Skytje

die map heb ik nu ook verwijderd. ik denk dat mijn laptop nu wel zo goed als malware vrij is! laptop is nog steeds traag, maar dat was het al een tijdje dus denk niet perse een malware probleem. google geeft nu ook geen redirects meer, al paar dagen geen foutmeldingen gekregen en het blijkt dat ik nu weer mijn firefox homepage kan veranderen! Kan ik nu het beste weer AVG op zetten? thnx voor de hulp

het is gelukt om de mappen te verwijderen incl. in de prullenbak. ik zie nog wel found.000 moet ik die ook verwijderen?

ComboFix 11-06-15.04 - XXX 16-06-2011 21:09:51.2.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.2046.1317 [GMT 2:00] Gestart vanuit: c:\documents and settings\XXX\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\XXX\Bureaublad\CFScript.txt . FILE :: "C:\FOUND.001" "C:\FOUND.002" "C:\FOUND.003" "C:\FOUND.004" "C:\FOUND.005" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\MFAData c:\documents and settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log c:\documents and settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log.lock c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110604-163016.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-171803.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-173522.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-184808.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-185319.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-190001.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-190255.log c:\documents and settings\All Users\Application Data\MFAData\logs\mfa-20110615-191113.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110604-163016.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-171803.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-173522.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-184808.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-185319.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-190001.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-190255.log c:\documents and settings\All Users\Application Data\MFAData\logs\msi-20110615-191113.log c:\documents and settings\All Users\Application Data\MFAData\mfaurlconf.ini c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\dm_marketing_message-hi.html c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_LinkScanner.html c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Smart-Scanning.html c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Installation-Page_Social-Networking.html c:\documents and settings\All Users\Application Data\MFAData\mkt\hi\Toolbar_wotoolbar.html c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\dm_marketing_message-nl.html c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_LinkScanner.html c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_Smart-Scanning.html c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Installation-Page_Social-Networking.html c:\documents and settings\All Users\Application Data\MFAData\mkt\nl\Toolbar_wotoolbar.html c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner-style.css c:\documents and settings\All Users\Application Data\MFAData\mkt\res\LinkScanner.jpg c:\documents and settings\All Users\Application Data\MFAData\mkt\res\OK.png c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Smart-Scanning.jpg c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SmartScanning-style.css c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Social-Networking.jpg c:\documents and settings\All Users\Application Data\MFAData\mkt\res\SocialNetworking-style.css c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Toolbar-Selected.jpg c:\documents and settings\All Users\Application Data\MFAData\mkt\res\Toolbar-Unselected.jpg c:\documents and settings\All Users\Application Data\MFAData\mkt\res\ToolbarSelected-style.css c:\documents and settings\All Users\Application Data\MFAData\mkt\res\ToolbarUnselected-style.css c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antirkx1382nz.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10antivirx1382ma.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avgx1382xa.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10avisx1382nr.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10basex1382xu.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10emailsx1382yx.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10guix1382xn.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idatx1382lv.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10idpx1382fj.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10lng_nlx1382ke.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10lng_usx1382jy.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10onlnscx1382qy.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10rdstx1382wo.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10resshldx1382va.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10srchsrfx1382zb.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10sshttpbx1382ji.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tdidrvx1382ir.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10tuneupx1382oc.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10update2x1382pr.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10updatex1382tm.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\f10xplx1382qx.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_lic8mi.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_mis36lo.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\foi10free_mps31xa.bin c:\documents and settings\All Users\Application Data\MFAData\pack\bins\w10corex1511ik.bin c:\documents and settings\All Users\Application Data\MFAData\public_installation_log.xml c:\documents and settings\All Users\Application Data\MFAData\state.dat c:\documents and settings\XXX\Application Data\Evfop c:\documents and settings\XXX\Application Data\Ysyhid c:\documents and settings\XXX\Application Data\Ysyhid\aghu.dat . