Windows live problemen

[Gwobbel]

Sinds ongeveer een jaar heb ik problemen met mijn windows live messenger. Met de vorige versies had ik het probleem dat ik de dingen die gezegd werden niet doorkreeg. Nu heb ik sinds een paar maanden de nieuwste versie van windows live, en het eerste probleem heb ik nu niet meer, maar nu word ik om de zoveel tijd afgemeld zonder dat ik contact met internet verlies.

Ik heb het al een paar keer helemaal van mijn computer afgegooid en opnieuw geïnstalleerd, maar dat hielp niks. Volgens onze internetprovider ligt het probleem ook niet bij hun, maar toen ze een avond alles gereset hadden bij hun, had ik nergens last van.

Ligt dit aan windows live, of heeft het toch iets met mijn internet(provider) te maken?

Een paar keer op een avond valt mee te leven, maar elke halve minuut is nogal frustrerend...

[stegisoft]

We zullen eerst eens kijken of er geen andere oorzaak is.

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “uitvoeren als administrator". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis

[Gwobbel]

Ik heb Hijackthis nu geinstalleerd, maar als het laat scannen en een logfile laat opslaan, loop ik tegen 2 problemen aan.

Eerst word er gezegd dat er iets mis is met mijn hosts file

Nu had ik ergens op een andere site gelezen dat dit niks uitmaakt en gewoon door moest gaan met de scan.

Als ik dat doe krijg ik deze fout

Als ik op ja klik, krijg ik alleen een leeg kladblok-scherm en er word ook geen bestand bijgemaakt in het mapje waar het zou moeten.

25 januari 2011 aangepast door Gwobbel

[stegisoft]

Ga naar c:\programma Files\TrendMicro\HiJackThis

Kopieert HuJackThis.exe naar een usbstick en start vandaar uit.

[Gwobbel]

Zo werkt het wel. Nu krijg ik dit in het kladblok:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:12:32, on 25-1-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\Gebruiker\Program Files\DNA\btdna.exe

C:\Users\Gebruiker\Bluebirds\BlueBirds.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Users\Gebruiker\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

N:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Maxiwe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Maxiwe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Gebruiker\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [bluebirds] C:\Users\Gebruiker\Bluebirds\BlueBirds.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 10003 bytes

[stegisoft]

Ik zal onze expert vragen om naar uw log te kijken. Even geduld tot hij online is.

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete npggsvc

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKCU\..\Run: [bluebirds] C:\Users\Gebruiker\Bluebirds\BlueBirds.exe

O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[Gwobbel]

De log van Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:15:48, on 25-1-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\Gebruiker\Program Files\DNA\btdna.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Users\Gebruiker\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

N:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Maxiwe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Maxiwe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Woofi

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Woofi

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll

O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Gebruiker\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--

End of file - 9800 bytes

En de log van MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100

Malwarebytes

Databaseversie: 5595

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

25-1-2011 16:04:03

mbam-log-2011-01-25 (16-04-03).txt

Scantype: Snelle scan

Objecten gescand: 147205

Verstreken tijd: 5 minuut/minuten, 53 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 2

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 5

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\Users\gebruiker\AppData\Roaming\02000000aaec0fcc665c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\gebruiker\AppData\Roaming\02000000aaec0fcc665o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\gebruiker\AppData\Roaming\02000000aaec0fcc665p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\gebruiker\AppData\Roaming\02000000aaec0fcc665s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\gebruiker\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

[kape]

Niet alle items zijn verwijderd via HijackThis. Maar laten we eerst even een andere stap zetten :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Gwobbel]

ComboFix 11-01-24.02 - Gebruiker 25-01-2011 17:45:33.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3071.1774 [GMT 1:00]

Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\AutocompletePro

c:\program files\AutocompletePro\AutocompletePro.dll

c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx

c:\program files\AutocompletePro\FireFoxExtension.exe

c:\program files\AutocompletePro\InstTracker.exe

c:\program files\AutocompletePro\support@predictad.com\chrome.manifest

c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js

c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul

c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js

c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js

c:\program files\AutocompletePro\support@predictad.com\install.rdf

c:\program files\AutocompletePro\unins000.dat

c:\program files\AutocompletePro\unins000.exe

c:\users\Gebruiker\AppData\Roaming\inst.exe

c:\users\Gebruiker\AppData\Roaming\Local

c:\users\Gebruiker\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Gebruiker\AppData\Roaming\Local\Temp\DDM\Settings\amkonobvefcw.avi.ddr

c:\users\Gebruiker\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Gebruiker\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\amkonobvefcw.avi.ddp

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Recent\Fusion.url

c:\windows\system32\SuOmqvM.vbs

c:\windows\system32\vZBgZsL.vbs

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-25 to 2011-01-25 ))))))))))))))))))))))))))))))

.

2072-04-03 11:13 . 2008-03-21 12:46 607296 ----a-w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll

2071-07-25 07:13 . 2006-11-21 18:48 203576 ----a-w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-01-25 16:50 . 2011-01-25 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-25 16:25 . 2011-01-25 16:25 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF8FC45D-E6A4-42FC-A5B1-35BE98E985DA}\MpKsl3161ebae.sys

2011-01-25 16:15 . 2011-01-25 16:15 -------- d-----w- c:\users\Gebruiker\AppData\Local\Bump Technologies, Inc

2011-01-25 16:15 . 2011-01-25 16:15 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Bump Technologies, Inc

2011-01-25 14:56 . 2011-01-25 14:56 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes

2011-01-25 14:56 . 2011-01-25 14:56 -------- d-----w- c:\programdata\Malwarebytes

2011-01-25 14:56 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-25 14:56 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-25 14:56 . 2011-01-25 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-25 09:14 . 2011-01-25 09:14 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-25 09:14 . 2011-01-25 09:14 -------- d-----w- c:\program files\Trend Micro

2011-01-24 19:17 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF8FC45D-E6A4-42FC-A5B1-35BE98E985DA}\mpengine.dll

2011-01-23 12:19 . 2011-01-23 12:19 -------- d-----w- c:\program files\Common Files\Java

2011-01-23 12:18 . 2011-01-23 12:18 -------- d-----w- c:\program files\Java

2011-01-21 14:59 . 2011-01-21 14:59 -------- d-----w- c:\programdata\vsosdk

2011-01-18 13:20 . 2011-01-18 13:20 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-01-18 13:15 . 2011-01-18 16:25 -------- d-----w- c:\programdata\Norton

2011-01-18 13:15 . 2011-01-18 16:25 -------- d-----w- c:\programdata\Symantec

2011-01-18 12:05 . 2009-09-02 11:44 65602 ----a-w- c:\windows\system32\cook3260.dll

2011-01-18 12:05 . 2009-09-02 11:44 626688 ----a-w- c:\windows\system32\vp7vfw.dll

2011-01-18 12:05 . 2009-09-02 11:44 217127 ----a-w- c:\windows\system32\drv43260.dll

2011-01-18 12:05 . 2009-09-02 11:44 208935 ----a-w- c:\windows\system32\drv33260.dll

2011-01-18 12:05 . 2009-09-02 11:44 176165 ----a-w- c:\windows\system32\drv23260.dll

2011-01-18 12:05 . 2009-09-02 11:44 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll

2011-01-18 12:05 . 2009-09-02 11:44 102439 ----a-w- c:\windows\system32\sipr3260.dll

2011-01-18 12:05 . 2011-01-18 12:05 -------- d-----w- c:\program files\VSO

2011-01-18 12:01 . 2011-01-18 12:01 47360 ----a-w- c:\users\Gebruiker\AppData\Roaming\pcouffin.sys

2011-01-18 11:48 . 2011-01-21 15:10 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Vso

2011-01-13 23:27 . 2011-01-13 23:27 -------- d-----w- c:\program files\Real Alternative

