Ga naar inhoud

Generic Host Process for Win32 Services


Aanbevolen berichten

Goedemiddag,

Ik heb een probleem met de PC.

Elke keer als ik deze opstart krijg ik een bericht met de volgende tekst Preventie van gegevens uitvoering (DEP) Microsoft Windows.

Om uw computer beter te beveiligen, heeft Windows dit programma afgesloten:

Generic Host Process for Win32 Services..

Dit bericht probeer ik dan af te sluiten en dan krijg ik het bericht Vertel Microsoft over dit probleem etc. rapport verzenden Niet verzenden. De keuze die ik maak maakt geen verschil. Elke keer komt het bericht weer terug met het hierboven reeds genoemde Preventie van gegevens uitvoering (DEP) Microsoft Windows.

Om uw computer beter te beveiligen, heeft Windows dit programma afgesloten:

Generic Host Process for Win32 Services..

Kan iemand mij alsjeblieft helpen met wat ik moet doen om hier van af komen? Want mijn PC heeft nu ook al andere kuren zoals bij de Rabobanksite inloggen zit er nu ook niet meer bij.

Ik heb Hijack ook een rapport laten maken en deze bijgevoegd:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:56, on 2-5-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\KPN Back-up Online\BackupSC.exe

d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\KPN Back-up Online\BackupFP.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Vtune\TBPanel.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISDD1865F0AD7340FBB23E1822E02396FF_9_09_0203.MST" WISE_SETUP_EXE_PATH="i:\win2kxp\PhysX_9.09.0203_SystemSoftware.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252011835718

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: bw+0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: offline-8876480 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KPN Back-up Online SC - KPN - C:\Program Files\KPN Back-up Online\BackupSC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 27772 bytes

Dank je wel alvast,

Shirley

aangepast door harekas
hijack
Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

ALLE O18-lijnen met deze structuur : O18 - Protocol: bw+0 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites

Goedemiddag,

Dank je wel voor het toezenden van het e.a.. Ik heb alles uitgevoerd en eindig bij Combofix met het volgende bericht:

Log rapport wordt voorbereid. Start geen andere programma's tot

Combifix klaar is en vervolgens 1 1/2 later heb ik nog geen rapport, blijkt tot 2x toe

dat de PC vast loopt en moet ik het programma uiteindelijk afsluitenv ia Taakbeheer.

Wilt u mij nog een advies geven?

Hierbij voeg ik het nieuwe rapport van Hijack bij na het verwijderen op uw advies:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:50:28, on 2-5-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\KPN Back-up Online\BackupSC.exe

d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\KPN Back-up Online\BackupFP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\ComboFix\CF10980.cfxxe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\ComboFix\grep.cfxxe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Vtune\TBPanel.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [updateReminder] C:\Program Files\Eset\UpdateReminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Trans] C:\Program Files\Trans\trans.exe

O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252011835718

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: offline-8876480 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KPN Back-up Online SC - KPN - C:\Program Files\KPN Back-up Online\BackupSC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 15595 bytes

Bij voorbaat dank,

Shirley

Link naar reactie
Delen op andere sites

Geplaatst: (aangepast)

Het is gelukt in de veilige modus Combofix te draaien.

Hierbij het rapport van Combofix en Hijack:

ComboFix 11-05-01.04 - PC 02-05-2011 17:22:14.4.4 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3326.3020 [GMT 2:00]

Gestart vanuit: c:\documents and settings\PC\Bureaublad\ComboFix.exe

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\docume~1\PC\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\PC\Local Settings\Temp\IadHide5.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))

.

.