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))) . . 2011-06-12 17:49 . 2011-06-12 17:49 -------- d--h--r- c:\documents and settings\XXX\Onlangs geopend 2011-06-12 17:40 . 2011-06-12 17:40 -------- d-----w- c:\program files\CCleaner 2011-06-12 13:06 . 2011-06-12 13:06 -------- d-----w- c:\program files\SUPERANTISPYWARE 2011-06-12 12:16 . 2011-06-12 12:16 -------- d-----w- C:\FOUND.005 2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\XXX\Application Data\SUPERAntiSpyware.com 2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-08 20:37 . 2011-06-08 20:37 388096 ----a-r- c:\documents and settings\XXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 20:37 . 2011-06-08 20:37 -------- d-----w- c:\program files\Trend Micro 2011-06-07 22:48 . 2011-06-07 22:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-06-04 16:37 . 2011-06-04 16:37 -------- d-----w- C:\$AVG 2011-06-04 16:36 . 2011-06-04 16:36 -------- d-----w- c:\documents and settings\XXX\Application Data\AVG10 2011-06-04 16:34 . 2011-06-04 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-06-04 16:32 . 2011-06-04 16:33 -------- d-----w- c:\program files\AVG 2011-06-03 15:24 . 2011-06-03 15:24 -------- d-----w- c:\program files\Common Files\Adobe 2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\NetworkService\Menu Start 2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\Default User\Tracing 2011-05-28 18:01 . 2011-05-28 18:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-27 16:47 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe 2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- C:\FOUND.004 2011-05-25 21:41 . 2011-05-25 21:41 -------- d-----w- C:\FOUND.003 2011-05-24 22:02 . 2011-05-24 22:02 -------- d-----w- C:\FOUND.002 2011-05-24 21:28 . 2011-05-24 21:29 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2011-05-22 15:36 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll 2011-05-22 15:31 . 2011-05-22 15:31 -------- d-----w- c:\windows\system32\autorun 2011-05-20 19:45 . 2011-05-20 19:45 -------- d-----w- c:\program files\Free Window Registry Repair 2011-05-20 19:04 . 2011-05-20 19:04 -------- d-----w- c:\documents and settings\XXX\Local Settings\Application Data\PackageAware 2011-05-20 18:13 . 2011-05-20 18:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2011-05-20 13:43 . 2011-05-20 13:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-05-19 21:51 . 2011-05-19 21:51 31864 ----a-w- C:\symlcsv1.exe 2011-05-19 21:48 . 2011-05-19 21:48 -------- d-----w- C:\FOUND.001 2011-05-19 19:49 . 2011-05-19 19:49 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2011-05-18 22:00 . 2011-05-18 22:00 -------- d-----w- c:\documents and settings\XXX\Application Data\Malwarebytes 2011-05-18 21:59 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-18 21:59 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-18 21:54 . 2011-05-18 21:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-05-18 21:54 . 2011-05-18 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-02 21:26 . 2011-04-03 12:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 3080704] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-03-31 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 08:32 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816] "Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-02 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\XXX\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\PPStream\\PPStream.exe"= "c:\\Program Files\\PPStream\\PPSAP.exe"= "c:\\Program Files\\PPSGame\\PPSGame.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27075:TCP"= 27075:TCP:BitComet 27075 TCP "27075:UDP"= 27075:UDP:BitComet 27075 UDP "18453:TCP"= 18453:TCP:BitComet 18453 TCP "18453:UDP"= 18453:UDP:BitComet 18453 UDP "1247:TCP"= 1247:TCP:@xpsp2res.dll,-22009 . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31-7-2008 20:45 20616] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9-9-2010 0:39 691696] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1-8-2008 15:55 143467] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16-9-2010 14:06 80896] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2-7-2008 14:58 26248] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30-11-2005 5:28 1097472] S2 mlorugno;IP Traffic Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [2-9-2004 13:00 14336] S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25-8-2005 20:10 509312] S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24-8-2005 7:07 692992] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5-11-2010 16:09 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22-6-2010 18:01 21248] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs mlorugno . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden via Bericht(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm IE: Verzenden via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm Trusted Zone: security_PPStream.exe TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\XXX\Application Data\Mozilla\Firefox\Profiles\hutknvp9.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxps://www.facebook.com FF - user.js: browser.startup.page - 1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-16 21:14 Windows 5.1.2600 Service Pack 2 FAT NTAPI . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\Ati2evxx.dll c:\windows\system32\igfxdev.dll . Voltooingstijd: 2011-06-16 21:15:33 ComboFix-quarantined-files.txt 2011-06-16 19:15 ComboFix2.txt 2011-06-15 19:41 . Pre-Run: 17.075.961.856 bytes beschikbaar Post-Run: 17.049.944.064 bytes beschikbaar . - - End Of File - - 9E820690808959EC23624C6DA2DAA753

