Ga naar inhoud

vervelende storing


Gast henkB

Aanbevolen berichten

Ja, dat is OK. Ik had het al geprobeerd in de veilige modus, maar dat gaat ook niet. Ik heb de orginele schijf, dus als ik het nodig vind kan ik het er weer opzetten. Maar ik denk niet dat ik dat nog wil

Link naar reactie
Delen op andere sites

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop LiveUpdate

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete LiveUpdate

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O24 - Desktop Component 0: (no name) - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Je gelooft get niet, maar het probleem zie ik niet meer komen. Ik heb voor de zekerheid dit programma gedownloaded

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=kb20080710134020EN_EndUserProfile_en_us&lg=english&ct=united+kingdom&ablr=1&product=home&version=current&pvid=f-home&reflang=NLNL

Norton is van mijn schijf verdwenen en ik ben (was al) van dat "geflikker" af.

Jullie allemaal enorm bedankt. Ben enorm blij.

Vr.gr

Henk

Link naar reactie
Delen op andere sites

Logfile Combofix:

ComboFix 12-01-12.02 - Henkie 12-01-2012 17:45:38.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1394 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Henkie\Bureaublad\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: NVIDIA Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Henkie\LOCALS~1\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Henkie\Application Data\facemoods.com

c:\documents and settings\Henkie\Application Data\facemoods.com\facemoods\Online Games.ico

c:\documents and settings\Henkie\Application Data\PriceGong

c:\documents and settings\Henkie\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Henkie\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Henkie\Local Settings\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.1\faCEmoodstlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe

c:\program files\facemoods.com\sqlite3.dll

c:\windows\IsUn0413.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\muzapp.exe

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-12 to 2012-01-12 ))))))))))))))))))))))))))))))

.

.

2012-01-09 19:38 . 2012-01-09 19:38 -------- d-----w- c:\documents and settings\Henkie\Application Data\Malwarebytes

2012-01-09 19:37 . 2012-01-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-09 19:37 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-09 19:37 . 2012-01-09 19:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-08 17:29 . 2012-01-08 17:29 388096 ----a-r- c:\documents and settings\Henkie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-08 17:29 . 2012-01-08 17:29 -------- d-----w- c:\program files\Trend Micro

2012-01-08 15:10 . 2011-11-08 10:39 2078208 ----a-w- c:\windows\system32\Incinerator32.dll

2012-01-08 15:09 . 2010-02-08 20:59 56200 ----a-w- c:\windows\system32\offreg.dll

2012-01-08 15:04 . 2012-01-08 15:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo

2012-01-08 15:04 . 2010-06-18 11:25 94384 ----a-w- c:\windows\system32\IncContxMenu.dll

2012-01-08 15:04 . 2010-06-18 11:25 2325680 ----a-w- c:\windows\system32\Incinerator.dll

2012-01-08 15:03 . 2011-11-08 10:11 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-08 15:03 . 2011-11-08 10:11 11776 ----a-w- c:\windows\system32\smrgdf.exe

2012-01-08 15:02 . 2012-01-08 15:02 -------- d-----w- c:\program files\iolo

2012-01-08 14:29 . 2011-11-23 13:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2012-01-08 14:29 . 2012-01-08 14:29 -------- d-----w- c:\documents and settings\Henkie\Application Data\TuneUp Software

2012-01-08 14:28 . 2012-01-08 14:49 -------- d-----w- c:\program files\TuneUp Utilities 2012

2012-01-08 14:28 . 2012-01-08 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-01-08 14:28 . 2012-01-08 14:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\Common Files\PCSuite

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\Common Files\Nokia

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\PC Connectivity Solution

2011-12-31 11:19 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-12-31 11:19 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-12-31 11:19 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-12-31 11:19 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-12-31 11:19 . 2011-11-01 09:07 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-12-31 11:19 . 2011-11-01 09:07 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-12-31 10:55 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-12-31 10:42 . 2011-12-31 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache

2011-12-23 17:26 . 2011-12-23 17:34 -------- d-----w- c:\documents and settings\Henkie\Local Settings\Application Data\NCH_EN

2011-12-23 17:26 . 2011-12-23 17:26 -------- d-----w- c:\program files\NCH_EN

2011-12-23 17:25 . 2011-12-23 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2011-12-23 17:25 . 2011-12-23 17:26 -------- d-----w- c:\program files\NCH Software

2011-12-23 17:25 . 2012-01-01 10:44 -------- d-----w- c:\documents and settings\Henkie\Application Data\NCH Software