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2011-05-02 10:09 . 2011-05-02 10:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ArcSoft

2011-05-02 10:08 . 2011-05-02 10:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-02 10:02 . 2011-05-02 10:02 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-02 06:24 . 2011-05-02 06:24 -------- d-----w- c:\documents and settings\Administrator\PrivacIE

2011-05-02 06:24 . 2011-05-02 10:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP

2011-05-02 05:58 . 2011-05-02 10:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\RST

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite

2011-04-28 05:08 . 2004-10-01 00:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll

2011-04-28 05:07 . 2004-09-30 23:45 229376 ----a-r- c:\windows\system32\hpovst08.dll

2011-04-28 05:07 . 2004-09-30 23:44 581632 ----a-r- c:\windows\system32\hpotscl.dll

2011-04-22 08:25 . 2011-04-22 08:25 1324 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\d3d9caps.tmp

2011-04-12 17:17 . 2011-04-12 17:17 -------- d-sh--w- c:\documents and settings\Han Struijk\IECompatCache

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-03-15 13:27 . 2011-03-15 09:33 20004872 ----a-w- C:\KPNBackupOnline_x86.exe

2011-03-07 05:33 . 2009-09-02 11:06 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2007-10-29 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2007-10-29 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2007-10-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 15:36 . 2010-03-27 16:08 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2010-03-27 16:08 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 13:18 . 2007-10-29 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2007-10-29 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2007-10-29 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2008-04-14 17:02 236544 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:54 . 2007-10-29 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2007-10-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2007-10-29 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2007-10-29 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58 . 2009-09-02 11:05 2067456 ----a-w- c:\windows\system32\mstscax.dll

2010-10-25 11:39 . 2010-10-25 11:39 3845952 ----a-w- c:\program files\filerestoreplus_setup.exe

2010-09-28 09:30 . 2010-09-28 09:30 947592 ----a-w- c:\program files\SkypeSetup.exe

2010-07-09 11:02 . 2010-07-09 11:02 8584120 ----a-w- c:\program files\Babylon8_setup.exe

2010-06-21 18:00 . 2010-06-21 18:00 234966 ----a-w- c:\program files\REST2514.EXE

2008-05-07 03:13 . 2010-04-12 17:50 35816 ----a-r- c:\program files\Setupnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-02-03 2158592]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2010-12-23 12948272]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 39408]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-08-24 32768]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

"VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2010-12-15 12963120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]

"nwiz"="nwiz.exe" [2009-02-19 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-19 86016]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]

"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]

"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 04:39 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Han Struijk\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\PC\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-8-24 450560]

Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 1 (0x1)

"DisableChangePassword"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Start^Programma's^Opstarten^BoostKit.lnk]

path=c:\documents and settings\PC\Menu Start\Programma's\Opstarten\BoostKit.lnk

backup=c:\windows\pss\BoostKit.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]

m‘|\ü [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2009-04-07 13:34 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\Causeway Telematics\\Causeway TMS\\CausewayTMS.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\KPN Back-up Online\\BackupUP.exe"=

"c:\\Program Files\\KPN Back-up Online\\BackupFP.exe"=

"c:\\Program Files\\KPN Back-up Online\\KPNBackupOnline.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2010 11:02 136176]

S2 KPN Back-up Online SC;KPN Back-up Online SC;c:\program files\KPN Back-up Online\BackupSC.exe [15-3-2011 15:27 450560]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008]

S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [4-3-2011 14:31 45344]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2010 11:02 136176]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8-9-2009 21:27 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8-9-2009 21:27 8320]

S3 vfsmrx;vfsmrx;c:\windows\system32\Drivers\vfsmrx.sys --> c:\windows\system32\Drivers\vfsmrx.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2011-04-06 c:\windows\Tasks\FileCure Default.job

- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:02]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:02]

.

2011-04-28 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

.

2011-03-24 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

.

2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{C417543D-F3AB-4BA3-B46A-45DF940A5070}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-Trans - c:\program files\Trans\trans.exe

MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

MSConfigStartUp-Protection Center - c:\program files\Protection Center\cntprot.exe

AddRemove-AVS Document Converter_is1 - c:\program files\AVS4YOU\AVSDocumentConverter\unins000.exe

AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe

AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-02 17:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1220945662-436374069-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Voltooingstijd: 2011-05-02 17:28:51

ComboFix-quarantined-files.txt 2011-05-02 15:28

.