thnx het is gelukt Hierbij mijn combofix logje: ComboFix 11-06-15.02 - XXX 15-06-2011 21:31:42.1.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.2046.1254 [GMT 2:00] Gestart vanuit: c:\documents and settings\XXX\Bureaublad\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\XXX\Application Data\Adobe\plugs c:\documents and settings\XXX\Application Data\Adobe\shed c:\documents and settings\XXX\Application Data\FFSJ c:\documents and settings\XXX\Application Data\FFSJ\FFSJ.cfg c:\documents and settings\XXX\Application Data\SQLite3.dll c:\program files\Downloaded Installers c:\program files\Downloaded Installers\{3574C47D-F09D-4DDA-8DBD-031D246643F5}\setup.msi c:\windows\Install c:\windows\system\msvcr71.dll c:\windows\system32\autorun.ini c:\windows\system32\tmp.tmp c:\windows\system32\WanPacket.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-15 to 2011-06-15 )))))))))))))))))))))))))))))) . . 2011-06-12 17:49 . 2011-06-12 17:49 -------- d--h--r- c:\documents and settings\XXX\Onlangs geopend 2011-06-12 17:40 . 2011-06-12 17:40 -------- d-----w- c:\program files\CCleaner 2011-06-12 13:06 . 2011-06-12 13:06 -------- d-----w- c:\program files\SUPERANTISPYWARE 2011-06-12 12:16 . 2011-06-12 12:16 -------- d-----w- C:\FOUND.005 2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\XXX\Application Data\SUPERAntiSpyware.com 2011-06-12 12:06 . 2011-06-12 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-08 20:37 . 2011-06-08 20:37 388096 ----a-r- c:\documents and settings\XXX\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-08 20:37 . 2011-06-08 20:37 -------- d-----w- c:\program files\Trend Micro 2011-06-07 22:48 . 2011-06-07 22:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-06-04 16:37 . 2011-06-04 16:37 -------- d-----w- C:\$AVG 2011-06-04 16:36 . 2011-06-04 16:36 -------- d-----w- c:\documents and settings\XXX\Application Data\AVG10 2011-06-04 16:34 . 2011-06-04 16:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-06-04 16:32 . 2011-06-04 16:33 -------- d-----w- c:\program files\AVG 2011-06-04 16:30 . 2011-06-04 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-06-04 16:05 . 2011-06-04 16:05 -------- d-----w- c:\documents and settings\XXX\Application Data\Ysyhid 2011-06-04 16:05 . 2011-06-04 16:05 -------- d-----w- c:\documents and settings\XXX\Application Data\Evfop 2011-06-03 15:24 . 2011-06-03 15:24 -------- d-----w- c:\program files\Common Files\Adobe 2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\NetworkService\Menu Start 2011-06-03 14:39 . 2011-06-03 14:39 -------- d-----w- c:\documents and settings\Default User\Tracing 2011-05-28 18:01 . 2011-05-28 18:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-27 16:47 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe 2011-05-26 19:08 . 2011-05-26 19:08 -------- d-----w- C:\FOUND.004 2011-05-25 21:41 . 2011-05-25 21:41 -------- d-----w- C:\FOUND.003 2011-05-24 22:02 . 2011-05-24 22:02 -------- d-----w- C:\FOUND.002 2011-05-24 21:28 . 2011-05-24 21:29 -------- d-----r- c:\documents and settings\NetworkService\Favorieten 2011-05-22 15:36 . 2005-10-31 16:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll 2011-05-22 15:31 . 2011-05-22 15:31 -------- d-----w- c:\windows\system32\autorun 2011-05-20 19:45 . 2011-05-20 19:45 -------- d-----w- c:\program files\Free Window Registry Repair 2011-05-20 19:04 . 2011-05-20 19:04 -------- d-----w- c:\documents and settings\XXX\Local Settings\Application Data\PackageAware 2011-05-20 18:13 . 2011-05-20 18:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2011-05-20 13:43 . 2011-05-20 13:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-05-19 21:51 . 2011-05-19 21:51 31864 ----a-w- C:\symlcsv1.exe 2011-05-19 21:48 . 2011-05-19 21:48 -------- d-----w- C:\FOUND.001 2011-05-19 19:49 . 2011-05-19 19:49 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2011-05-18 22:00 . 2011-05-18 22:00 -------- d-----w- c:\documents and settings\XXX\Application Data\Malwarebytes 2011-05-18 21:59 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-18 21:59 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-18 21:59 . 2011-05-18 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-18 21:54 . 