTom\HOME\Profiles\6u0uzufr.default\Updates\v2_7_2_1825_win.exe

2009-10-20 00:19 . 2009-10-20 00:19 52500 ---ha-w- i:\windows\system32\mlfcache.dat

2009-10-11 03:17 . 2009-02-01 13:22 411368 ----a-w- i:\windows\system32\deploytk.dll

2009-09-26 20:26 . 2009-07-13 14:26 351440 ----a-w- i:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat

2008-03-01 13:58 . 2008-03-01 13:58 25605664 ----a-w- i:\program files\qhntplus2008.exe

2008-02-26 01:34 . 2008-02-26 01:29 25212600 ----a-w- i:\program files\qhnteval quick Heal.exe

2008-02-07 19:23 . 2008-02-07 19:23 387968 ----a-w- i:\program files\spywarefighter.exe

2008-02-07 19:07 . 2008-02-07 23:45 1406096 ----a-w- i:\program files\spamfighter_web.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ActiveIconOverlay]

@="{4fc0fb80-b156-429d-b0f5-d0cde73a4cb9}"

[HKEY_CLASSES_ROOT\CLSID\{4fc0fb80-b156-429d-b0f5-d0cde73a4cb9}]

2008-07-25 09:16 282112 ----a-w- i:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\InActiveIconOverlay]

@="{5f52297c-4e40-4c80-a8aa-f4362da58f90}"

[HKEY_CLASSES_ROOT\CLSID\{5f52297c-4e40-4c80-a8aa-f4362da58f90}]

2008-07-25 09:16 282112 ----a-w- i:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="e:\program files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 536576]

"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-02 68856]

"SpybotSD TeaTimer"="e:\backup k schijf applicaties\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"TomTomHOME.exe"="l:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="i:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"GrooveMonitor"="i:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NeroFilterCheck"="i:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"NSLauncher"="i:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"tsnpstd3"="i:\windows\tsnpstd3.exe" [2006-08-21 114688]

"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"PAC207_Monitor"="i:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

"Email Protection"="i:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-01-23 267640]

"ResumeQuickupDownload"="i:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-01-23 95608]

"Quick Heal Monitor"="i:\progra~1\QUICKH~1\QUICKH~2\op_mon.exe" [2008-07-31 1941504]

"StorageGuard"="i:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]

"Resume Quickup"="i:\progra~1\QUICKH~1\QUICKH~1\QuickUp.exe" [2009-05-15 284024]

"Google Quick Search Box"="i:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-22 68592]

"NokiaMusic FastStart"="l:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]

"PhilipsDM\SA1916"="i:\program files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe" [2008-05-30 1503744]

"CanonMyPrinter"="i:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"CanonSolutionMenu"="i:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]

"SPAMfighter Agent"="i:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]

"Yuntaa"="l:\yntaa foto\YuntaaManager.exe" [2009-08-29 1331152]

"Messenger"="i:\progra~1\QUICKH~1\QUICKH~1\scanmsg.exe" [2009-01-23 111992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

i:\documents and settings\Hill.RICARDO\Menu Start\Programma's\Opstarten\

LimeWire On Startup.lnk - l:\limewire\LimeWire.exe [2009-9-30 503808]

OneNote 2007 Schermopname en Snel starten.lnk - i:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

i:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"i:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\backup G Schijf bestuuring\\Program Files\\LimeWire pro\\LimeWire.exe"=

"i:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

"l:\\limewire\\LimeWire.exe"=

"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"i:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"l:\\bestanden en set ups\\totalcmd\\TOTALCMD.EXE"=

"l:\\bestanden en set ups\\C3 adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"i:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"i:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;SandBox;i:\windows\system32\drivers\SandBox.sys [23-1-2009 20:27 673920]

R2 acssrv;Quick Heal Client Security Service;i:\progra~1\QUICKH~1\QUICKH~2\acs.exe [23-1-2009 20:27 1224704]

R2 catflt;catflt;i:\windows\system32\drivers\catflt.sys [23-1-2009 20:01 65144]

R2 EMLSS;EMLSS;i:\windows\system32\drivers\EMLTDI.SYS [23-1-2009 20:01 28656]

R2 fssfltr;FssFltr;i:\windows\system32\drivers\fssfltr_tdi.sys [16-8-2009 22:46 54752]