Pre-Run: 5.656.449.024 bytes beschikbaar

Post-Run: 5.617.393.664 bytes beschikbaar

.

- - End Of File - - 0206D861A15FAC3841CA08C0D6BA0A49

HIJACK:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:37:31, on 2-5-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\KPN Back-up Online\BackupSC.exe

d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\KPN Back-up Online\BackupFP.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Vtune\TBPanel.exe

C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252011835718

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: offline-8876480 - {E534DA6D-5136-43CA-B357-C91E6E02743B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: KPN Back-up Online SC - KPN - C:\Program Files\KPN Back-up Online\BackupSC.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 15149 bytes

aangepast door kape
dubbel log verwijderd
Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht … en laat dan even weten hoe het nu met het gemelde probleem staat ?

Link naar reactie
Delen op andere sites

Goede Avond,

Grote klasse alles is weer bijna normaal. Ik heb denk ik door ongemerkt een knop aan te klikken alle tekst op mijn bureaublad bij de snelkoppelingen in een vierkant blauw veldje gekregen. Heb je daar misschien ook nog een oplossing voor?

Nogmaals onwijs bedankt voor alle hulp.

Gezellige avond nog,

Shirley

---------- Post toegevoegd om 19:09 ---------- Vorige post was om 19:09 ----------

ComboFix 11-05-01.04 - PC 02-05-2011 20:32:14.6.4 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3326.3024 [GMT 2:00]

Gestart vanuit: c:\documents and settings\PC\Bureaublad\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

c:\docume~1\PC\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\PC\Local Settings\Temp\IadHide5.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-02 to 2011-05-02 ))))))))))))))))))))))))))))))

.

.

2011-05-02 17:26 . 2011-05-02 17:45 -------- d--h--r- c:\documents and settings\PC\Onlangs geopend

2011-05-02 16:18 . 2011-05-02 16:17 299392 ----a-w- c:\windows\system32\imon.dll

2011-05-02 16:18 . 2011-05-02 16:17 512096 ----a-w- c:\windows\system32\drivers\amon.sys

2011-05-02 16:18 . 2011-05-02 16:17 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer

2011-05-02 10:09 . 2011-05-02 10:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft

2011-05-02 10:09 . 2011-05-02 10:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ArcSoft

2011-05-02 10:08 . 2011-05-02 10:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-02 10:02 . 2011-05-02 10:02 -------- d-----w- c:\windows\system32\wbem\Repository

2011-05-02 06:24 . 2011-05-02 06:24 -------- d-----w- c:\documents and settings\Administrator\PrivacIE

2011-05-02 06:24 . 2011-05-02 10:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP

2011-05-02 05:58 . 2011-05-02 10:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\RST

2011-05-02 05:58 . 2011-05-02 05:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite

2011-04-28 05:08 . 2004-10-01 00:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll

2011-04-28 05:07 . 2004-09-30 23:45 229376 ----a-r- c:\windows\system32\hpovst08.dll

2011-04-28 05:07 . 2004-09-30 23:44 581632 ----a-r- c:\windows\system32\hpotscl.dll

2011-04-22 08:25 . 2011-04-22 08:25 1324 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\d3d9caps.tmp

2011-04-12 17:17 . 2011-04-12 17:17 -------- d-sh--w- c:\documents and settings\Han Struijk\IECompatCache

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-03-15 13:27 . 2011-03-15 09:33 20004872 ----a-w- C:\KPNBackupOnline_x86.exe

2011-03-07 05:33 . 2009-09-02 11:06 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2007-10-29 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2007-10-29 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2007-10-29 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 15:36 . 2010-03-27 16:08 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2010-03-27 16:08 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 13:18 . 2007-10-29 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2007-10-29 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2007-10-29 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 14:44 . 2008-04-14 17:02 236544 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:54 . 2007-10-29 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2007-10-29 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2007-10-29 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2007-10-29 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58 . 2009-09-02 11:05 2067456 ----a-w- c:\windows\system32\mstscax.dll