2011-12-23 17:03 . 2011-12-23 17:03 -------- d-----w- c:\documents and settings\Henkie\Application Data\AVS4YOU

2011-12-23 17:01 . 2011-12-23 17:34 -------- d-----w- c:\program files\Common Files\AVSMedia

2011-12-23 17:01 . 2011-12-23 17:34 -------- d-----w- c:\program files\AVS4YOU

2011-12-23 17:01 . 2011-12-23 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 09:07 . 2010-06-15 15:31 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-10-28 05:32 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2008-04-15 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2008-04-14 22:11 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

"{37483B40-C254-4A72-BDA4-22EE90182C1E}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sitecom Wireless Utility.lnk - c:\program files\Sitecom Europe BV\Common\SitecomUI.exe [2010-6-10 1544192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-02-06 14:30 61440 -c--a-r- c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-06-12 14:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2009-05-05 14:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]

2011-12-27 14:21 937360 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2011-12-27 14:21 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2011-12-27 14:21 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2009-04-24 07:06 1062184 -c--a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

2005-04-29 16:22 266240 -c--a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage]

2009-10-19 08:32 5592352 ----a-w- c:\program files\Nuance\OmniPage17\OmniPage17.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-11-15 10:20 77824 -c--a-r- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\csiInstaller\\965D0289-10E1-45ec-B11F-A60AC9AE8D4D\\Installer\\hpbcsiInstaller.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

.

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 8:18 35168]

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30-12-2005 12:12 3072]

R2 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [23-12-2011 18:26 2469380]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16 472280]

R2 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe [27-10-2010 12:02 13824]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [27-10-2010 11:13 145920]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8-1-2012 16:04 722616]

R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [19-6-2011 16:51 2337144]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [23-11-2011 14:15 1510720]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [14-6-2010 11:19 21888]

R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [6-11-2010 15:17 31872]

R3 RT80x86;802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6-6-2010 19:48 579456]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [9-11-2011 9:21 10064]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [12-8-2011 18:24 30312]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12-6-2010 15:28 30192]

S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [19-8-2011 16:08 20504]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12-8-2011 18:24 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12-8-2011 18:24 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12-8-2011 18:24 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [12-8-2011 18:24 114280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-07 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-10 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-11 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-08 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-01 c:\windows\Tasks\debutShakeIcon.job

- c:\program files\NCH Software\Debut\debut.exe [2011-12-23 17:26]

.

2010-09-24 c:\windows\Tasks\Foto's.job

- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2009-04-24 07:06]

.

2011-08-28 c:\windows\Tasks\Henkie NBAgent.job

- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2009-04-24 07:06]

.

2012-01-07 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2011-12-23 17:25]

.

2011-12-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 15:12]

.

2011-12-24 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-23 17:26]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: localhost

TCP: DhcpNameServer = 192.168.1.1

.

.

------- Bestandsassociaties -------

.

JSEFile=NOTEPAD.EXE %1

.txt=UltraEdit.txt

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)

Toolbar-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe

MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-12 17:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

"Appinit_Dlls"="c:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

.

[HKEY_LOCAL_MACHINE\software\Symantec\Base\SecurityInfo]

@DACL=(02 0000)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(740)

c:\windows\system32\nvappfilter.dll

.

- - - - - - - > 'explorer.exe'(5256)

c:\program files\MuvEnum\AddressBar\MuvEnumAddressBar_x86.dll

c:\program files\MuvEnum\AddressBar\BandObjectLib.dll

c:\program files\MuvEnum\AddressBar\ComponentFactory.Krypton.Toolkit.dll

c:\program files\MuvEnum\AddressBar\NLog.dll

c:\program files\MuvEnum\AddressBar\System.Data.SQLite.dll

c:\program files\MuvEnum\AddressBar\Newtonsoft.Json.dll

c:\windows\system32\msi.dll

c:\windows\system32\nvappfilter.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\ewido anti-malware\ewidoctrl.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-12 17:57:34 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-12 16:57

.

Pre-Run: 409.231.519.744 bytes beschikbaar

Post-Run: 409.741.598.720 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 20944837B44D6DC2118B9009648D5294

Logfile Hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:01:40, on 12-1-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\NCH Software\BroadCam\broadcam.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\HP\HPBDSService\HPBDSService.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Sitecom Europe BV\Common\SitecomUI.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom Europe BV\Common\SitecomUI.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadcam.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files\HP\HPBDSService\HPBDSService.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 10014 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::

c:\program files\Ask.com

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Logfile Combofix

ComboFix 12-01-12.02 - Henkie 12-01-2012 18:58:16.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1247 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Henkie\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Henkie\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: NVIDIA Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

FILE ::

"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Henkie\LOCALS~1\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll

c:\documents and settings\Henkie\Local Settings\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll

c:\program files\Ask.com

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\UpdateTask.exe

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-12 to 2012-01-12 ))))))))))))))))))))))))))))))

.