R2 gearsec;gearsec;i:\windows\system32\gearsec.exe [30-11-2005 11:43 58952]

R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;i:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [23-1-2009 20:01 50552]

R2 Quick Update Service;Quick Update Service;i:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [23-1-2009 20:01 58744]

R2 SPAMfighter Update Service;SPAMfighter Update Service;i:\program files\SPAMfighter\sfus.exe [27-8-2009 8:24 189064]

R2 TomTomHOMEService;TomTomHOMEService;l:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe [27-8-2009 16:05 92008]

R3 afw;Agnitum firewall driver;i:\windows\system32\drivers\afw.sys [23-1-2009 20:27 30864]

R3 afwcore;afwcore;i:\windows\system32\drivers\afwcore.sys [23-1-2009 20:28 234640]

R3 PAC207;Trust 100K Series Webcam;i:\windows\system32\drivers\PFC027.SYS [1-1-2009 1:57 618112]

R4 Online Protection System;Online Protection System;i:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [23-1-2009 20:01 17272]

S2 gupdate1ca2d47d79bc69e;Google Updateservice (gupdate1ca2d47d79bc69e);i:\program files\Google\Update\GoogleUpdate.exe [4-9-2009 11:09 133104]

S3 fsssvc;De service Windows Live Family Safety;i:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]

S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;i:\windows\system32\drivers\nmwcdnsu.sys [22-6-2009 8:01 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;i:\windows\system32\drivers\nmwcdnsuc.sys [22-6-2009 8:01 8320]

S3 SpyFighter;SpyFighter Guard Device;i:\program files\SPYWAREfighter\spyfighter.sys [21-2-2008 14:38 8336]

S3 SPYWAREfighterRP;SPYWAREfighterRP;i:\program files\SPYWAREfighter\spfprc.exe [21-2-2008 14:37 406160]

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = about:blank

mStart Page = hxxp://www.tropal.net/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(968)

i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3616)

i:\program files\Bonjour\mdnsNSP.dll

l:\yntaa foto\ShellExtensions.dll

l:\yntaa foto\LogicNP.EZShellExtensions20.dll

i:\windows\system32\msjetoledb40.dll

i:\windows\system32\msjet40.dll

i:\windows\system32\mswstr10.dll

i:\windows\system32\msjter40.dll

i:\windows\system32\MSJINT40.DLL

i:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

i:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

i:\windows\system32\msjtes40.dll

i:\windows\system32\VBAJET32.DLL

i:\windows\system32\expsrv.dll

i:\program files\Google\Quick Search Box\bin\1.2.1151.235\qsb.dll

i:\windows\system32\WPDShServiceObj.dll

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\NGSCM.DLL

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

i:\windows\system32\PortableDeviceTypes.dll

i:\windows\system32\PortableDeviceApi.dll

e:\program files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

i:\windows\system32\Ati2evxx.exe

i:\windows\system32\Ati2evxx.exe

i:\windows\system32\rundll32.exe

i:\program files\Bonjour\mDNSResponder.exe

i:\windows\eHome\ehRecvr.exe

i:\windows\eHome\ehSched.exe

i:\program files\Canon\IJPLM\IJPLMSVC.EXE

i:\program files\Java\jre6\bin\jqs.exe

i:\program files\Common Files\LightScribe\LSSrvc.exe

i:\program files\Cyberlink\Shared Files\RichVideo.exe

i:\progra~1\QUICKH~1\QUICKH~1\scanwscs.exe

i:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

i:\windows\ehome\mcrdsvc.exe

i:\windows\system32\SearchIndexer.exe

i:\windows\system32\dllhost.exe

i:\windows\system32\wscntfy.exe

i:\windows\eHome\ehmsas.exe

i:\windows\RTHDCPL.EXE

i:\progra~1\QUICKH~1\QUICKH~1\OnlineNT.EXE

i:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

i:\program files\PC Connectivity Solution\ServiceLayer.exe

i:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

i:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

i:\windows\system32\msiexec.exe

i:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2009-12-24 10:54:29 - machine werd herstart

ComboFix-quarantined-files.txt 2009-12-24 09:54

Pre-Run: 1.474.756.608 bytes beschikbaar

Post-Run: 1.613.545.472 bytes beschikbaar

- - End Of File - - 7F5DE88468C195D75522C2B97976CDD1

Link naar reactie

Delen op andere sites

Grootmeester

kape

Geplaatst: 24 december 2009

- Delen

Geplaatst: 24 december 2009

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool\wuasetup.exe

i:\windows\system32\c_7758.dll

Folder::

i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie

Delen op andere sites

Vaste Klant

Ricardo

Geplaatst: 24 december 2009

Auteur

- Delen

Geplaatst: 24 december 2009

Hier het gevraagde.