2010-10-25 11:39 . 2010-10-25 11:39 3845952 ----a-w- c:\program files\filerestoreplus_setup.exe

2010-09-28 09:30 . 2010-09-28 09:30 947592 ----a-w- c:\program files\SkypeSetup.exe

2010-07-09 11:02 . 2010-07-09 11:02 8584120 ----a-w- c:\program files\Babylon8_setup.exe

2010-06-21 18:00 . 2010-06-21 18:00 234966 ----a-w- c:\program files\REST2514.EXE

2008-05-07 03:13 . 2010-04-12 17:50 35816 ----a-r- c:\program files\Setupnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-02-03 2158592]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2010-12-23 12948272]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 39408]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-08-24 32768]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

"VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2010-12-15 12963120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]

"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]

"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-19 13680640]

"nwiz"="nwiz.exe" [2009-02-19 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-19 86016]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]

"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]

"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 04:39 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2011-05-02 950664]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Han Struijk\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\PC\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-8-24 450560]

Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 1 (0x1)

"DisableChangePassword"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Start^Programma's^Opstarten^BoostKit.lnk]

path=c:\documents and settings\PC\Menu Start\Programma's\Opstarten\BoostKit.lnk

backup=c:\windows\pss\BoostKit.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 20:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]

2009-04-07 13:34 642856 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 13:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=

"c:\\Program Files\\Causeway Telematics\\Causeway TMS\\CausewayTMS.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\KPN Back-up Online\\BackupUP.exe"=

"c:\\Program Files\\KPN Back-up Online\\BackupFP.exe"=

"c:\\Program Files\\KPN Back-up Online\\KPNBackupOnline.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2-5-2011 18:18 15424]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 14:16 130384]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2010 11:02 136176]

S2 KPN Back-up Online SC;KPN Back-up Online SC;c:\program files\KPN Back-up Online\BackupSC.exe [15-3-2011 15:27 450560]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008]

S3 CoachVid;CoachVid;c:\windows\system32\drivers\CoachVid.sys [4-3-2011 14:31 45344]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2010 11:02 136176]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [8-9-2009 21:27 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [8-9-2009 21:27 8320]

S3 vfsmrx;vfsmrx;c:\windows\system32\Drivers\vfsmrx.sys --> c:\windows\system32\Drivers\vfsmrx.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 14:16 753504]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2011-04-06 c:\windows\Tasks\FileCure Default.job

- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:02]

.

2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 09:02]

.

2011-05-02 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

.

2011-03-24 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

.

2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{C417543D-F3AB-4BA3-B46A-45DF940A5070}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: c:\windows\system32\imon.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100805101937

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-02 20:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1220945662-436374069-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Voltooingstijd: 2011-05-02 20:41:03

ComboFix-quarantined-files.txt 2011-05-02 18:41

ComboFix2.txt 2011-05-02 15:28

.

Pre-Run: 5.359.812.608 bytes beschikbaar

Post-Run: 5.347.307.520 bytes beschikbaar

.

- - End Of File - - 58E1CDA6F80050AD1D19DEA937DC7FC8

Link naar reactie
Delen op andere sites

Goede Avond,

Grote klasse alles is weer bijna normaal. Ik heb denk ik door ongemerkt een knop aan te klikken alle tekst op mijn bureaublad bij de snelkoppelingen in een vierkant blauw veldje gekregen. Heb je daar misschien ook nog een oplossing voor?

Nogmaals onwijs bedankt voor alle hulp.

Gezellige avond nog,

Shirley

Dit kan veroorzaakt zijn door combofix. In dit geval zal het hersteld worden bij het verwijderen van combofix.

Wacht echter met verwijderen van combofix tot kape het zegt.

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Laat daarna ook nog even weten of de blauwe veldjes nog aanwezig zijn ?

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.