.

2012-01-09 19:38 . 2012-01-09 19:38 -------- d-----w- c:\documents and settings\Henkie\Application Data\Malwarebytes

2012-01-09 19:37 . 2012-01-09 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-09 19:37 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-09 19:37 . 2012-01-09 19:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-08 17:29 . 2012-01-08 17:29 388096 ----a-r- c:\documents and settings\Henkie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-08 17:29 . 2012-01-08 17:29 -------- d-----w- c:\program files\Trend Micro

2012-01-08 15:10 . 2011-11-08 10:39 2078208 ----a-w- c:\windows\system32\Incinerator32.dll

2012-01-08 15:09 . 2010-02-08 20:59 56200 ----a-w- c:\windows\system32\offreg.dll

2012-01-08 15:04 . 2012-01-08 15:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo

2012-01-08 15:04 . 2010-06-18 11:25 94384 ----a-w- c:\windows\system32\IncContxMenu.dll

2012-01-08 15:04 . 2010-06-18 11:25 2325680 ----a-w- c:\windows\system32\Incinerator.dll

2012-01-08 15:03 . 2011-11-08 10:11 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-01-08 15:03 . 2011-11-08 10:11 11776 ----a-w- c:\windows\system32\smrgdf.exe

2012-01-08 15:02 . 2012-01-08 15:02 -------- d-----w- c:\program files\iolo

2012-01-08 14:29 . 2011-11-23 13:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2012-01-08 14:29 . 2012-01-08 14:29 -------- d-----w- c:\documents and settings\Henkie\Application Data\TuneUp Software

2012-01-08 14:28 . 2012-01-08 14:49 -------- d-----w- c:\program files\TuneUp Utilities 2012

2012-01-08 14:28 . 2012-01-08 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2012-01-08 14:28 . 2012-01-08 14:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\Common Files\PCSuite

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\Common Files\Nokia

2011-12-31 11:20 . 2011-12-31 11:20 -------- d-----w- c:\program files\PC Connectivity Solution

2011-12-31 11:19 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2011-12-31 11:19 . 2011-11-01 09:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2011-12-31 11:19 . 2011-11-01 09:07 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2011-12-31 11:19 . 2011-11-01 09:07 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2011-12-31 11:19 . 2011-11-01 09:07 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll

2011-12-31 11:19 . 2011-11-01 09:07 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2011-12-31 10:55 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2011-12-31 10:42 . 2011-12-31 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache

2011-12-23 17:26 . 2011-12-23 17:34 -------- d-----w- c:\documents and settings\Henkie\Local Settings\Application Data\NCH_EN

2011-12-23 17:26 . 2011-12-23 17:26 -------- d-----w- c:\program files\NCH_EN

2011-12-23 17:25 . 2011-12-23 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2011-12-23 17:25 . 2011-12-23 17:26 -------- d-----w- c:\program files\NCH Software

2011-12-23 17:25 . 2012-01-01 10:44 -------- d-----w- c:\documents and settings\Henkie\Application Data\NCH Software

2011-12-23 17:03 . 2011-12-23 17:03 -------- d-----w- c:\documents and settings\Henkie\Application Data\AVS4YOU

2011-12-23 17:01 . 2011-12-23 17:34 -------- d-----w- c:\program files\Common Files\AVSMedia

2011-12-23 17:01 . 2011-12-23 17:34 -------- d-----w- c:\program files\AVS4YOU

2011-12-23 17:01 . 2011-12-23 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe

2011-11-04 19:13 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:25 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2011-11-03 15:29 . 2008-04-15 12:00 386560 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:29 . 2008-04-15 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll

2011-11-01 16:07 . 2008-04-15 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll

2011-11-01 09:07 . 2010-06-15 15:31 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2011-10-28 05:32 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-26 10:50 . 2008-04-15 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 10:50 . 2008-04-14 22:11 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-15 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-12_16.53.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-12 16:53 . 2012-01-12 18:03 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-12 16:53 . 2012-01-12 16:52 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2012-01-12 16:53 . 2012-01-12 16:52 16384 c:\windows\Temp\History\History.IE5\index.dat