2011-05-18 21:54 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-05-18 21:54 . 2011-05-18 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-02 21:26 . 2011-04-03 12:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-02 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-02 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-02 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-02 118784] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 352256] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 3080704] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-03-31 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 08:32 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816] "Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-08-18 249856] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-02 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe" [2010-11-14 233936] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Documents and Settings\\XXX\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= "c:\\Program Files\\PPStream\\PPStream.exe"= "c:\\Program Files\\PPStream\\PPSAP.exe"= "c:\\Program Files\\PPSGame\\PPSGame.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27075:TCP"= 27075:TCP:BitComet 27075 TCP "27075:UDP"= 27075:UDP:BitComet 27075 UDP "18453:TCP"= 18453:TCP:BitComet 18453 TCP "18453:UDP"= 18453:UDP:BitComet 18453 UDP "1247:TCP"= 1247:TCP:@xpsp2res.dll,-22009 . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31-7-2008 20:45 20616] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9-9-2010 0:39 691696] R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [1-8-2008 15:55 143467] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [16-9-2010 14:06 80896] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2-7-2008 14:58 26248] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [30-11-2005 5:28 1097472] S2 mlorugno;IP Traffic Filter Controller;c:\windows\System32\svchost.exe -k netsvcs [2-9-2004 13:00 14336] S3 AVerE506;AVerE506 service;c:\windows\system32\drivers\AVerE506.sys [25-8-2005 20:10 509312] S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24-8-2005 7:07 692992] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5-11-2010 16:09 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22-6-2010 18:01 21248] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs mlorugno . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ uInternet Settings,ProxyOverride = local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Verzenden via Bericht(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm IE: Verzenden via Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm Trusted Zone: security_PPStream.exe FF - ProfilePath - c:\documents and settings\XXX\Application Data\Mozilla\Firefox\Profiles\hutknvp9.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: browser.startup.homepage - hxxps://www.facebook.com FF - user.js: browser.startup.page - 1 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKU-Default-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-06-15 21:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Ñw*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(908) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(7908) c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsMobileSDK.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\acer\Empowering Technology\ePower\SysHook.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\windows\system32\Ati2evxx.exe c:\acer\Empowering Technology\admServ.exe c:\windows\eHome\ehmsas.exe c:\windows\RTHDCPL.EXE c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\windows\system32\wscntfy.exe c:\docume~1\HOCHI~1\LOCALS~1\Temp\RtkBtMnt.exe c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\windows\system32\dllhost.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe . ************************************************************************** . Voltooingstijd: 2011-06-15 21:41:01 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-15 19:41 . Pre-Run: 15.776.153.600 bytes beschikbaar Post-Run: 16.892.755.968 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - B84297E927D0CDBD4F6E9E77F8AE5732