ComboFix 09-12-23.04 - Hill 24-12-2009 12:59:29.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1148 [GMT 1:00]

Gestart vanuit: M:\ComboFix.exe

gebruikte Opdracht switches :: M:\CFScript.txt.doc

AV: Quick Heal 10.00 *On-access scanning disabled* (Outdated) {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}

FW: Quick Heal Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

i:\docume~1\HILL~1.RIC\LOCALS~1\Temp\jna7465378186844491336.tmp

i:\documents and settings\Hill.RICARDO\Local Settings\temp\jna7465378186844491336.tmp

.

---- Voorgaande Run -------

.

i:\docume~1\HILL~1.RIC\LOCALS~1\Temp\jna1096518056800538264.tmp

i:\documents and settings\Hill.RICARDO\Local Settings\temp\jna1096518056800538264.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-24 to 2009-12-24 ))))))))))))))))))))))))))))))

.

2009-12-22 00:44 . 2009-12-22 00:44 68096 --sha-r- i:\windows\system32\c_7758.dll

2009-12-18 21:57 . 2009-12-18 21:57 -------- d-----w- i:\program files\Safari

2009-12-17 19:32 . 2009-12-17 19:32 -------- d-----w- i:\program files\Microsoft Office Outlook Connector

2009-12-08 16:16 . 2009-12-22 08:57 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-24 12:14 . 2008-02-27 00:54 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire

2009-12-24 12:10 . 2008-02-08 19:21 -------- d-----w- i:\program files\SPAMfighter

2009-12-23 16:44 . 2008-02-26 02:32 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\Google Updater

2009-12-22 09:29 . 2009-12-22 09:29 20480 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

2009-12-22 09:29 . 2009-12-22 09:29 18944 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

2009-12-22 09:29 . 2009-12-22 09:29 17408 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\components\auth.dll

2009-12-22 09:29 . 2009-12-22 09:29 8192 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

2009-12-22 09:29 . 2009-12-22 09:29 20480 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

2009-12-22 08:57 . 2009-12-22 08:57 2948 ----atw- i:\documents and settings\Hill.RICARDO\Application Data\Reg Tool\wuasetup.exe

2009-12-18 08:38 . 2006-04-10 12:00 545542 ----a-w- i:\windows\system32\perfh013.dat

2009-12-18 08:38 . 2006-04-10 12:00 104846 ----a-w- i:\windows\system32\perfc013.dat

2009-12-17 19:32 . 2009-08-16 21:40 -------- d-----w- i:\program files\Microsoft

2009-12-17 19:29 . 2008-05-26 14:25 -------- d-----w- i:\program files\Windows Live

2009-12-12 18:33 . 2008-02-27 00:53 -------- d-----w- i:\program files\Java

2009-12-12 18:32 . 2009-12-12 18:32 152576 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-12 18:32 . 2009-11-11 08:53 79488 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-12-09 01:03 . 2009-12-09 01:03 152576 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

2009-12-02 11:49 . 2009-09-24 23:18 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\CanonIJPLM

2009-11-13 22:57 . 2008-07-21 15:37 -------- d-----w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations

2009-11-13 22:57 . 2008-01-26 17:10 -------- d-----w- i:\program files\Common Files\Nokia

2009-11-13 22:57 . 2008-01-26 17:09 -------- d-----w- i:\program files\Nokia

2009-11-13 22:54 . 2009-11-13 22:54 36864 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe

2009-11-13 22:54 . 2009-11-13 22:54 3351812 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe

2009-11-13 22:54 . 2009-11-13 22:54 3203453 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe

2009-11-13 22:53 . 2009-11-13 22:56 24416992 ----a-w- i:\documents and settings\All Users.WINDOWS\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10NP.exe