2011-01-13 23:27 . 2011-01-13 23:27 -------- d-----w- c:\users\Gebruiker\AppData\Local\Real

2011-01-13 23:26 . 2011-01-13 23:26 -------- d-----w- c:\program files\AviSynth 2.5

2011-01-13 20:52 . 2011-01-13 20:52 -------- d-----w- c:\users\Gebruiker\Tracing

2011-01-12 14:47 . 2011-01-12 14:47 -------- d-----w- c:\program files\TeamViewer

2011-01-06 13:55 . 2011-01-06 13:55 -------- d-----w- c:\program files\Recuva

2011-01-06 13:54 . 2011-01-06 13:54 -------- d-----w- c:\program files\Speccy

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-23 12:18 . 2010-05-13 08:42 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-13 09:41 . 2010-05-13 08:46 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-12-31 12:36 . 2009-09-01 14:33 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-12-31 12:36 . 2009-09-01 14:33 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-12-31 12:36 . 2009-09-01 14:33 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-11-04 05:52 . 2010-12-15 17:45 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48 . 2010-12-15 17:45 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41 . 2010-12-15 17:45 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08 . 2010-12-15 17:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41 . 2010-12-15 17:45 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40 . 2010-12-15 17:45 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40 . 2010-12-15 17:45 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39 . 2010-12-15 17:45 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34 . 2010-12-15 17:45 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34 . 2010-12-15 17:45 179712 ----a-w- c:\windows\system32\schtasks.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent DNA"="c:\users\Gebruiker\Program Files\DNA\btdna.exe" [2009-11-13 323392]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"Google Update"="c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-23 135664]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-07 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-14 1409024]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-07 2176512]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 136176]

R3 GarenaPEngine;GarenaPEngine;c:\users\GEBRUI~1\AppData\Local\Temp\RND1351.tmp [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-04 3433232]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 691696]

S1 MpKsl3161ebae;MpKsl3161ebae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF8FC45D-E6A4-42FC-A5B1-35BE98E985DA}\MpKsl3161ebae.sys [2011-01-25 28752]

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-05-07 142592]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - MPKSL3161EBAE

*Deregistered* - AvgTdiX

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Inhoud van de 'Gedeelde Taken' map

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 21:25]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-03 21:25]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173555573-1665430741-2694141589-1000Core.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 13:16]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1173555573-1665430741-2694141589-1000UA.job

- c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 13:16]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://nl.woofi.info

mStart Page = hxxp://nl.woofi.info

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]

"ImagePath"="\??\c:\users\GEBRUI~1\AppData\Local\Temp\RND1351.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1173555573-1665430741-2694141589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e0,3c,a3,a3,37,04,7f,c3,a4,27,86,e9,a9,34,2b,5a,1e,47,24,2e,a6,d4,b0,

60,4c,5e,8b,d9,9d,53,b0,24,87,7a,00,5c,50,fa,de,0c,ef,e1,4a,c5,44,c3,25,1a,\

"??"=hex:49,aa,db,00,55,36,67,07,7e,47,ce,44,b3,23,0c,4e

[HKEY_USERS\S-1-5-21-1173555573-1665430741-2694141589-1000\Software\SecuROM\License information*]

"datasecu"=hex:79,92,53,f9,5c,76,65,0d,34,d8,d7,10,fa,0a,29,84,d2,61,d0,a9,2d,

69,4b,82,c6,8c,45,80,e7,2f,1b,26,e0,c7,e1,8f,b9,40,6f,7e,2f,b8,b1,81,0f,ef,\

"rkeysecu"=hex:c4,fe,e3,ea,61,47,e2,9e,72,c6,8b,6b,f2,da,d4,43

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-01-25 17:51:37

ComboFix-quarantined-files.txt 2011-01-25 16:51

Pre-Run: 4.160.397.312 bytes beschikbaar

Post-Run: 4.196.245.504 bytes beschikbaar

- - End Of File - - 90423246F02EE950178BDD02303C1288