is er een manier om AVG gedeinstalleerd te krijgen? via configuratiescherm lukt het mij namelijk niet. ik krijg een of andere error..

Bedankt ik heb CCleaner gedownload en mijn laptop laten scannen. Echter denk ik dat ik nog steeds last heb van malware/adware. Ik heb sterk het vermoeden dat er een google redirect virus oid op mijn laptop zit. ik denk dat het met combofix wel op te lossen is? nogmaals dank!

AVG is gestopt met het geven van meldingen van setup.exe trojans! Ik had nog steeds het gevoel dat ik last had van adware, malware en spyware. Dus heb ik even superantispyware gedownload en mijn laptop laten scannen. daarbij zijn er flink wat bedreigingen gevonden en die ik heb laten verwijderen.

Deze twee zie ik er niet meer tussenstaan: O4 - .DEFAULT Startup: qipe.exe (User 'Default user') O4 - .DEFAULT User Startup: qipe.exe (User 'Default user') Er is geen speciale reden dat ik SP3 niet heb geinstalleerd eigenlijk, had het wel voordat ik mijn laptop had hersteld met originele instellingen (de acer recovery blijkt nu niet meer te werken, anders had ik dat allang al gedaan. maar dit is weer een ander probleem..) HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:40:42, on 11-6-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\Program Files\AVG\AVG10\AVGCHSVX.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PPStream\ppsap.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Acer\Empowering Technology\admServ.exe C:\DOCUME~1\HOCHI~1\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\AVG\AVG10\AVGRSX.EXE C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer.com Worldwide - Select your local country or region R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden via Bericht(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O8 - Extra context menu item: Verzenden via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11968 bytes Malwarebytes log: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6772 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 11-6-2011 13:19:27 mbam-log-2011-06-11 (13-19-27).txt Scantype: Snelle scan Objecten gescand: 183316 Verstreken tijd: 11 minuut/minuten, 17 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 2 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) thnx!

Hallo allemaal, Vorige week had ik last bekende malware problemen zoals malware doctor en whitesmoke. Ik dacht dat ik dat toen had opgelost doormiddel van malwarebyte en AVG. Maar sinds enkele dagen heb ik hetzelfde probleem als de gebruiker in dit topic: http://www.pc-helpforum.be/f163/pc-traag-waarschuwingen-van-avg-33176/ Trage pc en rare meldingen dus. Ik weet niet of ik de stappen in dat topic kan volgen om dit op te lossen of dat jullie mij kunnen helpen. Verder heb ik ook last van het feit dat ik in mijn firefox mijn startpagina niet meer kan wijzigen. Sinds kort staat dit standaard op facebook.com. Bij het inloggen op facebook werd ik geredirect naar een nep facebook pagina waar ik credit card gegevens etc moest invoeren. Ik denk dat dit nu opgelost is, maar nu heb ik dus last van het startpagina probleem Alvast bedankt voor de hulp! Hier is alvast mijn HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:24:53, on 8-6-2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\Program Files\AVG\AVG10\AVGCHSVX.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PPStream\ppsap.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\AVG\AVG10\AVGRSX.EXE C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\HTC\HTC Sync\Sync Manager\syncindicator.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer.com Worldwide - Select your local country or region R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [btTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user') O4 - S-1-5-20 Startup: Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe (User 'Netwerkservice') O4 - S-1-5-18 Startup: qipe.exe (User 'SYSTEM') O4 - .DEFAULT Startup: qipe.exe (User 'Default user') O4 - .DEFAULT User Startup: qipe.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden via Bericht(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O8 - Extra context menu item: Verzenden via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://list1.111222.cn O15 - Trusted Zone: PPS O15 - Trusted Zone: http://list1.pps.tv O15 - Trusted Zone: ? O15 - Trusted Zone: ? O15 - Trusted Zone: http://list1.ppstream.com O15 - Trusted Zone: ppstream O15 - Trusted Zone: http://xml1.ppstream.com O15 - Trusted Zone: http://xml2.ppstream.com O15 - Trusted Zone: http://xml3.ppstream.com O15 - Trusted Zone: http://list1.ppstream.net O15 - Trusted Zone: http://list1.ppstv.com O15 - Trusted Zone: http://list1.ppstv.net O15 - ESC Trusted Zone: http://list1.111222.cn O15 - ESC Trusted Zone: PPS O15 - ESC Trusted Zone: http://list1.pps.tv O15 - ESC Trusted Zone: ? O15 - ESC Trusted Zone: ? O15 - ESC Trusted Zone: http://list1.ppstream.com O15 - ESC Trusted Zone: ppstream O15 - ESC Trusted Zone: http://xml1.ppstream.com O15 - ESC Trusted Zone: http://xml2.ppstream.com O15 - ESC Trusted Zone: http://xml3.ppstream.com O15 - ESC Trusted Zone: http://list1.ppstream.net O15 - ESC Trusted Zone: http://list1.ppstv.com O15 - ESC Trusted Zone: http://list1.ppstv.net O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 13992 bytes