2009-11-08 18:41 . 2009-11-01 19:06 -------- d-----w- i:\program files\Microsoft Silverlight

2009-11-05 08:52 . 2008-02-25 23:19 -------- d-----w- i:\documents and settings\Hill.RICARDO\Application Data\PC Suite

2009-10-26 07:39 . 2009-10-26 07:39 20299296 ----a-w- i:\documents and settings\Hill.RICARDO\Application Data\TomTom\HOME\Profiles\6u0uzufr.default\Updates\v2_7_2_1825_win.exe

2009-10-20 00:19 . 2009-10-20 00:19 52500 ---ha-w- i:\windows\system32\mlfcache.dat

2009-10-11 03:17 . 2009-02-01 13:22 411368 ----a-w- i:\windows\system32\deploytk.dll

2009-09-26 20:26 . 2009-07-13 14:26 351440 ----a-w- i:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat

2008-03-01 13:58 . 2008-03-01 13:58 25605664 ----a-w- i:\program files\qhntplus2008.exe

2008-02-26 01:34 . 2008-02-26 01:29 25212600 ----a-w- i:\program files\qhnteval quick Heal.exe

2008-02-07 19:23 . 2008-02-07 19:23 387968 ----a-w- i:\program files\spywarefighter.exe

2008-02-07 19:07 . 2008-02-07 23:45 1406096 ----a-w- i:\program files\spamfighter_web.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ActiveIconOverlay]

@="{4fc0fb80-b156-429d-b0f5-d0cde73a4cb9}"

[HKEY_CLASSES_ROOT\CLSID\{4fc0fb80-b156-429d-b0f5-d0cde73a4cb9}]

2008-07-25 09:16 282112 ----a-w- i:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\InActiveIconOverlay]

@="{5f52297c-4e40-4c80-a8aa-f4362da58f90}"

[HKEY_CLASSES_ROOT\CLSID\{5f52297c-4e40-4c80-a8aa-f4362da58f90}]

2008-07-25 09:16 282112 ----a-w- i:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="e:\program files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 536576]

"swg"="i:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-02 68856]

"SpybotSD TeaTimer"="e:\backup k schijf applicaties\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"TomTomHOME.exe"="l:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

"AdobeUpdater6"="i:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="i:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"ehTray"="i:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"GrooveMonitor"="i:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NeroFilterCheck"="i:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"NSLauncher"="i:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 2658304]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"tsnpstd3"="i:\windows\tsnpstd3.exe" [2006-08-21 114688]

"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"PAC207_Monitor"="i:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

"Email Protection"="i:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2009-01-23 267640]

"ResumeQuickupDownload"="i:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe" [2009-01-23 95608]

"Quick Heal Monitor"="i:\progra~1\QUICKH~1\QUICKH~2\op_mon.exe" [2008-07-31 1941504]

"StorageGuard"="i:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]

"Resume Quickup"="i:\progra~1\QUICKH~1\QUICKH~1\QuickUp.exe" [2009-05-15 284024]

"Google Quick Search Box"="i:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-22 68592]

"NokiaMusic FastStart"="l:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]

"PhilipsDM\SA1916"="i:\program files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe" [2008-05-30 1503744]

"CanonMyPrinter"="i:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]

"CanonSolutionMenu"="i:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]

"SPAMfighter Agent"="i:\program files\SPAMfighter\SFAgent.exe" [2009-08-27 336520]

"Yuntaa"="l:\yntaa foto\YuntaaManager.exe" [2009-08-29 1331152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

i:\documents and settings\Hill.RICARDO\Menu Start\Programma's\Opstarten\

LimeWire On Startup.lnk - l:\limewire\LimeWire.exe [2009-9-30 503808]

OneNote 2007 Schermopname en Snel starten.lnk - i:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

i:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoNetSetup"= 0 (0x0)

"NoNetSetupIDPage"= 0 (0x0)

"NoNetSetupSecurityPage"= 0 (0x0)

"NoWorkgroupContents"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"NoFileSharingControl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

"RestrictRun"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"i:\\Program Files\\Messenger\\msmsgs.exe"=

"e:\\backup G Schijf bestuuring\\Program Files\\LimeWire pro\\LimeWire.exe"=

"i:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"i:\\Program Files\\Skype\\Phone\\Skype.exe"=