+ 2012-01-12 16:53 . 2012-01-12 18:03 16384 c:\windows\Temp\History\History.IE5\index.dat

+ 2012-01-12 16:53 . 2012-01-12 18:03 16384 c:\windows\Temp\Cookies\index.dat

- 2012-01-12 16:53 . 2012-01-12 16:52 16384 c:\windows\Temp\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sitecom Wireless Utility.lnk - c:\program files\Sitecom Europe BV\Common\SitecomUI.exe [2010-6-10 1544192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-02-06 14:30 61440 -c--a-r- c:\program files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-06-12 14:28 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2009-05-05 14:06 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]

2011-12-27 14:21 937360 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2011-12-27 14:21 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2011-12-27 14:21 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:33 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2009-04-24 07:06 1062184 -c--a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]

2005-04-29 16:22 266240 -c--a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prelaunch OmniPage]

2009-10-19 08:32 5592352 ----a-w- c:\program files\Nuance\OmniPage17\OmniPage17.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2004-11-15 10:20 77824 -c--a-r- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\HP\\csiInstaller\\965D0289-10E1-45ec-B11F-A60AC9AE8D4D\\Installer\\hpbcsiInstaller.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server

"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server

.

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 8:18 35168]

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [30-12-2005 12:12 3072]

R2 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [23-12-2011 18:26 2469380]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-10-2009 8:16 472280]

R2 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe [27-10-2010 12:02 13824]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [27-10-2010 11:13 145920]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8-1-2012 16:04 722616]

R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [19-6-2011 16:51 2337144]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [23-11-2011 14:15 1510720]

R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [14-6-2010 11:19 21888]

R3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [6-11-2010 15:17 31872]

R3 RT80x86;802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6-6-2010 19:48 579456]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [9-11-2011 9:21 10064]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [12-8-2011 18:24 30312]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12-6-2010 15:28 30192]

S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [19-8-2011 16:08 20504]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9-1-2010 20:37 4640000]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [12-8-2011 18:24 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [12-8-2011 18:24 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [12-8-2011 18:24 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [12-8-2011 18:24 114280]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-07 c:\windows\Tasks\At1.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-10 c:\windows\Tasks\At2.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-11 c:\windows\Tasks\At3.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-08 c:\windows\Tasks\At4.job

- c:\program files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22 06:18]

.

2012-01-01 c:\windows\Tasks\debutShakeIcon.job

- c:\program files\NCH Software\Debut\debut.exe [2011-12-23 17:26]

.

2010-09-24 c:\windows\Tasks\Foto's.job

- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2009-04-24 07:06]

.

2011-08-28 c:\windows\Tasks\Henkie NBAgent.job

- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2009-04-24 07:06]

.

2012-01-07 c:\windows\Tasks\prismShakeIcon.job

- c:\program files\NCH Software\Prism\prism.exe [2011-12-23 17:25]

.

2011-12-24 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-23 17:26]

.

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: localhost

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-01-12 19:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

"Appinit_Dlls"="c:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

.

[HKEY_LOCAL_MACHINE\software\Symantec\Base\SecurityInfo]

@DACL=(02 0000)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'lsass.exe'(740)

c:\windows\system32\nvappfilter.dll

.

- - - - - - - > 'explorer.exe'(6028)

c:\program files\MuvEnum\AddressBar\MuvEnumAddressBar_x86.dll

c:\program files\MuvEnum\AddressBar\BandObjectLib.dll

c:\program files\MuvEnum\AddressBar\ComponentFactory.Krypton.Toolkit.dll

c:\program files\MuvEnum\AddressBar\NLog.dll

c:\program files\MuvEnum\AddressBar\System.Data.SQLite.dll

c:\program files\MuvEnum\AddressBar\Newtonsoft.Json.dll

c:\windows\system32\msi.dll

c:\windows\system32\nvappfilter.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\program files\ewido anti-malware\ewidoctrl.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\TeamViewer\Version6\TeamViewer.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-12 19:07:12 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-12 18:07

ComboFix2.txt 2012-01-12 16:57

.

Pre-Run: 409.625.702.400 bytes beschikbaar

Post-Run: 409.622.777.856 bytes beschikbaar

.

- - End Of File - - A3EC03BC59D993B041B3BD439F08C57B

Link naar reactie
Delen op andere sites

Ik zie geen "flitsen" meer, de pc start normaal, maar soms "bevriest" het scherm als ik een aantal handelingen wil plegen. Helemaal ok is hij dus niet. Laat maar horen wat ik moet doen

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.