hijack this logfile

[Michiel1982]

Wederom bedankt,

Hierbij zoals verzocht.

ComboFix 12-10-24.02 - Michiel 24-10-2012 19:26:30.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2046.713 [GMT 2:00]

Gestart vanuit: c:\users\Michiel\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Michiel\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-24 to 2012-10-24 ))))))))))))))))))))))))))))))

.

.

2012-10-24 17:41 . 2012-10-24 17:41 -------- d-----w- c:\users\Test\AppData\Local\temp

2012-10-24 17:41 . 2012-10-24 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-24 00:33 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E52C2443-FBBC-4808-8265-BBE8B52537B5}\mpengine.dll

2012-10-15 17:47 . 2012-10-15 17:47 -------- d-----w- c:\program files\OnlineHD.TV

2012-10-15 17:43 . 2012-10-15 17:43 -------- d-----w- c:\program files\uTorrent

2012-10-14 13:53 . 2012-10-14 13:53 -------- d-----w- c:\program files\7-Zip

2012-10-14 13:53 . 2012-10-14 13:53 -------- d-----w- c:\program files\FilesFrog Update Checker

2012-10-14 13:53 . 2012-10-15 17:48 -------- d-----w- c:\windows\system32\ARFC

2012-10-14 13:53 . 2012-10-02 15:20 1008496 ----a-w- c:\windows\system32\dmwu.exe

2012-10-14 13:53 . 2012-10-02 15:18 28160 ----a-w- c:\windows\system32\ImHttpComm.dll

2012-10-14 13:53 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll

2012-10-14 13:53 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll

2012-10-14 13:53 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll

2012-10-14 13:53 . 2012-10-16 18:24 -------- d-----w- c:\windows\system32\WNLT

2012-10-14 13:53 . 2012-10-23 17:22 -------- d-----w- c:\program files\IB Updater

2012-10-11 18:45 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 18:45 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll

2012-10-11 18:45 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-11 18:45 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-11 18:44 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-11 18:43 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-11 18:43 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-07 13:53 . 2012-10-07 13:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-07 13:51 . 2012-05-05 20:06 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-07 13:51 . 2012-05-05 20:06 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-07 15:04 . 2011-05-16 17:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-24 06:59 . 2012-09-24 01:01 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-24 01:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-24 01:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-24 01:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-24 01:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-24 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-24 00:21 . 2012-05-05 20:18 865904 ----a-w- c:\program files\toolbar2.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-10-15 963984]

"SDP"="c:\program files\FilesFrog Update Checker\update_checker.exe" [2012-10-03 201808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-19 30192]

"OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-06-18 36864]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]

"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]

.

c:\users\Michiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-7-7 487424]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

Wireless Configuration Utility.lnk - c:\program files\Thomson\TG122n\WlanCU.exe [2011-11-14 520192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 16:04]

.

2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-12 16:04]

.

2012-10-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]

.

2012-10-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=2080131

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-10-24 19:41

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-10-24 19:44:29

ComboFix-quarantined-files.txt 2012-10-24 17:44

ComboFix2.txt 2012-10-23 17:46

.

Pre-Run: 146.487.791.616 bytes beschikbaar

Post-Run: 146.451.963.904 bytes beschikbaar

.

- - End Of File - - E5D4F0731877701CA53411EF12336195

[kape]

Dit ziet er netjes uit. Hoe staat het nu met de snelheid en met de problemen met de plugins ?

[Michiel1982]

Hoi Kape,

Ja eigenlijk nog steeds die problemen, vastlopen van de plugins of de computer zelf.

snelheid is wel verbeterd.

Wat nu te doen ?

Alvast bedankt.

[kape]

Heb je al eens alle plugins verwijderd ? Wat is dan het resultaat ?

Je kan ze daarna opnieuw één na één downloaden (om eventueel de boosdoener te kunnen ontdekken).

[Michiel1982]

Hoi ,

das best vlot,

Ik zou niet weten hoe ik met die plugins zou moeten beginnen..

Jij enig idee?

Het is vaak de plug in melding van internet bij livestream

[kape]

Chrome is toch je standaardbrowser, niet ? Ga dan rechtsboven in Chrome naar Instellingen en kies daar voor Extensies. Daar zouden ze moeten aanwezig zijn.