"l:\\limewire\\LimeWire.exe"=

"i:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"i:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"l:\\bestanden en set ups\\totalcmd\\TOTALCMD.EXE"=

"l:\\bestanden en set ups\\C3 adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"i:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"i:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"i:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 SandBox;SandBox;i:\windows\system32\drivers\SandBox.sys [23-1-2009 20:27 673920]

R2 acssrv;Quick Heal Client Security Service;i:\progra~1\QUICKH~1\QUICKH~2\acs.exe [23-1-2009 20:27 1224704]

R2 catflt;catflt;i:\windows\system32\drivers\catflt.sys [23-1-2009 20:01 65144]

R2 EMLSS;EMLSS;i:\windows\system32\drivers\EMLTDI.SYS [23-1-2009 20:01 28656]

R2 fssfltr;FssFltr;i:\windows\system32\drivers\fssfltr_tdi.sys [16-8-2009 22:46 54752]

R2 gearsec;gearsec;i:\windows\system32\gearsec.exe [30-11-2005 11:43 58952]

R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;i:\progra~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE [23-1-2009 20:01 50552]

R2 Quick Update Service;Quick Update Service;i:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [23-1-2009 20:01 58744]

R2 SPAMfighter Update Service;SPAMfighter Update Service;i:\program files\SPAMfighter\sfus.exe [27-8-2009 8:24 189064]

R2 TomTomHOMEService;TomTomHOMEService;l:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe [27-8-2009 16:05 92008]

R3 afw;Agnitum firewall driver;i:\windows\system32\drivers\afw.sys [23-1-2009 20:27 30864]

R3 afwcore;afwcore;i:\windows\system32\drivers\afwcore.sys [23-1-2009 20:28 234640]

R3 PAC207;Trust 100K Series Webcam;i:\windows\system32\drivers\PFC027.SYS [1-1-2009 1:57 618112]

S2 gupdate1ca2d47d79bc69e;Google Updateservice (gupdate1ca2d47d79bc69e);i:\program files\Google\Update\GoogleUpdate.exe [4-9-2009 11:09 133104]

S3 fsssvc;De service Windows Live Family Safety;i:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]

S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;i:\windows\system32\drivers\nmwcdnsu.sys [22-6-2009 8:01 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;i:\windows\system32\drivers\nmwcdnsuc.sys [22-6-2009 8:01 8320]

S3 SpyFighter;SpyFighter Guard Device;i:\program files\SPYWAREfighter\spyfighter.sys [21-2-2008 14:38 8336]

S3 SPYWAREfighterRP;SPYWAREfighterRP;i:\program files\SPYWAREfighter\spfprc.exe [21-2-2008 14:37 406160]

S4 Online Protection System;Online Protection System;i:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [23-1-2009 20:01 17272]

.

------- Bijkomende Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = about:blank

mStart Page = hxxp://www.tropal.net/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - l:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Google Sidewiki... - i:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-24 13:07

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\mozilla-profile\Cache\4C9319BBd01

i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\mozilla-profile\Cache\7BCC79A5d01

i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\mozilla-profile\Cache\D086324Cd01 68743 bytes

i:\documents and settings\Hill.RICARDO\Application Data\LimeWire\promotion\promodb.data 1048576 bytes

Scan succesvol afgerond

verborgen bestanden: 4

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(968)

i:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3460)

l:\yntaa foto\ShellExtensions.dll

l:\yntaa foto\LogicNP.EZShellExtensions20.dll

i:\program files\Google\Quick Search Box\bin\1.2.1151.235\qsb.dll

i:\windows\system32\msjetoledb40.dll

i:\windows\system32\msjet40.dll

i:\windows\system32\mswstr10.dll

i:\windows\system32\msjter40.dll

i:\windows\system32\MSJINT40.DLL

i:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4267bd908175603006c6c90bb5d900c7\System.EnterpriseServices.Wrapper.dll

i:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

i:\windows\system32\msjtes40.dll

i:\windows\system32\VBAJET32.DLL

i:\windows\system32\expsrv.dll

e:\program files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll

i:\windows\system32\WPDShServiceObj.dll

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\NGSCM.DLL

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

l:\bestanden en set ups\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

i:\windows\system32\PortableDeviceTypes.dll

i:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

i:\windows\system32\Ati2evxx.exe

i:\windows\system32\Ati2evxx.exe

i:\windows\system32\rundll32.exe

i:\program files\Bonjour\mDNSResponder.exe

i:\windows\eHome\ehRecvr.exe

i:\windows\eHome\ehSched.exe

i:\program files\Canon\IJPLM\IJPLMSVC.EXE

i:\program files\Java\jre6\bin\jqs.exe

i:\program files\Common Files\LightScribe\LSSrvc.exe

i:\program files\Cyberlink\Shared Files\RichVideo.exe

i:\progra~1\QUICKH~1\QUICKH~1\scanwscs.exe

i:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

i:\windows\ehome\mcrdsvc.exe

i:\windows\system32\SearchIndexer.exe

i:\windows\system32\wscntfy.exe

i:\windows\system32\dllhost.exe

i:\windows\RTHDCPL.EXE

i:\windows\eHome\ehmsas.exe

i:\program files\PC Connectivity Solution\ServiceLayer.exe

i:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

i:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

i:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

i:\program files\iPod\bin\iPodService.exe

i:\windows\system32\msiexec.exe

.

**************************************************************************

.

Voltooingstijd: 2009-12-24 13:17:47 - machine werd herstart

ComboFix-quarantined-files.txt 2009-12-24 12:17

ComboFix2.txt 2009-12-24 09:54

Pre-Run: 1.335.074.816 bytes beschikbaar

Post-Run: 1.496.690.688 bytes beschikbaar

- - End Of File - - F9CF3B9E5DD5BF0FEE345ADDDDB6C8A6

=============================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:25, on 24-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

I:\WINDOWS\System32\smss.exe

I:\WINDOWS\system32\winlogon.exe

I:\WINDOWS\system32\services.exe

I:\WINDOWS\system32\lsass.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\System32\svchost.exe

I:\WINDOWS\system32\svchost.exe

I:\WINDOWS\system32\Ati2evxx.exe

I:\WINDOWS\system32\spoolsv.exe

I:\WINDOWS\system32\rundll32.exe

L:\yntaa foto\YuntaaManager.exe

I:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe

I:\Program Files\Bonjour\mDNSResponder.exe

I:\WINDOWS\eHome\ehRecvr.exe

I:\WINDOWS\eHome\ehSched.exe

I:\WINDOWS\system32\gearsec.exe

I:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

I:\Program Files\Java\jre6\bin\jqs.exe

I:\Program Files\Common Files\LightScribe\LSSrvc.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE

I:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe

I:\Program Files\Cyberlink\Shared Files\RichVideo.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe

I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

I:\Program Files\SPAMfighter\sfus.exe

I:\WINDOWS\system32\svchost.exe

L:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe

I:\WINDOWS\system32\SearchIndexer.exe

I:\WINDOWS\system32\wscntfy.exe

I:\WINDOWS\system32\dllhost.exe

I:\WINDOWS\ehome\ehtray.exe

I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

I:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

I:\WINDOWS\RTHDCPL.EXE

I:\WINDOWS\tsnpstd3.exe

I:\Program Files\iTunes\iTunesHelper.exe

I:\WINDOWS\eHome\ehmsas.exe

I:\WINDOWS\PixArt\PAC207\Monitor.exe

I:\Program Files\PC Connectivity Solution\ServiceLayer.exe

I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE

I:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

I:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe

I:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

I:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe

I:\Program Files\iPod\bin\iPodService.exe

I:\Program Files\Canon\MyPrinter\BJMyPrt.exe

I:\Program Files\SPAMfighter\SFAgent.exe

E:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe

I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

L:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe

I:\Program Files\Windows Desktop Search\WindowsSearch.exe

L:\limewire\LimeWire.exe

I:\WINDOWS\system32\msiexec.exe

I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

I:\WINDOWS\explorer.exe

I:\WINDOWS\system32\SearchProtocolHost.exe

I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Tropal.net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\bestanden en set ups\C3 adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - E:\backup G Schijf bestuuring\Program Files\jZip\WebmailPlugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\bestanden en set ups\C3 adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NSLauncher] I:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [tsnpstd3] I:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PAC207_Monitor] I:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE

O4 - HKLM\..\Run: [ResumeQuickupDownload] I:\PROGRA~1\QUICKH~1\QUICKH~1\acappaa.exe

O4 - HKLM\..\Run: [Quick Heal Monitor] I:\PROGRA~1\QUICKH~1\QUICKH~2\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [storageGuard] "I:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Resume Quickup] I:\PROGRA~1\QUICKH~1\QUICKH~1\QuickUp.exe /resumei /silent /show

O4 - HKLM\..\Run: [Google Quick Search Box] "I:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [NokiaMServer] I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [NokiaMusic FastStart] "L:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [PhilipsDM\SA1916] I:\Program Files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] I:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CanonMyPrinter] I:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] I:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [Yuntaa] L:\yntaa foto\YuntaaManager.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"

O4 - HKCU\..\Run: [swg] "I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\backup K Schijf applicaties\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "L:\tomtom back up\TomTom HOME 2\TomTomHOMERunner.exe" -s

O4 - HKCU\..\Run: [AdobeUpdater6] "I:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = L:\limewire\LimeWire.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://L:\bestanden en set ups\C3 adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Google Sidewiki... - res://I:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\BA5FEC~1\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {63D6DD13-C913-466D-9444-9357561E4D94} (Upload-applicatie Control) - http://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.8.3/uploadtoepassing.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Quick Heal Client Security Service (acssrv) - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~2\acs.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - I:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: gearsec - GEAR Software - I:\WINDOWS\system32\gearsec.exe

O23 - Service: Google Updateservice (gupdate1ca2d47d79bc69e) (gupdate1ca2d47d79bc69e) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - I:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod-service (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Quick Heal Antivirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE

O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files\Cyberlink\Shared Files\RichVideo.exe

O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - I:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe

O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - I:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: TomTomHOMEService - TomTom - L:\tomtom back up\TomTom HOME 2\TomTomHOMEService.exe

End of file - 14178 bytes

Link naar reactie

Delen op andere sites

Vaste Klant

Ricardo

Geplaatst: 25 december 2009

Auteur

- Delen

Geplaatst: 25 december 2009

goede morgen, een onverwachts kerstcadeau... in afwachting van je reactie op het vorige bericht dacht ik " laat ik eens proberen of ik verbinding kan maken " en zowaar mail ik nu van mijn vaste pc. Dus dat is ook verholpen, ik heb al een paar maal afgesloten en opgestart en dat gaat goed.

Ik weet niet of je nog verdachte dingen zie in mijn logjes.

Ik hoor graag van je. Tot zover bedankt voor je hulp en een pretitige kerst.

groet ,

Ricardo

Link naar reactie

Delen op andere sites

Grootmeester

kape

Geplaatst: 25 december 2009

- Delen

Geplaatst: 25 december 2009

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten. En een controlecheck.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Qoobox (indien nog aanwezig).

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Download Security Check en sla dit op je bureaublad op.

Start Security Check

Volg de instructies op het scherm.

Aan het eind verschijnt een log (checkup.txt). Plaats de inhoud ervan in je volgende antwoord. Sluit kladblok.

Link naar reactie

Delen op andere sites

Vaste Klant

Ricardo

Geplaatst: 25 december 2009

Auteur

- Delen

Geplaatst: 25 december 2009

Ik ben met dit gedeelte bezig: " Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeftInstalleer het en start CCleaner op. " ik krijg nu maar steeds een item te zien ivp een hele reeks om schoon te maken. Het kan nog wel even duren denk ik .

Link naar reactie

Delen op andere sites

Gast

Dit topic is nu gesloten voor nieuwe reacties.

Delen

Ga naar topic overzicht

Welkom op PC Helpforum
- 0
  
  Vriendelijk verzoek: whitelist www.pc-helpforum.be in je adblocker.
  
  Sarah · 4 september 2017
- 0
  
  Hoe vind ik mijn geplaatste berichten terug?
  
  Sarah · 9 december 2014
- 1
  
  Hoe stel ik mijn vraag ?
  
  Sarah · 29 mei 2014
- 0
  
  Hoe post ik een antwoord?
  
  Sarah · 31 mei 2014
Leden statistieken
- Aantal leden
  
  40.706
- Meeste online
  
  1.765
  15 januari 2020
Nieuwste lid
Philippe
Registratiedatum zondag om 11:57

×

×

Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.